1.1. http://www.savings.com/fetch/get-css.url [resources parameter]
1.2. http://www.savings.com/fetch/get-js.url [resources parameter]
2. Cross-site scripting (reflected)
2.1. http://www.savings.com/coupons/search/coupons_results.html [searchString parameter]
2.2. http://www.savings.com/fetch/get-css.url [resources parameter]
2.3. http://www.savings.com/fetch/get-js.url [resources parameter]
3. Cookie without HttpOnly flag set
3.2. http://www.savings.com/coupons/search/coupons_results.html
4. Cookie scoped to parent domain
4.2. http://www.savings.com/coupons/search/coupons_results.html
5. Cross-domain Referer leakage
6. Cross-domain script include
6.2. http://www.savings.com/coupons/search/coupons_results.html
Severity: | High |
Confidence: | Certain |
Host: | http://www.savings.com |
Path: | /fetch/get-css.url |
GET /fetch/get-css.url Accept: */* Referer: http://www.savings.com/ Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: www.savings.com Proxy-Connection: Keep-Alive Cookie: ESTN=1; EPRAT=1513874903 |
HTTP/1.1 302 Found Server: Resin/3.1.8 Location: http://cdn1.node1.savings 7e9c22fb1b8 Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:39:11 GMT Content-Type: text/html Content-Length: 85 Date: Thu, 11 Nov 2010 22:39:11 GMT The URL has moved <a href="http://cdn1.node1 7e9c22fb1b8">here</a> |
Severity: | High |
Confidence: | Certain |
Host: | http://www.savings.com |
Path: | /fetch/get-js.url |
GET /fetch/get-js.url Accept: */* Referer: http://www.savings.com/ Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: www.savings.com Proxy-Connection: Keep-Alive Cookie: ESTN=1; EPRAT=1513874903 |
HTTP/1.1 302 Found Server: Resin/3.1.8 Location: http://cdn3.node1.savings e18c03f66a3 Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:38:45 GMT Content-Type: text/html Content-Length: 85 Date: Thu, 11 Nov 2010 22:38:45 GMT The URL has moved <a href="http://cdn3.node1 e18c03f66a3">here</a> |
Severity: | High |
Confidence: | Firm |
Host: | http://www.savings.com |
Path: | /coupons/search/coupons |
GET /coupons/search/coupons Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms Referer: http://www.savings.com/ Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: www.savings.com Proxy-Connection: Keep-Alive Cookie: ESTN=1; EPRAT=1513874903 |
HTTP/1.1 200 OK Server: Resin/3.1.8 P3P: CP="IDC DSP COR CUR ADM TAI PSA PSD IVA CONi OUR IND UNI NAV" Content-Language: en-US Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:39:41 GMT Set-Cookie: MPUSC=1513874903 Set-Cookie: MPUSC=1513874903 Set-Cookie: MPPAGEEVENTCK=167904071 Content-Type: text/html; charset=UTF-8 Date: Thu, 11 Nov 2010 22:39:41 GMT Vary: Accept-Encoding Connection: Keep-Alive Content-Length: 15490 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <a href="/m-AandB-Elect ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.savings.com |
Path: | /fetch/get-css.url |
GET /fetch/get-css.url Accept: */* Referer: http://www.savings.com Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: www.savings.com Proxy-Connection: Keep-Alive Cookie: ESTN=1; EPRAT=1513874903 |
HTTP/1.1 302 Found Server: Resin/3.1.8 Location: http://cdn2.node1.savings Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:39:39 GMT Content-Type: text/html Content-Length: 167 Date: Thu, 11 Nov 2010 22:39:39 GMT The URL has moved <a href="http://cdn2.node1 |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.savings.com |
Path: | /fetch/get-js.url |
