Page 1 of 2
[RESOLVED] XSS for "login.live.com" when accessing email.
Posted: Sat Jul 28, 2012 6:51 am
by Lobster (Anon)
My issue is essentially stated in the topic title. Firefox recently updated itself to the newest version and since then I have had to re-allow everything (as well as fixing up my other add-ons, which I suppose is neither here nor there). Before the update I had absolutely no trouble checking my email, which goes through login.live.com. Since then I have been unable to access it. This is obviously very frustrating. I'm very illiterate to this sort of thing and have no idea how to fix it. It says live.com is allowed but the login prefix seems not to be. I've googled this issue and it seems I'm not the only one; however, I just don't understand the solutions offered, to be blunt.
http://forums.informaction.com/viewtopic.php?f=8&t=8882
^^^ I followed the instructions here on downloading the latest development build. It did nothing.
http://i.imgur.com/CF0Z2.png
^^^ This is the message i get when I choose unsafe reload.
Even when I reload unsafely it doesn't often load the email. Maybe once in five. I really don't know if it's live.com or NoScript that's the problem, but since I'm getting the XSS message when I never have before, I though I'd ask here. The Firefox update may have nothing to do with anything, in fact. Correlation does not imply causation, after all.
Thank you for any help!
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sat Jul 28, 2012 9:37 am
by Giorgio Maone
Please check
latest development build 2.5rc3, thanks.
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sat Jul 28, 2012 8:51 pm
by Guest
Thank you, but as stated in the OP I have already tried that and it didn't do anything.
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sat Jul 28, 2012 9:27 pm
by Giorgio Maone
Guest wrote:
Thank you, but as stated in the OP I have already tried that and it didn't do anything.
No you didn't try. RC3 has been released after you posted.
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sat Jul 28, 2012 10:01 pm
by Guest
Giorgio Maone wrote:Guest wrote:
Thank you, but as stated in the OP I have already tried that and it didn't do anything.
No you didn't try. RC3 has been released after you posted.
Fair enough. I didn't realize a new one had come out today. However, I installed it and I'm still having the same problem. Is there... something more I should be doing?
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sat Jul 28, 2012 10:15 pm
by GµårÐïåñ
How about posting your XSS message so we can see what it actually says, if anything.
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sun Jul 29, 2012 12:33 am
by Guest
GµårÐïåñ wrote:How about posting your XSS message so we can see what it actually says, if anything.
I'm not really sure how to do that, beyond the screencap posted in the OP. Can you be a bit more specific? As I said I'm not really literate in this sort of thing.
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sun Jul 29, 2012 3:04 am
by Guest
I am also having this problem with live.com email. The message appears in a pop-down bar at the top of the page and it reads:
"NoScript filtered a potential cross-site scripting (XSS) attempt from [
https://login.live.com]. Technical details have been logged to the Console."
The Console subsequently logs about 30 messages which mean nothing to me, such as:
"Error parsing value for 'filter'. Declaration dropped."
and:
"Selector expected. Ruleset ignored due to bad selector."
There are a ton of these and many entries that appear to be duplicates.
This was not an issue at all before I updated to the latest Firefox.
Attempting an "unsafe reload" doesn't work. It looks like it's going to log me in (it allows me to get to the page where my password is requested) but then the XSS error happens again. The only way to get in is to completely disable XSS protection universally.
Live.com is a Microsoft website and in the process of login reroutes the connection through (at least) live.com, microsoftonline.com, and outlook.com. I believe that the problem is that live.com is always going to route login through multiple domains using scripts.
Please don't suggest that I just not use live.com for email. That is not an option. This is an organizational email system and I cannot opt out. I can disable XSS completely, log in, then re-enable it, but this is such an irritating process that I am far more likely to leave it disabled permanently, which would deprive me of a valuable noscript feature.
I have updated to the latest build as suggested and it did not fix it. Any other help would be appreciated (such as something to paste into that override box - I am not a coder and I don't have any idea what to put in there).
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sun Jul 29, 2012 6:56 am
by Lobster (Anon)
Guest wrote:Words
This is it exactly. And I too could use just a copy/paste solution. I can't stop using that particular email because yes, it's my school email. I have the exact thing where unsafe reload appears to work but then just poops me back out again. I haven't disabled XSS because... it's useful, and I need it. I suppose I could switch it on and off for the time being if I have to.
