Generated on: 2008/07/10 11:28
Input file: /download/ratproxy/libero/ratproxy.log
NOTE: Not all of the issues reported necessarily
correspond to actual security flaws. Findings should be validated
by manual testing and analysis where appropriate. When in doubt,
contact the author.
Report risk and risk modifier designations:
LOW
to
HIGH
Issue urgency classification (composite of impact and identification accuracy)
INFO
Non-discriminatory entry for further analysis
ECHO
/
echo
Query parameters echoed back / not echoed in HTTP response, respectively
PRED
/
pred
Request URL or query data likely is / is not predictable to third parties, respectively
AUTH
/
auth
Request requires / does not require cookie authentication, respectively
Parameter-accepting POST requests that lack security tokens. Some POST requests change application state, and may be vulnerable to cross-site request forgery attacks.
Text documents that seem to have a poorly chosen Content-Type value. Even slight mismatches may trigger content sniffing in Internet Explorer, and potentially lead to cross-site scripting if any part of the file is user-controlled.
Pages that seem to include scripts or stylesheets from external domains. If these domains are not trusted or are susceptible to compromise, this behavior may render the application vulnerable to attacks.
Server-generated, authenticated Javascript apparently structured for <SCRIPT SRC=...> or eval(...) consumption. If the code reveals any sensitive user data and lacks XSRF defenses, privacy breaches may occur.
Pages that set cookies or require authentication, but have HTTP headers that may, in some scenarios, lead to proxy-level document caching. Depending on runtime settings, this may also include subtle HTTP/1.1 and HTTP/1.0 intent mismatches (such as Cache-Control: private with no Expires header).
Bad or no charset declared for renderable file [toggle]
Section hidden
Text documents with missing, mistyped, or obscure character sets (see config.h). For some values, UTF-7 and other types of character set sniffing in Internet Explorer may occur if any part of the file is user-controlled.
LOWecho PRED auth GET http://barra-spazio.libero.it:80//x/js/barra_n01.js ⇒ 200 [view trace]
Response (4922): var bsl1_init;\nvar bsl1_init2;\nvar bsl1_sup=0;\nvar bsl1_ie=((document.all)&&(!window.opera));\n\nif (document.getElementById) bsl1_sup=1;\n\nfunction n_width() {\n\tif (self.innerHeight) return(self.innerWidth);\n\telse if (document.documentElement && document.documentElement.clientHeight) return(document.documentElement.clientWidth);\n\telse if (document.body) return(document.body.clientWidth);\n\treturn 0;\n}\n\nfunction bsl1_wd() {\n\tvar d = n_width();\n\tif (d!=bsl1_oldd) {\n\t\ta = document.getElementById('vb2main');\n\t\ta.style.width = d+"px";\n\t\tbsl1_oldd = d;\n\t}\n\tsetTimeout("bsl1_wd()", 250);\n}\n\nfunction bsl1_remote(ur) { \n \tvar element = document.createElement('script');\n\telement.setAttribute('type','text/javascript'); \n\telement.setAttribute('src',ur); \n\tdocument.body.appendChild(element);\n}\n\nfunction bsl1_ok(gu) {\n\tvar o = document.getElementById('bsl1-lbuff');\n\tif (o) o.innerHTML = gu;\n}\n...
MIME type: application/x-javascript, detected: application/x-javascript, charset: -
LOWecho PRED auth GET http://digiland.libero.it:80/fsrscripts/stdLauncher.js ⇒ 200 [view trace]
Response (28957): /****Customer: **SAMPLE CODE FOR TESTING ** NOT FOR PRODUCTION ****\r\n/************ don't modify below this line *********\r\n ************* Version: Std 5.3 v.21 ***********\r\n ****** Copyright 2001-2008 ForeseeResults, Inc****/\r\n \r\nforesee.popupURL = "//www.foreseeresults.com/survey/display";\t//do not change this url\r\nforesee.FSRImgURL= "//www.foreseeresults.com/survey/FSRImg"; \t//do not change this url\r\nforesee.CSURL= "//www.foreseeresults.com/survey/processCPP"; \t//do not change this url\r\nforesee.OTCImgURL = "//controller.foreseeresults.com/fsrSurvey/OTCImg";\r\nforesee.ckAlreadyShown = foresee.triggerParms["ascookie"]; /* name of the persistent/session cookie*/\r\nforesee.ckLoyaltyCount = foresee.triggerParms["lfcookie"]; /* name of the loyalty count cookie*/\r\nforesee.fullURL=null;\r\nforesee.myPopUp=null;\r\nforesee.detect = navigator.userAgent.toLowerCase();\r\nforesee.version= navigator.appVersion.toLowerCase();\r\nfor...
