1. Cross-site scripting (reflected)
1.2. http://www.bbc.co.uk/news/technology-12126880 [Referer HTTP header]
2. Cookie scoped to parent domain
3. Cross-domain script include
4. Cookie without HttpOnly flag set
Severity: | High |
Confidence: | Certain |
Host: | http://www.bbc.co.uk |
Path: | /news/technology-12126880 |
GET /news/technology-12126880 Host: www.bbc.co.uk Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Server: Apache Cache-Control: max-age=0 Content-Type: text/html Date: Sun, 09 Jan 2011 01:38:47 GMT Keep-Alive: timeout=10, max=777 Expires: Sun, 09 Jan 2011 01:38:47 GMT Connection: close Set-Cookie: BBC-UID=b47de209f191 Set-Cookie: BBC-UID=b47de209f191 Content-Length: 58609 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp <html xmlns="http://www.w3.org ...[SNIP]... <!-- bbc.fmtj.page = { serverTime: 1294537127000, editionToServe: 'us', queryString: 'b916d'-alert(1)- referrer: null, section: 'technology', sectionPath: '/Technology', siteName: 'BBC News', siteToServe: 'news', siteVersion: 'cream', storyId: '12126880', assetType: 'story', ...[SNIP]... |
Severity: | Low |
Confidence: | Certain |
Host: | http://www.bbc.co.uk |
Path: | /news/technology-12126880 |
GET /news/technology-12126880 HTTP/1.1 Host: www.bbc.co.uk Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://www.google.com |
HTTP/1.1 200 OK Server: Apache Cache-Control: max-age=0 Content-Type: text/html Date: Sun, 09 Jan 2011 01:39:11 GMT Keep-Alive: timeout=10, max=798 Expires: Sun, 09 Jan 2011 01:39:11 GMT Connection: close Set-Cookie: BBC-UID=54edf269c181 Set-Cookie: BBC-UID=54edf269c181 Content-Length: 58681 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp <html xmlns="http://www.w3.org ...[SNIP]... <!-- bbc.fmtj.page = { serverTime: 1294537151000, editionToServe: 'us', queryString: null, referrer: 'http://www.google.com section: 'technology', sectionPath: '/Technology', siteName: 'BBC News', siteToServe: 'news', siteVersion: 'cream', storyId: '12126880', assetType: 'story', uri: '/news/techn ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.bbc.co.uk |
Path: | /news/technology-12126880 |
GET /news/technology-12126880 HTTP/1.1 Host: www.bbc.co.uk Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Server: Apache Cache-Control: max-age=0 Content-Type: text/html Date: Sun, 09 Jan 2011 01:38:36 GMT Keep-Alive: timeout=10, max=797 Expires: Sun, 09 Jan 2011 01:38:36 GMT Connection: close Set-Cookie: BBC-UID=048d5239a181 Set-Cookie: BBC-UID=048d5239a181 Content-Length: 58551 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp <html xmlns="http://www.w3.org ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.bbc.co.uk |
Path: | /news/technology-12126880 |
GET /news/technology-12126880 HTTP/1.1 Host: www.bbc.co.uk Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Server: Apache Cache-Control: max-age=0 Content-Type: text/html Date: Sun, 09 Jan 2011 01:38:36 GMT Keep-Alive: timeout=10, max=797 Expires: Sun, 09 Jan 2011 01:38:36 GMT Connection: close Set-Cookie: BBC-UID=048d5239a181 Set-Cookie: BBC-UID=048d5239a181 Content-Length: 58551 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp <html xmlns="http://www.w3.org ...[SNIP]... <link rel="stylesheet" type="text/css" href="http://static.bbc ...[SNIP]... </script> <script type="text/javascript" src="http://news.bbcimg <script type="text/javascript" src="http://news.bbcimg ...[SNIP]... </script> <script type="text/javascript" src="http://news.bbcimg ...[SNIP]... </script> <script type="text/javascript" src="http://news.bbcimg ...[SNIP]... </script> <script type="text/javascript" src="http://news.bbcimg ...[SNIP]... </script> <script type="text/javascript" src="http://news.bbcimg <script type="text/javascript" src="http://js.revsci.net ...[SNIP]... </script> <script type="text/javascript" src="http://edge ...[SNIP]... <!-- SiteCatalyst code version: H.21. Copyright 1996-2010 Adobe, Inc. All Rights Reserved More info available at http://www.omniture.com --> <script type="text/javascript" src="http://news.bbcimg ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.bbc.co.uk |
Path: | /news/technology-12126880 |
GET /news/technology-12126880 HTTP/1.1 Host: www.bbc.co.uk Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Server: Apache Cache-Control: max-age=0 Content-Type: text/html Date: Sun, 09 Jan 2011 01:38:36 GMT Keep-Alive: timeout=10, max=797 Expires: Sun, 09 Jan 2011 01:38:36 GMT Connection: close Set-Cookie: BBC-UID=048d5239a181 Set-Cookie: BBC-UID=048d5239a181 Content-Length: 58551 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp <html xmlns="http://www.w3.org ...[SNIP]... |