1. Cross-site scripting (reflected)
2. Cross-domain script include
| Severity: | High | 
| Confidence: | Certain | 
| Host: | http://www.findalter | 
| Path: | /search/lessons-of | 
| GET /search/lessons-of Host: www.findalternative.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16 Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* | 
| HTTP/1.1 200 OK Date: Sun, 17 Apr 2011 20:46:14 GMT Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8 X-Powered-By: PHP/5.3.3 Content-Type: text/html Content-Length: 7228 <html> <head> <link href="/search/lessons-of ...[SNIP]... | 
| Severity: | High | 
| Confidence: | Certain | 
| Host: | http://www.findalter | 
| Path: | /search/lessons-of | 
| GET /search/lessons-of Host: www.findalternative.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16 Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* | 
| HTTP/1.1 200 OK Date: Sun, 17 Apr 2011 20:41:42 GMT Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8 X-Powered-By: PHP/5.3.3 Content-Type: text/html Content-Length: 7235 <html> <head> <link href="/search/lessons-of ...[SNIP]... | 
| Severity: | Information | 
| Confidence: | Certain | 
| Host: | http://www.findalter | 
| Path: | /search/lessons-of | 
| GET /search/lessons-of Host: www.findalternative.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16 Accept: application/xml Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* | 
| HTTP/1.1 200 OK Date: Sun, 17 Apr 2011 20:39:55 GMT Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8 X-Powered-By: PHP/5.3.3 Content-Type: text/html Content-Length: 20341 <html> <head> <link href="/search/lessons-of ...[SNIP]... </script> <script type="text/javascript" src="http://resources ...[SNIP]... |