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sun Jul 29, 2012 7:19 am
by Giorgio Maone
First and foremost: double check you're actually using 2.5rc3 or above, by looking at the "About NoScript" submenu.
If and only if you're already there, please try to reproduce, then open the Error Console (ctrl+shift+J), filter for "Message" (blue items only) and copy here any line starting with [NoScript XSS].
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sun Jul 29, 2012 10:57 am
by therube
In addition to defaults, microsoftonline.com need to be allowed.
If you've already signed on to live.com, just clicking the link suffices to generate the XSS warning.
URL:
https://login.live.com/login.srf?vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=
Code: Select all
[NoScript InjectionChecker] JavaScript Injection in ##<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"><wst:RequestedSecurityToken><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="uuid-ada6eef6-c396-4785-a61c-358d3e9d3bf4" IssueInstant="2012-07-29T10:53:34Z" Issuer="uri:WindowsLiveID" MajorVersion="1" MinorVersion="1"><saml:Conditions NotBefore="2012-07-29T10:53:34Z" NotOnOrAfter="2012-07-30T10:53:34Z"><saml:AudienceRestrictionCondition><saml:Audience>urn:federation:MicrosoftOnline</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement AuthenticationInstant="2012-07-29T10:53:34Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><saml:Subject><saml:NameIdentifier Format="http://schemas.xmlsoap.org/claims/UPN">0003BFFD871410A1@Live.com</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><saml:AttributeStatement><saml:Subject><saml:NameIdentifier Format="http://schemas.xmlsoap.org/claims/UPN">0003BFFD871410A1@Live.com</saml:NameIdentifier></saml:Subject><saml:Attribute AttributeName="Managed" AttributeNamespace="http://schemas.xmlsoap.org/claims"></saml:Attribute><saml:Attribute AttributeName="LastName" AttributeNamespace="http://schemas.xmlsoap.org/claims"></saml:Attribute><saml:Attribute AttributeName="Child" AttributeNamespace="http://schemas.xmlsoap.org/claims"></saml:Attribute><saml:Attribute AttributeName="TOUAccepted" AttributeNamespace="http://schemas.xmlsoap.org/claims"></saml:Attribute><saml:Attribute AttributeName="CID" AttributeNamespace="http://schemas.xmlsoap.org/claims"></saml:Attribute><saml:Attribute AttributeName="EmailAddress" AttributeNamespace="http://schemas.xmlsoap.org/claims"><saml:AttributeValue>myemailadr@live.com</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="FirstName" AttributeNamespace="http://schemas.xmlsoap.org/claims"></saml:Attribute><saml:Attribute AttributeName="PUID" AttributeNamespace="http://schemas.xmlsoap.org/claims"></saml:Attribute></saml:AttributeStatement><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI="#uuid-ada6eef6-c396-4785-a61c-358d3e9d3bf4"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod></Reference></SignedInfo><SignatureValue>u8OcHnZ4bRpMroPTrwH8zzBEY+yF1XYL4CjLIhXbhIWo++X9sVFH19h6JwtzMMkHz+oHr1vLMPS4
mFPuWozB4csMNN8+cADeQv2Ga0LSI7BskQv8G9Ac6wj9CoZv71eJQNeq2/0JsyYFq5kD16bWFlOU
+iEKyOCcBH07M4v7RCs=</SignatureValue><KeyInfo><X509Data></X509Data><KeyName>Window Live ID</KeyName></KeyInfo></Signature></saml:Assertion></wst:RequestedSecurityToken><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"><wsa:Address>urn:federation:MicrosoftOnline</wsa:Address></wsa:EndpointReference></wsp:AppliesTo></wst:RequestSecurityTokenResponse>
(function anonymous() {<wst:RequestSecurityTokenResponse><wst:RequestedSecurityToken><saml:Assertion><saml:Conditions><saml:AudienceRestrictionCondition><saml:Audience>urn:federation:MicrosoftOnline</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement><saml:Subject><saml:NameIdentifier>0003BFFD871410A1@Live.com</saml:NameIdentifier></saml:Subject></saml:AuthenticationStatement><saml:AttributeStatement><saml:Subject><saml:NameIdentifier>0003BFFD871410A1@Live.com</saml:NameIdentifier></saml:Subject><saml:Attribute></saml:Attribute><saml:Attribute></saml:Attribute><saml:Attribute></saml:Attribute><saml:Attribute></saml:Attribute><saml:Attribute></saml:Attribute><saml:Attribute><saml:AttributeValue>myemailadr@live.com</saml:AttributeValue></saml:Attribute><saml:Attribute></saml:Attribute><saml:Attribute></saml:Attribute></saml:AttributeStatement><Signature><SignedInfo><CanonicalizationMethod></CanonicalizationMethod><SignatureMethod></SignatureMethod><Reference><Transforms><Transform></Transform><Transform></Transform></Transforms><DigestMethod></DigestMethod></Reference></SignedInfo><SignatureValue>u8OcHnZ4bRpMroPTrwH8zzBEY+yF1XYL4CjLIhXbhIWo++X9sVFH19h6JwtzMMkHz+oHr1vLMPS4