MIME type: application/x-javascript, detected: application/x-javascript, charset: -
LOWecho PRED auth GET http://digistatic.libero.it:80//js/tbx.js ⇒ 200 [view trace]
Response (1847): // SWITCHING TAB\n// pre = id_prefix\n// n = tab\n// i = mode (0,1)\n// area = area box\n// coo = cookie mode (0,1)\n\nvar tbx_stat = new Array();\n\nfunction tbx_switch(pre, n, i, area, coo) {\n\tif (document.getElementById) {\n\t\n\t\tif (coo == 1) {\n\t\t\tif (i==1) {\n\t\t\t\tvar cccc=tbx_gc("tbx"+area);\n\t\t\t\tif (cccc!='') n = cccc;\n\t\t\t} else {\n\t\t\t\tvar kk = "tbx" + area + "=" + n + "; path=/; domain=.libero.it";\n\t\t\t\tdocument.cookie=kk;\n\t\t\t}\n\t\t}\n\t\t\n\t\tvar d = document.getElementById(pre+n);\n\t\tvar dc = document.getElementById(pre+'c'+n);\n\n\t\tif (tbx_stat[pre]>0) {\n\t\t\tvar doo, dco;\n\t\t\tdoo = document.getElementById(pre+tbx_stat[pre]);\n\t\t\tdco = document.getElementById(pre+'c'+tbx_stat[pre]);\n\t\t\tdco.style.display="none";\n\t\t\tdoo.className = "";\n\t\t}\n\t\t\n\t\tdc.style.display = "block";\n\t\td.className = "act";\n\t\ttbx_stat[pre]=n;\n\n\t\t...
MIME type: application/x-javascript, detected: application/x-javascript, charset: -
Pages that seem to contain potentially dangerous or discouraged Javascript statements. These statements are particularly likely to open up security vulnerabilities on the page, and as such, the code should be carefully analyzed.
MEDIUMECHO PRED auth GET http://blog.libero.it:80/maxsoblog/view.php?nocache=1215682105 ⇒ 200 [view trace]
Response (114597): \n\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">\n<html>\n<head>\n<title>Maxso's Blog - Libero Community - Blog</title>\n\n<META NAME="Keywords" CONTENT="community, chat, blog, forum, cupido, dating, pagine personali">\n\n<link rel='stylesheet' type=text/css href='/blog/css/moblog.css'>\n<link rel='stylesheet' type=text/css href='/blog/css/skin/67/blue.css'>\n<script type='text/javascript' src='/blog/js/fx_blog.js'></script>\n\n<script language="javascript">\n<!--\nnav_name = navigator.userAgent.toLowerCase();\nis_opera = (nav_name.indexOf("opera") != -1);\nis_mac = (nav_name.indexOf("mac") != -1);\nif (is_opera || is_mac){\n\tdocument.write('<style> .defender { overflow: hidden; } </style>');\n}\n-->\n</sc...
Cookies set: PHPSESSIDMOB=51a97ff659e142796c021e8c3e5826c0; DGL_UPD_LOGIN=0; BG_RT=f_41_C_41__3d_kRIK_2d_0N_2d_rc_7c_Tn5Vzl_3d_g1nrc_7c_Tn5V0_41_up_3d_mpPvbEz8Y_7c_mbE5k_3d_O
Offending value: document.referrer
MIME type: text/html, detected: text/html, charset: -
MEDIUMecho PRED auth GET http://digiland.libero.it:80/fsrscripts/stdLauncher.js ⇒ 200 [view trace]
Response (28957): /****Customer: **SAMPLE CODE FOR TESTING ** NOT FOR PRODUCTION ****\r\n/************ don't modify below this line *********\r\n ************* Version: Std 5.3 v.21 ***********\r\n ****** Copyright 2001-2008 ForeseeResults, Inc****/\r\n \r\nforesee.popupURL = "//www.foreseeresults.com/survey/display";\t//do not change this url\r\nforesee.FSRImgURL= "//www.foreseeresults.com/survey/FSRImg"; \t//do not change this url\r\nforesee.CSURL= "//www.foreseeresults.com/survey/processCPP"; \t//do not change this url\r\nforesee.OTCImgURL = "//controller.foreseeresults.com/fsrSurvey/OTCImg";\r\nforesee.ckAlreadyShown = foresee.triggerParms["ascookie"]; /* name of the persistent/session cookie*/\r\nforesee.ckLoyaltyCount = foresee.triggerParms["lfcookie"]; /* name of the loyalty count cookie*/\r\nforesee.fullURL=null;\r\nforesee.myPopUp=null;\r\nforesee.detect = navigator.userAgent.toLowerCase();\r\nforesee.version= navigator.appVersion.toLowerCase();\r\nfor...
