1. Cross-site scripting (reflected)
4. Content type incorrectly stated
Severity: | High |
Confidence: | Certain |
Host: | http://splashpage.mtv.com |
Path: | /favicon.ico |
GET /favicon.ico3ad54</script><script Host: splashpage.mtv.com Proxy-Connection: keep-alive Referer: http://clutch.mtv.com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: mtvn_guid=1297527364-309; __qca=P0-1103908855 |
HTTP/1.1 404 Not Found Server: Apache/2 X-Powered-By: PHP/5.2.8 X-Pingback: http://splashpage.mtv.com Last-Modified: Sat, 12 Feb 2011 18:42:12 GMT Pragma: no-cache X-Cache-Term: short Content-Type: text/html; charset=UTF-8 Cache-Control: must-revalidate, max-age=600 Expires: Sat, 12 Feb 2011 18:52:12 GMT Date: Sat, 12 Feb 2011 18:42:12 GMT Connection: close Vary: Accept-Encoding Connection: Transfer-Encoding Set-Cookie: ak-mobile-detected=no; expires=Sun, 13-Feb-2011 00:42:12 GMT; path=/ Vary: User-Agent Content-Length: 34754 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head p ...[SNIP]... <script type="text/javascript"> mtvn.btg.Controller pageName: 'BLOGS/splashpage/favicon channel: 'BLOGS', hier1: 'BLOGS/splashpage/favicon ...[SNIP]... |
Severity: | High |
Confidence: | Certain |
Host: | http://splashpage.mtv.com |
Path: | /crossdomain.xml |
GET /crossdomain.xml HTTP/1.0 Host: splashpage.mtv.com |
HTTP/1.0 200 OK Server: Apache/2 Last-Modified: Thu, 20 May 2010 15:37:31 GMT ETag: "1bc7071-112-487085a Accept-Ranges: bytes Content-Length: 274 Content-Type: application/xml Cache-Control: max-age=600 Date: Sat, 12 Feb 2011 18:42:06 GMT Connection: close Set-Cookie: ak-mobile-detected=no; expires=Sun, 13-Feb-2011 00:42:06 GMT; path=/ Vary: User-Agent <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia <cross-domain-policy> <allow-access-from domain="*" secure="false" /> <allow- ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://splashpage.mtv.com |
Path: | /favicon.ico |
GET /robots.txt HTTP/1.0 Host: splashpage.mtv.com |
HTTP/1.0 200 OK Server: Apache/2 Last-Modified: Fri, 13 Aug 2010 19:03:49 GMT ETag: "116ab6c-4b-48db924942f40 Accept-Ranges: bytes Content-Length: 75 Content-Type: text/plain Cache-Control: max-age=1800 Date: Sat, 12 Feb 2011 18:42:06 GMT Connection: close Set-Cookie: ak-mobile-detected=no; expires=Sun, 13-Feb-2011 00:42:06 GMT; path=/ Vary: User-Agent User-agent: * Disallow: /wp-admin/ Sitemap: /wp-content/uploads |
Severity: | Information |
Confidence: | Firm |
Host: | http://splashpage.mtv.com |
Path: | /wp-content/themes |
GET /wp-content/themes Host: splashpage.mtv.com Proxy-Connection: keep-alive Referer: http://splashpage.mtv.com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: mtvn_guid=1297527364-309; __qca=P0-1103908855 |
HTTP/1.1 200 OK Server: Apache/2 Last-Modified: Tue, 04 May 2010 20:21:18 GMT ETag: "1d85029-2a0-485ca73 Accept-Ranges: bytes Content-Length: 672 Content-Type: text/plain Date: Sat, 12 Feb 2011 18:56:36 GMT Connection: close Vary: User-Agent // active click through on flux comment count $j(function(){ $j('#posts .post .post_footer .commentCount .txtLabel').live( $j(this).css({ 'text-decoration':'unde ...[SNIP]... |