mFPuWozB4csMNN8+cADeQv2Ga0LSI7BskQv8G9Ac6wj9CoZv71eJQNeq2/0JsyYFq5kD16bWFlOU
+iEKyOCcBH07M4v7RCs=</SignatureValue><KeyInfo><X509Data></X509Data><KeyName>Window Live ID</KeyName></KeyInfo></Signature></saml:Assertion></wst:RequestedSecurityToken><wsp:AppliesTo><wsa:EndpointReference><wsa:Address>urn:federation:MicrosoftOnline</wsa:Address></wsa:EndpointReference></wsp:AppliesTo></wst:RequestSecurityTokenResponse>;DUMMY_EXPR;})
Code: Select all
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-ada6eef6-c396-4785-a61c-358d3e9d3bf4%22+IssueInstant%3D%222012-07-29T10%3A53%3A34Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T10%3A53%3A34Z%22+NotOnOrAfter%3D%222012-07-30T10%3A53%3A34Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-29T10%3A53%3A34Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003BFFD871410A1%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003BFFD871410A1%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22LastName%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Ebensky%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Efa74ba8ff94d9d98%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Emyemailadr%40live.com%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22FirstName%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Esteven%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E0003BFFD871410A1%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-ada6eef6-c396-4785-a61c-358d3e9d3bf4%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3EtlZrVo%2BetPq6G09XXp%2BRIN7dctw%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3Eu8OcHnZ4bRpMroPTrwH8zzBEY%2ByF1XYL4CjLIhXbhIWo%2B%2BX9sVFH19h6JwtzMMkHz%2BoHr1vLMPS4%0D%0AmFPuWozB4csMNN8%2BcADeQv2Ga0LSI7BskQv8G9Ac6wj9CoZv71eJQNeq2%2F0JsyYFq5kD16bWFlOU%0D%0A%2BiEKyOCcBH07M4v7RCs%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/ppsecure/post.srf?vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=&bk=1343559205]: transformed into a download-only GET request.
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sun Jul 29, 2012 2:07 pm
by Lobster (Anon)
Giorgio Maone wrote:First and foremost: double check you're actually using 2.5rc3 or above, by looking at the "About NoScript" submenu.
If and only if you're already there, please try to reproduce, then open the Error Console (ctrl+shift+J), filter for "Message" (blue items only) and copy here any line starting with [NoScript XSS].
Here goes:
Code: Select all
[quote]
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-5e4d6b75-82a3-4d9f-9b04-5f10e8024a1d%22+IssueInstant%3D%222012-07-29T14%3A00%3A37Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T14%3A00%3A37Z%22+NotOnOrAfter%3D%222012-07-30T14%3A00%3A37Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-27T23%3A26%3A01Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Efcbe164d4f65aed0%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Ema256208%40ohio.edu%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E0003000090F241E5%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-5e4d6b75-82a3-4d9f-9b04-5f10e8024a1d%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3E5Fw5ayFaKjY%2FX0pB6GwfOF%2FWMIk%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3ELllH3tVbO%2FidRJKcj6rUJMnmnm5qxs40bc%2Bh0%2F0gZN90uNmoNvPnSC7vYqR23LSfW1VdDFLNcFiL%0D%0AL%2BJcTZ6cDCFZR063roy9ulWpMXwFf6liC60xmcvoHOdsNe8f3eTZfu4fon%2FYJUGB%2BeOWNMzo8F6x%0D%0Ad32RiAlaBUAkb2ngpYs%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/login.srf?cbcxt=out&vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=wa%3Dwsignin1.0%26rpsnv%3D2%26ct%3D1343570434%26rver%3D6.1.6206.0%26wp%3DHBI%26wreply%3Dhttps:%252F%252Fpod51000.outlook.com%252Fowa%252F%26id%3D260563%26CBCXT%3Dout]: transformed into a download-only GET request.