Offending value: document.referrer
MIME type: application/x-javascript, detected: application/x-javascript, charset: -
MEDIUMecho PRED auth GET http://spazio.libero.it:80/maxsof1/?top=1 ⇒ 200 [view trace]
Response (22985): <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">\n<html>\n<head>\n<title>Libero - Community Profilo di maxsof1</title>\n<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">\n<META NAME="Description" CONTENT="Digiland è la community del portale Libero: Chat, Cupido, Messaggeria, Forum, Sondaggi, Tribu, Crea il tuo Sito e molto altro...">\n<META NAME="Keywords" CONTENT="community, chat, blog, forum, cupido, dating, pagine personali">\n<link rel="shortcut icon" href="/x/pics/hd_img/favicon.ico">\n\n\n<style type="text/css">\n@import url("http://barra-spazio.libero.it//x/css/barra_n01.css");\n</style>\n<script src="http://barra-spazio.libero.it//x/js/barra_n01.js" type="text/javascript" language="Javascript"></scri...
Cookies set: SPAZIO_SESSID=fb949caf46de2245bb730db4b43f2fc1; DGL_UPD_LOGIN=0; DIGI_PVP=KcdC_3a__2f__2f_33ajAr_2e_8LptEX_2e_Ut_2f_4X2fRtK_2f_C11fxDr_2e_cK8_2d_KNdi6nScp0_2d_AvfFt0mSMIF1n
Offending value: document.referrer
MIME type: text/html, detected: text/html, charset: iso-8859-1
LOWecho PRED auth GET http://barra-spazio.libero.it:80//x/js/barra_n01.js ⇒ 200 [view trace]
Response (4922): var bsl1_init;\nvar bsl1_init2;\nvar bsl1_sup=0;\nvar bsl1_ie=((document.all)&&(!window.opera));\n\nif (document.getElementById) bsl1_sup=1;\n\nfunction n_width() {\n\tif (self.innerHeight) return(self.innerWidth);\n\telse if (document.documentElement && document.documentElement.clientHeight) return(document.documentElement.clientWidth);\n\telse if (document.body) return(document.body.clientWidth);\n\treturn 0;\n}\n\nfunction bsl1_wd() {\n\tvar d = n_width();\n\tif (d!=bsl1_oldd) {\n\t\ta = document.getElementById('vb2main');\n\t\ta.style.width = d+"px";\n\t\tbsl1_oldd = d;\n\t}\n\tsetTimeout("bsl1_wd()", 250);\n}\n\nfunction bsl1_remote(ur) { \n \tvar element = document.createElement('script');\n\telement.setAttribute('type','text/javascript'); \n\telement.setAttribute('src',ur); \n\tdocument.body.appendChild(element);\n}\n\nfunction bsl1_ok(gu) {\n\tvar o = document.getElementById('bsl1-lbuff');\n\tif (o) o.innerHTML = gu;\n}\n...
Offending value: document.write
MIME type: application/x-javascript, detected: application/x-javascript, charset: -
LOWecho PRED auth GET http://digiland.libero.it:80/ ⇒ 200 [view trace]
Response (43155): \n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">\n<html>\n<head>\n<title>Libero - Community Homepage</title>\n<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">\n<META NAME="Description" CONTENT="Digiland è la community del portale Libero: Chat, Cupido, Messaggeria, Forum, Sondaggi, Tribu, Crea il tuo Sito e molto altro...">\n<META NAME="Keywords" CONTENT="community, chat, blog, forum, cupido, dating, pagine personali">\n<link rel="shortcut icon" href="http://digistatic.libero.it//pics/favicon.ico">\n\n\n<LINK href="http://digistatic.libero.it//css/header.css" rel="stylesheet">\n<LINK href="http://digistatic.libero.it//css/community.css" rel="stylesheet">\n<LINK href="http://digistatic.libero.it//css/tbx.css" rel="...
