1. Cross-site scripting (reflected)
2. Cookie without HttpOnly flag set
3. Cross-domain script include
4. Content type incorrectly stated
Severity: | Low |
Confidence: | Certain |
Host: | http://www.foxnews.mobi |
Path: | /scitech/quickPage.html |
GET /scitech/quickPage.html HTTP/1.1 Host: www.foxnews.mobi Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://www.google.com |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-transform Content-Type: text/html;charset=UTF-8 Content-Language: en-US Date: Sun, 17 Apr 2011 20:29:33 GMT Content-Length: 23560 Connection: close Set-Cookie: DACustomerId=9c70069f Set-Cookie: JSESSIONID=332941072 Set-Cookie: JSESSIONID=332941072 Set-Cookie: JSESSIONID=332941072 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.1//EN" "http://www.openmobi <html> <head> <title>FOX News ...[SNIP]... <img id="omniture_link" src="http://foxnewsmobile ...[SNIP]... |
Severity: | Low |
Confidence: | Firm |
Host: | http://www.foxnews.mobi |
Path: | /scitech/quickPage.html |
GET /scitech/quickPage.html HTTP/1.1 Host: www.foxnews.mobi Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-transform Content-Type: text/html;charset=UTF-8 Content-Language: en-US Date: Sun, 17 Apr 2011 20:29:27 GMT Content-Length: 23477 Connection: close Set-Cookie: DACustomerId=a4adf1c9 Set-Cookie: JSESSIONID=A8DFF6213 Set-Cookie: JSESSIONID=A8DFF6213 Set-Cookie: JSESSIONID=A8DFF6213 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.1//EN" "http://www.openmobi <html> <head> <title>FOX News ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.foxnews.mobi |
Path: | /scitech/quickPage.html |
GET /scitech/quickPage.html HTTP/1.1 Host: www.foxnews.mobi Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-transform Content-Type: text/html;charset=UTF-8 Content-Language: en-US Date: Sun, 17 Apr 2011 20:29:27 GMT Content-Length: 23477 Connection: close Set-Cookie: DACustomerId=a4adf1c9 Set-Cookie: JSESSIONID=A8DFF6213 Set-Cookie: JSESSIONID=A8DFF6213 Set-Cookie: JSESSIONID=A8DFF6213 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.1//EN" "http://www.openmobi <html> <head> <title>FOX News ...[SNIP]... </script> <script type="text/javascript" src="http://a.ringle ...[SNIP]... |
Severity: | Information |
Confidence: | Firm |
Host: | http://www.foxnews.mobi |
Path: | /favicon.ico |
GET /favicon.ico HTTP/1.1 Host: www.foxnews.mobi Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: preferredMarkup=xhtml; JSESSIONID=BA757D9D4 |
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 ETag: W/"140-1297460046000" Last-Modified: Fri, 11 Feb 2011 21:34:06 GMT Content-Length: 140 Content-Type: text/plain; charset=UTF-8 Date: Sun, 17 Apr 2011 22:28:39 GMT Connection: close .PNG . ...IHDR.............(-.S... |