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-fd93b45b-fc83-4c43-84a1-6499860ad108%22+IssueInstant%3D%222012-07-29T14%3A00%3A39Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T14%3A00%3A39Z%22+NotOnOrAfter%3D%222012-07-30T14%3A00%3A39Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-27T23%3A26%3A01Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Efcbe164d4f65aed0%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Ema256208%40ohio.edu%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E0003000090F241E5%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-fd93b45b-fc83-4c43-84a1-6499860ad108%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3EnvWcMpDoLFqbWBJcMHTswBgGRhA%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3EsyBA75YqQShPRE2ODoBP68KZV%2B4kH2szkrwgYbihXYGVm3v0UNj0eUrJqm5dzgEObSN8GXIlfbuH%0D%0Ao4yQ9IDTLA1OxUYfEEIwfg6waAzrRlxtspx%2F58bWnHWL%2F0nX0UQyOJryMLmcDrUV8NhVu3wRbc0q%0D%0AAaDskAKuYh1kHqbydWo%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/login.srf?vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=]: transformed into a download-only GET request.
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-f278c1dd-c5ec-4bce-92ef-67f974c263b3%22+IssueInstant%3D%222012-07-29T14%3A00%3A41Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T14%3A00%3A41Z%22+NotOnOrAfter%3D%222012-07-30T14%3A00%3A41Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-27T23%3A26%3A01Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Efcbe164d4f65aed0%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Ema256208%40ohio.edu%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E0003000090F241E5%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-f278c1dd-c5ec-4bce-92ef-67f974c263b3%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3ESqZrfSsJNLHOYd8FGhJWidOgz1k%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3EPEfpMSjQ%2FPQ8H8pXNtcejo2zdvV7Mu9GuguK59%2FfH3%2BpFk8BE28HghnpN7DfXX2pdY%2BeEvykcw%2Fc%0D%0AUZzu%2FUvR10M5uS0dUx8lrpCu1lSp11l9T4aelpqMPqTwvKFgT8EmZX1MJasWFhRBBRc9GI9MR%2Bfi%0D%0Ac3%2FtS%2FxcdoioQqV5BXM%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/login.srf?vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=]: transformed into a download-only GET request.
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-2e53d9ab-2ff5-45fb-8f17-8e1bc42b69e9%22+IssueInstant%3D%222012-07-29T14%3A00%3A43Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T14%3A00%3A43Z%22+NotOnOrAfter%3D%222012-07-30T14%3A00%3A43Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-27T23%3A26%3A01Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Efcbe164d4f65aed0%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Ema256208%40ohio.edu%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E0003000090F241E5%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-2e53d9ab-2ff5-45fb-8f17-8e1bc42b69e9%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3Ev6UFbsieah1GsoEh7Xi5DHlFn14%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3EPbgIZMBVMgVtv4xq6u4CcGI%2BOPdjxKAhoIi%2By%2B9ODPkM1IJBhRZtb0YIeN7yJrQ9EPge0M5a9%2B1%2F%0D%0AH%2FKhKI53EoLPYoYP2csIWz9oMl1BfUwKUYkSpQac6BrSm1ycZ5Dy6A1btni%2Ba5Bais8dsUsexpwK%0D%0AidtjjP3yO1S%2B8DBmo20%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/login.srf?vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=]: transformed into a download-only GET request.