Cookies set: DIGISESSID=acb599e99e43feb6f7be43e3a6df979f; DGL_UPD_LOGIN=0
Offending value: document.write
MIME type: text/html, detected: text/html, charset: iso-8859-1
LOWecho PRED auth GET http://digiland.libero.it:80/fsrscripts/stdLauncher.js ⇒ 200 [view trace]
Response (28957): /****Customer: **SAMPLE CODE FOR TESTING ** NOT FOR PRODUCTION ****\r\n/************ don't modify below this line *********\r\n ************* Version: Std 5.3 v.21 ***********\r\n ****** Copyright 2001-2008 ForeseeResults, Inc****/\r\n \r\nforesee.popupURL = "//www.foreseeresults.com/survey/display";\t//do not change this url\r\nforesee.FSRImgURL= "//www.foreseeresults.com/survey/FSRImg"; \t//do not change this url\r\nforesee.CSURL= "//www.foreseeresults.com/survey/processCPP"; \t//do not change this url\r\nforesee.OTCImgURL = "//controller.foreseeresults.com/fsrSurvey/OTCImg";\r\nforesee.ckAlreadyShown = foresee.triggerParms["ascookie"]; /* name of the persistent/session cookie*/\r\nforesee.ckLoyaltyCount = foresee.triggerParms["lfcookie"]; /* name of the loyalty count cookie*/\r\nforesee.fullURL=null;\r\nforesee.myPopUp=null;\r\nforesee.detect = navigator.userAgent.toLowerCase();\r\nforesee.version= navigator.appVersion.toLowerCase();\r\nfor...
Offending value: document.write
MIME type: application/x-javascript, detected: application/x-javascript, charset: -
LOWecho PRED auth GET http://spazio.libero.it:80/maxsof1/?top=1 ⇒ 200 [view trace]
Response (22985): <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">\n<html>\n<head>\n<title>Libero - Community Profilo di maxsof1</title>\n<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">\n<META NAME="Description" CONTENT="Digiland è la community del portale Libero: Chat, Cupido, Messaggeria, Forum, Sondaggi, Tribu, Crea il tuo Sito e molto altro...">\n<META NAME="Keywords" CONTENT="community, chat, blog, forum, cupido, dating, pagine personali">\n<link rel="shortcut icon" href="/x/pics/hd_img/favicon.ico">\n\n\n<style type="text/css">\n@import url("http://barra-spazio.libero.it//x/css/barra_n01.css");\n</style>\n<script src="http://barra-spazio.libero.it//x/js/barra_n01.js" type="text/javascript" language="Javascript"></scri...
Cookies set: SPAZIO_SESSID=fb949caf46de2245bb730db4b43f2fc1; DGL_UPD_LOGIN=0; DIGI_PVP=KcdC_3a__2f__2f_33ajAr_2e_8LptEX_2e_Ut_2f_4X2fRtK_2f_C11fxDr_2e_cK8_2d_KNdi6nScp0_2d_AvfFt0mSMIF1n
Offending value: document.write
MIME type: text/html, detected: text/html, charset: iso-8859-1
PNG images with no Content-Disposition: attachment header. In Internet Explorer 6, this may trigger content sniffing and potentially lead to cross-site scripting flaws if the image is user-supplied.
Pages that accept parameters and issue new HTTP cookies, but miss security tokens. Session fixation or other attacks might be possible if the cookie stores important, query-dependent user data.