GET /fetch/get-js.url Accept: */* Referer: http://www.savings.com/ Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: www.savings.com Proxy-Connection: Keep-Alive Cookie: ESTN=1; EPRAT=1513874903 |
HTTP/1.1 302 Found Server: Resin/3.1.8 Location: http://cdn2.node1.savings Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:38:44 GMT Content-Type: text/html Content-Length: 146 Date: Thu, 11 Nov 2010 22:38:44 GMT The URL has moved <a href="http://cdn2.node1 |
Severity: | Low |
Confidence: | Firm |
Host: | http://www.savings.com |
Path: | / |
GET / HTTP/1.1 Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Host: www.savings.com |
HTTP/1.1 200 OK Server: Resin/3.1.8 Cache-Control: private P3P: CP="IDC DSP COR CUR ADM TAI PSA PSD IVA CONi OUR IND UNI NAV" Content-Language: en-US Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:37:58 GMT Set-Cookie: EPRAT=1513874903 Set-Cookie: MPUSC=1513874903 Set-Cookie: MPEVTC=1289515078800; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:37:58 GMT Set-Cookie: MPREFSRC=mppid%3D%2Cmpsid Set-Cookie: MPIBRCC=167904072 Set-Cookie: mvoe_decision=49%3D176; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:37:58 GMT Set-Cookie: mvo_last_exp=49 Set-Cookie: MPPAGEEVENTCK=167904072 Set-Cookie: JSESSIONID=abc7skw1Us Content-Type: text/html; charset=ISO-8859-1 Date: Thu, 11 Nov 2010 22:37:58 GMT Set-Cookie: epersist=XTrIOOEa5mzU Vary: Accept-Encoding Connection: Keep-Alive Content-Length: 106929 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.savings.com |
Path: | /coupons/search/coupons |
GET /coupons/search/coupons Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms Referer: http://www.savings.com/ Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: www.savings.com Proxy-Connection: Keep-Alive Cookie: ESTN=1; EPRAT=1513874903 |
HTTP/1.1 200 OK Server: Resin/3.1.8 P3P: CP="IDC DSP COR CUR ADM TAI PSA PSD IVA CONi OUR IND UNI NAV" Content-Language: en-US Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:38:41 GMT Set-Cookie: MPUSC=1513874903 Set-Cookie: MPUSC=1513874903 Set-Cookie: MPPAGEEVENTCK=167904071 Content-Type: text/html; charset=UTF-8 Date: Thu, 11 Nov 2010 22:38:41 GMT Vary: Accept-Encoding Connection: Keep-Alive Content-Length: 19291 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.savings.com |
Path: | / |
GET / HTTP/1.1 Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Host: www.savings.com |
HTTP/1.1 200 OK Server: Resin/3.1.8 Cache-Control: private P3P: CP="IDC DSP COR CUR ADM TAI PSA PSD IVA CONi OUR IND UNI NAV" Content-Language: en-US Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:37:58 GMT Set-Cookie: EPRAT=1513874903 Set-Cookie: MPUSC=1513874903 Set-Cookie: MPEVTC=1289515078800; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:37:58 GMT Set-Cookie: MPREFSRC=mppid%3D%2Cmpsid Set-Cookie: MPIBRCC=167904072 Set-Cookie: mvoe_decision=49%3D176; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:37:58 GMT Set-Cookie: mvo_last_exp=49 Set-Cookie: MPPAGEEVENTCK=167904072 Set-Cookie: JSESSIONID=abc7skw1Us Content-Type: text/html; charset=ISO-8859-1 Date: Thu, 11 Nov 2010 22:37:58 GMT Set-Cookie: epersist=XTrIOOEa5mzU Vary: Accept-Encoding Connection: Keep-Alive Content-Length: 106929 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.savings.com |
Path: | /coupons/search/coupons |
GET /coupons/search/coupons Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms Referer: http://www.savings.com/ Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: www.savings.com Proxy-Connection: Keep-Alive Cookie: ESTN=1; EPRAT=1513874903 |
