1. Cross-site scripting (reflected)
2.1. https://outlet.softlayer.com/Sales/orderServer/18/1560
2.2. https://outlet.softlayer.com/Sales/orderServer/18/1560/
2.3. https://outlet.softlayer.com/favicon.ico
3. Content type incorrectly stated
Severity: | High |
Confidence: | Certain |
Host: | https://outlet.softlayer |
Path: | /Sales/orderServer/18 |
GET /Sales/orderServer/18 Host: outlet.softlayer.com Connection: keep-alive Referer: https://outlet.softlayer Cache-Control: max-age=0 Origin: https://outlet.softlayer User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: __utmz=1.1303331808.1.1 |
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 16:21:59 GMT Server: Apache Vary: Accept-Encoding,User Cache-Control: max-age=0 Expires: Tue, 26 Apr 2011 16:21:59 GMT Connection: Keep-Alive Content-Type: text/html Content-Length: 61807 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <head> <meta http-equiv="Conten ...[SNIP]... <input type="hidden" id="order_sessionid" name="data[Order] ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | https://outlet.softlayer |
Path: | /Sales/orderServer/18 |
GET /Sales/orderServer/18 Host: outlet.softlayer.com Connection: keep-alive Referer: http://outlet.softlayer User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: __utmz=1.1303331808.1.1 |
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 16:19:24 GMT Server: Apache Vary: Accept-Encoding,User Cache-Control: max-age=0 Expires: Tue, 26 Apr 2011 16:19:24 GMT Connection: Keep-Alive Content-Type: text/html Content-Length: 131315 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <head> <meta http-equiv="Conten ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | https://outlet.softlayer |
Path: | /Sales/orderServer/18 |
POST /Sales/orderServer/18 Host: outlet.softlayer.com Connection: keep-alive Referer: https://outlet.softlayer Cache-Control: max-age=0 Origin: https://outlet.softlayer User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Content-Type: application/x-www-form Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: __utmz=1.1303331808.1.1 Content-Length: 1613 data%5BOrder%5D ...[SNIP]... |
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 16:19:49 GMT Server: Apache Vary: Accept-Encoding,User Cache-Control: max-age=0 Expires: Tue, 26 Apr 2011 16:19:49 GMT Connection: Keep-Alive Content-Type: text/html Content-Length: 61758 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <head> <meta http-equiv="Conten ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | https://outlet.softlayer |
Path: | /favicon.ico |
GET /favicon.ico HTTP/1.1 Host: outlet.softlayer.com Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: __utmz=1.1303331808.1.1 |
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 16:23:47 GMT Server: Apache Last-Modified: Tue, 02 Jun 2009 16:03:38 GMT Accept-Ranges: bytes Vary: Accept-Encoding,User Connection: Keep-Alive Content-Type: text/plain Content-Length: 3638 ..............h...&... ..............(....... ...........@............. ...[SNIP]... |
Severity: | Information |
Confidence: | Firm |
Host: | https://outlet.softlayer |
Path: | /favicon.ico |
GET /favicon.ico HTTP/1.1 Host: outlet.softlayer.com Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: __utmz=1.1303331808.1.1 |
HTTP/1.1 200 OK Date: Tue, 26 Apr 2011 16:23:47 GMT Server: Apache Last-Modified: Tue, 02 Jun 2009 16:03:38 GMT Accept-Ranges: bytes Vary: Accept-Encoding,User Connection: Keep-Alive Content-Type: text/plain Content-Length: 3638 ..............h...&... ..............(....... ...........@............. ...[SNIP]... |