MEDIUMECHO PRED AUTH POST http://video.libero.it:80/app/play/get_url_flv.html?e ⇒ 200 [view trace]
Payload: embed=yes&id=61b3a97e0f17d5d78e73be49de594487
Response (329): s=1&msg1=&url_base=http://video.libero.it/static&media_id=18085&url_swf=/swf/&url_flv=/video07/6/1/b/61b3a97e0f17d5d78e73be49de594487.flv&url_thumb=/video07/6/1/b/61b3a97e0f17d5d78e73be49de594487_0.jpg&flen=378&fx=320&fy=240&v_s=&nielsen_probe=n&em_log=1&f_tr=1&f_to=4&f_server=1&fakeID=P01&staf_opt=440_500_150_120&custom_skin=0
Cookies set: LIBEROVIDEO-SESSIONID=879e2b8814f0285cd851ef702d1f074e
MIME type: text/html, detected: application/x-javascript, charset: -
MEDIUMECHO PRED AUTH POST http://video.libero.it:80/app/play/get_url_flv.html?e ⇒ 200 [view trace]
Payload: embed=yes&id=4366db2f9990f509e735d7496f3a4f78%2Eflv
Response (329): s=1&msg1=&url_base=http://video.libero.it/static&media_id=77960&url_swf=/swf/&url_flv=/video05/4/3/6/4366db2f9990f509e735d7496f3a4f78.flv&url_thumb=/video05/4/3/6/4366db2f9990f509e735d7496f3a4f78_0.jpg&flen=260&fx=320&fy=240&v_s=&nielsen_probe=n&em_log=1&f_tr=1&f_to=4&f_server=1&fakeID=P01&staf_opt=440_500_150_120&custom_skin=0
Cookies set: LIBEROVIDEO-SESSIONID=b80979a5a5f1533c4d4a8f6b2bfc3a3a
MIME type: text/html, detected: application/x-javascript, charset: -
MEDIUMECHO PRED auth GET http://blog.libero.it:80/maxsoblog/view.php?nocache=1215682105 ⇒ 200 [view trace]
Response (114597): \n\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">\n<html>\n<head>\n<title>Maxso's Blog - Libero Community - Blog</title>\n\n<META NAME="Keywords" CONTENT="community, chat, blog, forum, cupido, dating, pagine personali">\n\n<link rel='stylesheet' type=text/css href='/blog/css/moblog.css'>\n<link rel='stylesheet' type=text/css href='/blog/css/skin/67/blue.css'>\n<script type='text/javascript' src='/blog/js/fx_blog.js'></script>\n\n<script language="javascript">\n<!--\nnav_name = navigator.userAgent.toLowerCase();\nis_opera = (nav_name.indexOf("opera") != -1);\nis_mac = (nav_name.indexOf("mac") != -1);\nif (is_opera || is_mac){\n\tdocument.write('<style> .defender { overflow: hidden; } </style>');\n}\n-->\n</sc...
Cookies set: PHPSESSIDMOB=51a97ff659e142796c021e8c3e5826c0; DGL_UPD_LOGIN=0; BG_RT=f_41_C_41__3d_kRIK_2d_0N_2d_rc_7c_Tn5Vzl_3d_g1nrc_7c_Tn5V0_41_up_3d_mpPvbEz8Y_7c_mbE5k_3d_O
MIME type: text/html, detected: text/html, charset: -
MEDIUMecho PRED auth GET http://spazio.libero.it:80/maxsof1/?top=1 ⇒ 200 [view trace]
Response (22985): <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">\n<html>\n<head>\n<title>Libero - Community Profilo di maxsof1</title>\n<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">\n<META NAME="Description" CONTENT="Digiland è la community del portale Libero: Chat, Cupido, Messaggeria, Forum, Sondaggi, Tribu, Crea il tuo Sito e molto altro...">\n<META NAME="Keywords" CONTENT="community, chat, blog, forum, cupido, dating, pagine personali">\n<link rel="shortcut icon" href="/x/pics/hd_img/favicon.ico">\n\n\n<style type="text/css">\n@import url("http://barra-spazio.libero.it//x/css/barra_n01.css");\n</style>\n<script src="http://barra-spazio.libero.it//x/js/barra_n01.js" type="text/javascript" language="Javascript"></scri...
Cookies set: SPAZIO_SESSID=fb949caf46de2245bb730db4b43f2fc1; DGL_UPD_LOGIN=0; DIGI_PVP=KcdC_3a__2f__2f_33ajAr_2e_8LptEX_2e_Ut_2f_4X2fRtK_2f_C11fxDr_2e_cK8_2d_KNdi6nScp0_2d_AvfFt0mSMIF1n
MIME type: text/html, detected: text/html, charset: iso-8859-1
Pages where non-trivial query parameters appear to be echoed back inside a script. This does not imply a vulnerability, but these resources are prime candidates for further code injection testing.