HTTP/1.1 200 OK Server: Resin/3.1.8 P3P: CP="IDC DSP COR CUR ADM TAI PSA PSD IVA CONi OUR IND UNI NAV" Content-Language: en-US Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:38:41 GMT Set-Cookie: MPUSC=1513874903 Set-Cookie: MPUSC=1513874903 Set-Cookie: MPPAGEEVENTCK=167904071 Content-Type: text/html; charset=UTF-8 Date: Thu, 11 Nov 2010 22:38:41 GMT Vary: Accept-Encoding Connection: Keep-Alive Content-Length: 19291 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.savings.com |
Path: | /coupons/search/coupons |
GET /coupons/search/coupons Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms Referer: http://www.savings.com/ Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: www.savings.com Proxy-Connection: Keep-Alive Cookie: ESTN=1; EPRAT=1513874903 |
HTTP/1.1 200 OK Server: Resin/3.1.8 P3P: CP="IDC DSP COR CUR ADM TAI PSA PSD IVA CONi OUR IND UNI NAV" Content-Language: en-US Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:38:41 GMT Set-Cookie: MPUSC=1513874903 Set-Cookie: MPUSC=1513874903 Set-Cookie: MPPAGEEVENTCK=167904071 Content-Type: text/html; charset=UTF-8 Date: Thu, 11 Nov 2010 22:38:41 GMT Vary: Accept-Encoding Connection: Keep-Alive Content-Length: 19291 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... <li class="filter blog"><a href="http://www.thefind ...[SNIP]... </script><script type="text/javascript" src="http://edge ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.savings.com |
Path: | / |
GET / HTTP/1.1 Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Host: www.savings.com |
HTTP/1.1 200 OK Server: Resin/3.1.8 Cache-Control: private P3P: CP="IDC DSP COR CUR ADM TAI PSA PSD IVA CONi OUR IND UNI NAV" Content-Language: en-US Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:37:58 GMT Set-Cookie: EPRAT=1513874903 Set-Cookie: MPUSC=1513874903 Set-Cookie: MPEVTC=1289515078800; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:37:58 GMT Set-Cookie: MPREFSRC=mppid%3D%2Cmpsid Set-Cookie: MPIBRCC=167904072 Set-Cookie: mvoe_decision=49%3D176; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:37:58 GMT Set-Cookie: mvo_last_exp=49 Set-Cookie: MPPAGEEVENTCK=167904072 Set-Cookie: JSESSIONID=abc7skw1Us Content-Type: text/html; charset=ISO-8859-1 Date: Thu, 11 Nov 2010 22:37:58 GMT Set-Cookie: epersist=XTrIOOEa5mzU Vary: Accept-Encoding Connection: Keep-Alive Content-Length: 106929 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... </script><script type="text/javascript" src="http://edge ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.savings.com |
Path: | /coupons/search/coupons |
GET /coupons/search/coupons Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms Referer: http://www.savings.com/ Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729) Accept-Encoding: gzip, deflate Host: www.savings.com Proxy-Connection: Keep-Alive Cookie: ESTN=1; EPRAT=1513874903 |
HTTP/1.1 200 OK Server: Resin/3.1.8 P3P: CP="IDC DSP COR CUR ADM TAI PSA PSD IVA CONi OUR IND UNI NAV" Content-Language: en-US Set-Cookie: ESTN=1; domain=.savings.com; path=/; expires=Tue, 10-Nov-2015 22:38:41 GMT Set-Cookie: MPUSC=1513874903 Set-Cookie: MPUSC=1513874903 Set-Cookie: MPPAGEEVENTCK=167904071 Content-Type: text/html; charset=UTF-8 Date: Thu, 11 Nov 2010 22:38:41 GMT Vary: Accept-Encoding Connection: Keep-Alive Content-Length: 19291 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org ...[SNIP]... </script><script type="text/javascript" src="http://edge ...[SNIP]... |