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-afb7d373-b685-48c0-a02f-8d4ee2bd0f64%22+IssueInstant%3D%222012-07-29T14%3A00%3A45Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T14%3A00%3A45Z%22+NotOnOrAfter%3D%222012-07-30T14%3A00%3A45Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-27T23%3A26%3A01Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Efcbe164d4f65aed0%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Ema256208%40ohio.edu%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E0003000090F241E5%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-afb7d373-b685-48c0-a02f-8d4ee2bd0f64%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3E1kHyW1ejvm5ihz5QY%2B2I8dpp0%2Bc%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3E5KjoU7pQE%2BckfbeEEqrVKsFom1MS7VjT9V1IxeV7HwKVefaVw2urF1TtqugxJ1XdLGrN%2BVFw66Qn%0D%0AOcyZYyk%2BIZsSBqTYNWs9LTNPMfRv6U52PzifCQnKUWIfz10pTAU7VdSNveMD86sx4aarEzh5%2BCWo%0D%0ATLwVbtGzcmYiH%2FOhkbk%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/login.srf?vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=]: transformed into a download-only GET request.
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-66e2a5de-835b-4437-bbb0-3b6b56516430%22+IssueInstant%3D%222012-07-29T14%3A00%3A47Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T14%3A00%3A47Z%22+NotOnOrAfter%3D%222012-07-30T14%3A00%3A47Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-27T23%3A26%3A01Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Efcbe164d4f65aed0%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Ema256208%40ohio.edu%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E0003000090F241E5%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-66e2a5de-835b-4437-bbb0-3b6b56516430%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3E5f2lMxIJwvC04MECxQysyX5Ci5A%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3EWPafeVO37d225N1DqYvZ8IlyhoEK1%2Bk2tRVhv7sPsAAj2v4aQCaDIrgX0EF0U0d6K%2F7vlIQ9Wi9X%0D%0AtfAfs%2F6oncgNPcY7AYmW%2Baicpk3QjmXI8o3h41kpbUU%2F%2B0bC78lJntRtPTLbJnq144yIsYkuoau9%0D%0AkIWW2BbNQQpQuCYvSbA%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/login.srf?vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=]: transformed into a download-only GET request.
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-16710424-9c6e-45b2-9ad3-1e13b75aed78%22+IssueInstant%3D%222012-07-29T14%3A06%3A31Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T14%3A06%3A31Z%22+NotOnOrAfter%3D%222012-07-30T14%3A06%3A31Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-27T23%3A26%3A01Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E0003000090F241E5%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Efcbe164d4f65aed0%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Ema256208%40ohio.edu%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E0003000090F241E5%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-16710424-9c6e-45b2-9ad3-1e13b75aed78%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3EQjunb04XbZEGGYzRoBUu3L2R3YI%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3EmunnXIEPKEe0Yrxuw6Lg3IgiYFCDnzh%2B1LDLJlnhabDpWaqFnAD9u8JWqjMsZFYcq3P3q3tMQqww%0D%0AlhhIghAogCtKIHhXFGAN5n%2BQPDcbAcr41z7nQ4FiYMCG3J3lCwl56Vo96JY4Hz2DIOIao4Fpb5s5%0D%0A53863ffFqujtloYA1ew%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/login.srf?vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=]: transformed into a download-only GET request.
[/quote]
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sun Jul 29, 2012 2:16 pm
by Giorgio Maone
Please check
latest development build 2.5rc6, thanks.
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sun Jul 29, 2012 2:27 pm
by Guest
Giorgio Maone wrote:First and foremost: double check you're actually using 2.5rc3 or above, by looking at the "About NoScript" submenu.
If and only if you're already there, please try to reproduce, then open the Error Console (ctrl+shift+J), filter for "Message" (blue items only) and copy here any line starting with [NoScript XSS].
As I said originally, I updated immediately before posting. "About Noscript" tells me that I am using 2.5rc5.