LOWECHO PRED AUTH POST http://video.libero.it:80/app/play/get_url_flv.html?e ⇒ 200 [view trace]
Payload: embed=yes&id=fb410a8fa378c066535f1e05aa473150%2Eflv
Response (330): s=1&msg1=&url_base=http://video.libero.it/static&media_id=173950&url_swf=/swf/&url_flv=/video16/f/b/4/fb410a8fa378c066535f1e05aa473150.flv&url_thumb=/video16/f/b/4/fb410a8fa378c066535f1e05aa473150_0.jpg&flen=277&fx=320&fy=256&v_s=&nielsen_probe=n&em_log=1&f_tr=1&f_to=4&f_server=1&fakeID=P01&staf_opt=440_500_150_120&custom_skin=0
Offending value: id
MIME type: text/html, detected: application/x-javascript, charset: -
LOWECHO PRED AUTH POST http://video.libero.it:80/app/play/get_url_flv.html?e ⇒ 200 [view trace]
Payload: embed=yes&id=e75cbc00bce10147d074d38fc14f16e6%2Eflv
Response (330): s=1&msg1=&url_base=http://video.libero.it/static&media_id=175437&url_swf=/swf/&url_flv=/video15/e/7/5/e75cbc00bce10147d074d38fc14f16e6.flv&url_thumb=/video15/e/7/5/e75cbc00bce10147d074d38fc14f16e6_0.jpg&flen=158&fx=320&fy=256&v_s=&nielsen_probe=n&em_log=1&f_tr=1&f_to=4&f_server=1&fakeID=P01&staf_opt=440_500_150_120&custom_skin=0
Offending value: id
MIME type: text/html, detected: application/x-javascript, charset: -
LOWECHO PRED AUTH POST http://video.libero.it:80/app/play/get_url_flv.html?e ⇒ 200 [view trace]
Payload: embed=yes&id=61b3a97e0f17d5d78e73be49de594487
Response (329): s=1&msg1=&url_base=http://video.libero.it/static&media_id=18085&url_swf=/swf/&url_flv=/video07/6/1/b/61b3a97e0f17d5d78e73be49de594487.flv&url_thumb=/video07/6/1/b/61b3a97e0f17d5d78e73be49de594487_0.jpg&flen=378&fx=320&fy=240&v_s=&nielsen_probe=n&em_log=1&f_tr=1&f_to=4&f_server=1&fakeID=P01&staf_opt=440_500_150_120&custom_skin=0
Cookies set: LIBEROVIDEO-SESSIONID=879e2b8814f0285cd851ef702d1f074e
Offending value: id
MIME type: text/html, detected: application/x-javascript, charset: -
LOWECHO PRED AUTH POST http://video.libero.it:80/app/play/get_url_flv.html?e ⇒ 200 [view trace]
Payload: embed=yes&id=4366db2f9990f509e735d7496f3a4f78%2Eflv
Response (329): s=1&msg1=&url_base=http://video.libero.it/static&media_id=77960&url_swf=/swf/&url_flv=/video05/4/3/6/4366db2f9990f509e735d7496f3a4f78.flv&url_thumb=/video05/4/3/6/4366db2f9990f509e735d7496f3a4f78_0.jpg&flen=260&fx=320&fy=240&v_s=&nielsen_probe=n&em_log=1&f_tr=1&f_to=4&f_server=1&fakeID=P01&staf_opt=440_500_150_120&custom_skin=0
Cookies set: LIBEROVIDEO-SESSIONID=b80979a5a5f1533c4d4a8f6b2bfc3a3a
Offending value: id
MIME type: text/html, detected: application/x-javascript, charset: -
Active content types (such as HTML, Flash, or Java) that seems to be included from or referenced in third-party domains. These resources should be further evaluated to determine their purpose and the impact on site security, if any.
Binary files with poorly chosen Content-Type data. Certain mismatches may trigger content sniffing, and potentially lead to cross-site scripting if the file is user-supplied.
Pages with Content-Type header set to text/plain. Content sniffing in Internet Explorer may be triggered in such a scenario, and potentially lead to cross-site scripting if any part of the document is user-controlled.
Code that resembles JSON responses or other dynamic code snippets, and quotes non-escaped HTML. If this rendered markup is attacker-controlled, content sniffing in Internet Explorer may potentially kick in and trigger XSS flaws, regardless of MIME type used.
LOWecho PRED auth GET http://digiland.libero.it:80/fsrscripts/triggerParams.js ⇒ 200 [view trace]
Response (5871): /****Customer: Bitbang Libero.it\r\n/************ don't modify below this line *********\r\n ************* Version: Std 5.3 v.21 ***********\r\n ****** Copyright 2001-2008 ForeseeResults, Inc****/\r\n\r\n/**MAIN PARAMETERS**/\r\nif(!window.foresee) window.foresee = new Object();\r\nforesee.triggerParms= new Array();\r\nforesee.triggerParms["displayMode"] = 3;\t\t \t\t //0=disable survey, 1=Invitation when PUB present, 2=No Invitation, 3=Invitation Only\r\nforesee.triggerParms["mid"] = "1QVsNQE84xlUw9shYVAV9g=="; // model instance id (Default is XYZ Company survey) - Comment if using 'sid'\r\nforesee.triggerParms["cid"] = "Yg0U0ckBU8dZkRZxYY59lw=="; // customer id\r\nforesee.triggerParms["lf"] = 0;\t\t \t \t \t\t\t// * loyalty factor 5\r\nforesee.triggerParms["sp"] = 10.0;\t \t\t \t\t\t// * sampling percentage 50\r\nforesee.triggerParms["rw"] = 129600; \t \t\t \t\t\t// duration of persistent surve...