Here is my list of blue "NoScript XSS" messages. I get these simply hitting the live.com site. I don't even get as far as entering my password. Live.com tries hard to load and then gives me an error message. The Console logs this:
Code: Select all
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-0ddb579a-dfc3-4155-9948-6ca795c74ebf%22+IssueInstant%3D%222012-07-29T14%3A19%3A15Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T14%3A19%3A15Z%22+NotOnOrAfter%3D%222012-07-30T14%3A19%3A15Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-29T02%3A54%3A39Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E000300009D9A6652%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E000300009D9A6652%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E87c8658cc67ccedf%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Eadstge01%40cardmail.louisville.edu%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E000300009D9A6652%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-0ddb579a-dfc3-4155-9948-6ca795c74ebf%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3EB%2F9njVatEfjyJKaJ9GzlYuRCGeg%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3Ewa0N0RT6EKzENnpRj%2BCBdEH5q5JmC27KKfceHO6GJ5EnCaJgZHlVFbdFr3BKFGO%2Fwm0Iwg3amRu8%0D%0Aor%2FDk1C%2Boby2jdpXvOSEWiEMjGz6JOMnysxvLPPKVJ%2BmEUe%2Bl4AI2RpgkVSgY99zlLl6FIsxLq1f%0D%0AzSw%2Be6ZyoBI9Nr%2BJKiw%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/login.srf?cbcxt=out&vv=900&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=wa%3Dwsignin1.0%26rpsnv%3D2%26ct%3D1303860884%26rver%3D6.1.6206.0%26wp%3DMBI_KEY%26wreply%3Dhttps:%252F%252Fsn1prd0302.outlook.com%252Fowa%252F%26id%3D260563%26CBCXT%3Dout]: transformed into a download-only GET request.
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-ca52e12e-3e9e-4bee-b570-da433e29b136%22+IssueInstant%3D%222012-07-29T14%3A19%3A17Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T14%3A19%3A17Z%22+NotOnOrAfter%3D%222012-07-30T14%3A19%3A17Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-29T02%3A54%3A39Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E000300009D9A6652%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E000300009D9A6652%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E87c8658cc67ccedf%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Eadstge01%40cardmail.louisville.edu%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E000300009D9A6652%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-ca52e12e-3e9e-4bee-b570-da433e29b136%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3EEgCmNs%2BT38JCsfbt5a2ZDgsU4lE%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3EjrFNP65yoENiriK3fmM0rsy7oPfs5Ta2UE5QW8d8PB4Jl%2F6jYPWS5jzxySufyXurOyEU3grUi0wJ%0D%0A6QiP3a03mh6QcLXmZTPF7AlCKpuosm%2FUpjDfyy%2BhIgsiGX8qzQqGuepXz3jRVB6XnZfPSRXgvPi1%0D%0AndChxdSQKl0Hdpep%2Fok%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/login.srf?vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=]: transformed into a download-only GET request.
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-072ce56f-cf5e-4803-93cd-3a3006ada7d4%22+IssueInstant%3D%222012-07-29T14%3A19%3A18Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T14%3A19%3A18Z%22+NotOnOrAfter%3D%222012-07-30T14%3A19%3A18Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-29T02%3A54%3A39Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E000300009D9A6652%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E000300009D9A6652%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E87c8658cc67ccedf%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Eadstge01%40cardmail.louisville.edu%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E000300009D9A6652%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-072ce56f-cf5e-4803-93cd-3a3006ada7d4%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3ESFu4zLab5lqTKlDHdVzSuAG7QFQ%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3E6lwAnIYB%2FwNpO6Ts8nHfZE8PzQQRvUI22x%2BYyjx%2FrkubDAlzUkxwz3etdAJb5FVVCBPhdpXzbpH0%0D%0AWt7oh3eckg%2BCO2AYOfFtGEu%2FGitnW1HsKx%2Bix8G7ruQLW0JLG%2B%2BSct2YuULRYWELHlxtLAof3ypy%0D%0ACCBUiLuCHzQgWQbp%2B6A%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/login.srf?vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=]: transformed into a download-only GET request.
[NoScript XSS] Sanitized suspicious upload to [https://login.microsoftonline.com/login.srf###DATA###%3Cwst%3ARequestSecurityTokenResponse+xmlns%3Awst%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F02%2Ftrust%22%3E%3Cwst%3ARequestedSecurityToken%3E%3Csaml%3AAssertion+xmlns%3Asaml%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22+AssertionID%3D%22uuid-e5ba1b9f-f4fa-4545-9cda-9a2676a7a33e%22+IssueInstant%3D%222012-07-29T14%3A19%3A19Z%22+Issuer%3D%22uri%3AWindowsLiveID%22+MajorVersion%3D%221%22+MinorVersion%3D%221%22%3E%3Csaml%3AConditions+NotBefore%3D%222012-07-29T14%3A19%3A19Z%22+NotOnOrAfter%3D%222012-07-30T14%3A19%3A19Z%22%3E%3Csaml%3AAudienceRestrictionCondition%3E%3Csaml%3AAudience%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fsaml%3AAudience%3E%3C%2Fsaml%3AAudienceRestrictionCondition%3E%3C%2Fsaml%3AConditions%3E%3Csaml%3AAuthenticationStatement+AuthenticationInstant%3D%222012-07-29T02%3A54%3A39Z%22+AuthenticationMethod%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword%22%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E000300009D9A6652%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3C%2Fsaml%3AAuthenticationStatement%3E%3Csaml%3AAttributeStatement%3E%3Csaml%3ASubject%3E%3Csaml%3ANameIdentifier+Format%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%2FUPN%22%3E000300009D9A6652%40Live.com%3C%2Fsaml%3ANameIdentifier%3E%3C%2Fsaml%3ASubject%3E%3Csaml%3AAttribute+AttributeName%3D%22Managed%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3ETRUE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22Child%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22TOUAccepted%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3EFALSE%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22CID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E87c8658cc67ccedf%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22EmailAddress%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3Eadstge01%40cardmail.louisville.edu%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3Csaml%3AAttribute+AttributeName%3D%22PUID%22+AttributeNamespace%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fclaims%22%3E%3Csaml%3AAttributeValue%3E000300009D9A6652%3C%2Fsaml%3AAttributeValue%3E%3C%2Fsaml%3AAttribute%3E%3C%2Fsaml%3AAttributeStatement%3E%3CSignature+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23%22%3E%3CSignedInfo%3E%3CCanonicalizationMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FCanonicalizationMethod%3E%3CSignatureMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1%22%3E%3C%2FSignatureMethod%3E%3CReference+URI%3D%22%23uuid-e5ba1b9f-f4fa-4545-9cda-9a2676a7a33e%22%3E%3CTransforms%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23enveloped-signature%22%3E%3C%2FTransform%3E%3CTransform+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2F10%2Fxml-exc-c14n%23%22%3E%3C%2FTransform%3E%3C%2FTransforms%3E%3CDigestMethod+Algorithm%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1%22%3E%3C%2FDigestMethod%3E%3CDigestValue%3Ehgv8wslU5QS%2F%2F8U9Tpu%2FWulnFXw%3D%3C%2FDigestValue%3E%3C%2FReference%3E%3C%2FSignedInfo%3E%3CSignatureValue%3EuAHHWQUQ2intx8A2mGGd7k4ERg4orHfp8dlXcKTpCL940kXYbxsBQR5QbLw6gqg6iy%2F6G3MzZAd0%0D%0A05YrrzX1wc%2BmTtYTfvPMW2m0tQvOA7wgJ%2BRz8TvzciU1GLSgf3F044O44dO%2BxojgW9YRtdDJVOei%0D%0Aq7gYioCQmxnZrCeMZ08%3D%3C%2FSignatureValue%3E%3CKeyInfo%3E%3CX509Data%3E%3CX509SKI%3EH1D81qx0njcaeJ3fI6gkm6N%2FjpA%3D%3C%2FX509SKI%3E%3C%2FX509Data%3E%3CKeyName%3EWindow+Live+ID%3C%2FKeyName%3E%3C%2FKeyInfo%3E%3C%2FSignature%3E%3C%2Fsaml%3AAssertion%3E%3C%2Fwst%3ARequestedSecurityToken%3E%3Cwsp%3AAppliesTo+xmlns%3Awsp%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F09%2Fpolicy%22%3E%3Cwsa%3AEndpointReference+xmlns%3Awsa%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2004%2F08%2Faddressing%22%3E%3Cwsa%3AAddress%3Eurn%3Afederation%3AMicrosoftOnline%3C%2Fwsa%3AAddress%3E%3C%2Fwsa%3AEndpointReference%3E%3C%2Fwsp%3AAppliesTo%3E%3C%2Fwst%3ARequestSecurityTokenResponse%3E] from [https://login.live.com/login.srf?vv=910&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=]: transformed into a download-only GET request.
What I would appreciate most would be an override that I can paste into the "exceptions" box so that the XSS protection will overlook live.com and all its friends.
Re: XSS for "login.live.com" preventing me from accessing em
Posted: Sun Jul 29, 2012 2:30 pm
by Guest
Sorry, you posted this while I was preparing mine. I installed this build and it appears to have fixed the problem. Thank you very much.