MIME type: application/x-javascript, detected: application/x-javascript, charset: -
LOWecho PRED auth GET http://digiland.libero.it:80/fsrscripts/stdLauncher.js ⇒ 200 [view trace]
Response (28957): /****Customer: **SAMPLE CODE FOR TESTING ** NOT FOR PRODUCTION ****\r\n/************ don't modify below this line *********\r\n ************* Version: Std 5.3 v.21 ***********\r\n ****** Copyright 2001-2008 ForeseeResults, Inc****/\r\n \r\nforesee.popupURL = "//www.foreseeresults.com/survey/display";\t//do not change this url\r\nforesee.FSRImgURL= "//www.foreseeresults.com/survey/FSRImg"; \t//do not change this url\r\nforesee.CSURL= "//www.foreseeresults.com/survey/processCPP"; \t//do not change this url\r\nforesee.OTCImgURL = "//controller.foreseeresults.com/fsrSurvey/OTCImg";\r\nforesee.ckAlreadyShown = foresee.triggerParms["ascookie"]; /* name of the persistent/session cookie*/\r\nforesee.ckLoyaltyCount = foresee.triggerParms["lfcookie"]; /* name of the loyalty count cookie*/\r\nforesee.fullURL=null;\r\nforesee.myPopUp=null;\r\nforesee.detect = navigator.userAgent.toLowerCase();\r\nforesee.version= navigator.appVersion.toLowerCase();\r\nfor...
MIME type: application/x-javascript, detected: application/x-javascript, charset: -
LOWecho PRED auth GET http://digistatic.libero.it:80//js/tbx.js ⇒ 200 [view trace]
Response (1847): // SWITCHING TAB\n// pre = id_prefix\n// n = tab\n// i = mode (0,1)\n// area = area box\n// coo = cookie mode (0,1)\n\nvar tbx_stat = new Array();\n\nfunction tbx_switch(pre, n, i, area, coo) {\n\tif (document.getElementById) {\n\t\n\t\tif (coo == 1) {\n\t\t\tif (i==1) {\n\t\t\t\tvar cccc=tbx_gc("tbx"+area);\n\t\t\t\tif (cccc!='') n = cccc;\n\t\t\t} else {\n\t\t\t\tvar kk = "tbx" + area + "=" + n + "; path=/; domain=.libero.it";\n\t\t\t\tdocument.cookie=kk;\n\t\t\t}\n\t\t}\n\t\t\n\t\tvar d = document.getElementById(pre+n);\n\t\tvar dc = document.getElementById(pre+'c'+n);\n\n\t\tif (tbx_stat[pre]>0) {\n\t\t\tvar doo, dco;\n\t\t\tdoo = document.getElementById(pre+tbx_stat[pre]);\n\t\t\tdco = document.getElementById(pre+'c'+tbx_stat[pre]);\n\t\t\tdco.style.display="none";\n\t\t\tdoo.className = "";\n\t\t}\n\t\t\n\t\tdc.style.display = "block";\n\t\td.className = "act";\n\t\ttbx_stat[pre]=n;\n\n\t\t...
MIME type: application/x-javascript, detected: application/x-javascript, charset: -
Pages where values resembling file names are passed in query parameters, and not echoed back. Although this does not imply a vulnerability, these locations are prime candidates for further directory traversal testing. Note that some host names in parameters may trigger false positives here.
Pages where non-trivial query parameters appear to be echoed back on the page. Most or all of these resources might be safe - but they constitute prime candidates for further manual or automated XSS vulnerability testing.
INFOECHO PRED auth GET http://blog.libero.it:80/maxsoblog/view.php?nocache=1215682105 ⇒ 200 [view trace]
Response (114597): \n\n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">\n<html>\n<head>\n<title>Maxso's Blog - Libero Community - Blog</title>\n\n<META NAME="Keywords" CONTENT="community, chat, blog, forum, cupido, dating, pagine personali">\n\n<link rel='stylesheet' type=text/css href='/blog/css/moblog.css'>\n<link rel='stylesheet' type=text/css href='/blog/css/skin/67/blue.css'>\n<script type='text/javascript' src='/blog/js/fx_blog.js'></script>\n\n<script language="javascript">\n<!--\nnav_name = navigator.userAgent.toLowerCase();\nis_opera = (nav_name.indexOf("opera") != -1);\nis_mac = (nav_name.indexOf("mac") != -1);\nif (is_opera || is_mac){\n\tdocument.write('<style> .defender { overflow: hidden; } </style>');\n}\n-->\n</sc...
Cookies set: PHPSESSIDMOB=51a97ff659e142796c021e8c3e5826c0; DGL_UPD_LOGIN=0; BG_RT=f_41_C_41__3d_kRIK_2d_0N_2d_rc_7c_Tn5Vzl_3d_g1nrc_7c_Tn5V0_41_up_3d_mpPvbEz8Y_7c_mbE5k_3d_O
Offending value: nocache
MIME type: text/html, detected: text/html, charset: -
INFOecho PRED auth GET http://digiland.libero.it:80/ ⇒ 200 [view trace]
Response (43155): \n<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">\n<html>\n<head>\n<title>Libero - Community Homepage</title>\n<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">\n<META NAME="Description" CONTENT="Digiland è la community del portale Libero: Chat, Cupido, Messaggeria, Forum, Sondaggi, Tribu, Crea il tuo Sito e molto altro...">\n<META NAME="Keywords" CONTENT="community, chat, blog, forum, cupido, dating, pagine personali">\n<link rel="shortcut icon" href="http://digistatic.libero.it//pics/favicon.ico">\n\n\n<LINK href="http://digistatic.libero.it//css/header.css" rel="stylesheet">\n<LINK href="http://digistatic.libero.it//css/community.css" rel="stylesheet">\n<LINK href="http://digistatic.libero.it//css/tbx.css" rel="...
Cookies set: DIGISESSID=acb599e99e43feb6f7be43e3a6df979f; DGL_UPD_LOGIN=0
MIME type: text/html, detected: text/html, charset: iso-8859-1
INFOecho PRED auth GET http://spazio.libero.it:80/maxsof1/?top=1 ⇒ 200 [view trace]
Response (22985): <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">\n<html>\n<head>\n<title>Libero - Community Profilo di maxsof1</title>\n<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">\n<META NAME="Description" CONTENT="Digiland è la community del portale Libero: Chat, Cupido, Messaggeria, Forum, Sondaggi, Tribu, Crea il tuo Sito e molto altro...">\n<META NAME="Keywords" CONTENT="community, chat, blog, forum, cupido, dating, pagine personali">\n<link rel="shortcut icon" href="/x/pics/hd_img/favicon.ico">\n\n\n<style type="text/css">\n@import url("http://barra-spazio.libero.it//x/css/barra_n01.css");\n</style>\n<script src="http://barra-spazio.libero.it//x/js/barra_n01.js" type="text/javascript" language="Javascript"></scri...
Cookies set: SPAZIO_SESSID=fb949caf46de2245bb730db4b43f2fc1; DGL_UPD_LOGIN=0; DIGI_PVP=KcdC_3a__2f__2f_33ajAr_2e_8LptEX_2e_Ut_2f_4X2fRtK_2f_C11fxDr_2e_cK8_2d_KNdi6nScp0_2d_AvfFt0mSMIF1n
MIME type: text/html, detected: text/html, charset: iso-8859-1
INFOecho PRED auth GET http://www.libero.it:80/ ⇒ 200 [view trace]
Response (129624): <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">\n<HTML>\n<HEAD>\n<META http-equiv="content-type" content="text/html; charset=iso-8859-1">\n<META name="description" content="Libero.it: Community, Search, Mail, News, Video, Adsl & Internet">\n<META name="keywords" content="Libero, Community, Search, Mail, News, Video, Adsl & Internet">\n<TITLE>Libero</TITLE>\n<LINK rel="shortcut icon" type="images/x-icon" href="http://img3.iol.it/i/favicon.ico">\n\n<!-- armonia -->\n<style>\nbody{background-image:url(http://img1.iol.it/i/200803/bg_nero.gif);background-repeat:repeat-x;text-align:center;}\ninput{font-size:11px;font-family:Tahoma, Arial,sans-serif;}\n\nform{display:inline;}\na,a:hover{text-decoration:underline;}\na:hover{color:#000066;}...
Cookies set: Libero=78.46.80.205.1215682043004499
MIME type: text/html, detected: text/html, charset: iso-8859-1
Full list of Flash documents detected on the server. Many Flash files produced with automated tools are vulnerable to cross-site scripting flaws, and should be inspected for these patterns.
