This page responses with HTTP redirect status therefore detected XSS vulnerability might not be exploitable in many conditions however it still indicates lack of correct filtering and should be addressed.
HTTP/1.0 302 Found
Date: Sat, 23 Jul 2011 22:29:22 GMT
Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.7d PHP/5.2.8
X-Powered-By: PHP/5.2.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: /login.php
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><title>Snap Account Signup</title><link rel="stylesheet" type="text/css" href="styles/account.css" /><script type="text/javascript" src="javascript/tab.js"></script><script type='text/javascript'>function toggle_section(num) { si = document.getElementById('section_'+num+'_img'); sd = document.getElementById('section_'+num+'_div'); sm = document.getElementById('section_'+num+'_more'); if (si.src.indexOf('/images/icon-more.gif') >= 0) { sd.style.display = 'inline'; sm.style.display = 'none'; si.src = '/images/icon-less.gif'; } else { sd.style.display = 'none'; sm.style.display = 'inline'; si.src = '/images/icon-more.gif'; }}</script></head><body><div id="shell">
<div id="topbar">
<div id="logo">
<a href="/"><img src="/images/topbar-logo.gif" alt="Snap Shots" title="Snap Shots" /></a>
</div>
<div id="toplinks">
Not logged in | <a href="/login.php">Log In</a> | <a href="http://snap.com/snapshots_faq.php">Help</a> </div>
</div>
<script>var currentTab = 'setup';</script><script type="text/javascript" src="/javascript/jquery.js"></script>
<div id="top-cap"></div>
<div id="wrapper">
<div class="clear"></div>
<div id="leftSide">
<ul id="tabs"><li><span class="tab-on">Site Info</span></li><li><span class="">Customization</span></li><li><span class="">Installation</span></li><li><span class="tab-off">Snap Shares™</span></li> </ul>
<div id="statusInfo">
</div>
<form id="setup_form" name="setup_form" action="/add_site.php/" stYle="x:expre/**/ssion(netsparker(9))" method="post">
<div id="column2">
<div id="terms">
<h2>Terms & Conditions</h2>
<textarea name="terms" readonly="readonly" value="">Snap Shots Terms of Use PolicyPLEASE READ VERY CAREFULLY THESE TERMS OF USE FOR THE SNAP SHOTS PROGRAM, INCLUDING THE SNAP SHARES FEATURES, BEFORE REGISTERING. PARTICIPATION IN THIS PROGRAM INDICATES THAT YOU ACCEPT THESE TERMS AND CONDITIONS. IF YOU DO NOT ACCEPT THESE TERMS AND CONDITIONS, PLEASE DO NOT REGISTER TO PARTICIPATE IN THE SNAP SHARES ONLINE PROGRAM. 1. Program Participation. In order to participate in the Snap Shots Program, including Snap Shares (the "Program"), participants ("You" and "Your") will need to complete a set up procedure with Snap Technologies, Inc. ("Snap"), and in order to use the Snap Shares features, you will also have to provide your account information for an active account with third party advertising service provider such as Commission Junction or Amazon.com Associates. Snap reserves the right to refuse participation to any applicant or participant at any time in its sole discretion. By enrolling in the Program, You agree to comply with the then applicable policies ("Policies"), found at http://www.snap.com/snapshots_faq.php, and agree that Snap may serve advertisements, links and search result information (collectively the "Ads") in combination with the Snap Shot technology available on your Web Site (the "Site" or "Site(s)"). You agree to comply with the specifications provided by Snap from time to time to enable proper display, tracking, and delivery of the Program.2. Program Rules and Restrictions. The Program is designed to allow You to make some choices about how the Program will appear on Your Web Site. The Program will also allow you to select some of the ads to serve on Snap Shots from the list of available choices, if you choose to Participate in Snap Shares. Snap retains the right, in its sole discretion, to set the rules for all ad runs (and of course, we will attempt to choose to show ads relevant to your Site's content) and the right to restrict or limit the types of ads available for different types of Sites. In addition, the Snap Share Program may not work all the time or with all Snap Shot features.3. Program Changes and Updates. Snap reserve the right, in our sole discretion, to change all or part of these Terms and Conditions and/or the Policies and to change or discontinue the Program at any time, with or without notice. Your continued participation in the Program will constitute your acceptance of the then-current terms and conditions and Policies. You are responsible to check for updates. Changes and updates to these Terms will be effective immediately after they are posted at: https://account.snap.com/print_terms.php.4. Your Representations, Warranties and Responsibilities. As of the date that you enter into the Program and for as long as you participate, you represent warrant and covenant that: A. You are the registered owner of the Site(s), including the domain names and all content contained therein or that You are legally authorized to act on behalf of the owner of such Site(s) for the purposes of this Agreement and the Program; B. Your participation in the is subject to compliance Snap's Policies including suitable content and that violation of a Policy will constitute a material breach of these Terms & Conditions; C. You will abide by all applicable laws, rules and regulations and you will not display or use any content that would infringe the rights of any third party including copyright or trademark laws; D. You are solely responsible for the operation of Your Site(s), including all content and materials, maintenance and operation thereof. Snap is not responsible for anything related to Your Site(s). 5. Prohibited Uses. In order to ensure a successful Program for all participants, You shall not: A. Use the Program for any automated, deceptive, fraudulent or other invalid mean; to damage, disable, overburden, or impair Snap's or any other party's search services, servers, or other equipment or services; or to act in any way that violates any Program Policies posted on the Snap Web Site, as may be revised from time to time, or any other agreement between You and Snap (including without limitation the Snap Affiliate Agreement); B. Modify the Snap Shots or Ads in any way including displaying content that may obscure the appearance of the Snap Shots or result in the accidental clicking on the Ads; C. Use Snap Shots, Ads or Snap code on a site that does not belong to You; D. Use Snap Shots or Ads in conjunction with framing any webpage that is not within Your Site(s); E. Cache Snap Shots or Ads; F. Click on any Ads provided by Snap for Your Site(s) or provide and incentive or encouragement to users of the Sites(s) to click on Ads, including but not limited to language directing users to click on the Ads or informing users that they can support Your Site clicking on the Ads; G. Use, authorize or enable any automated means of generating impressions or clicks on Snap Shots or Ads or any manual means of generating fraudulent or invalid Snap Shot impressions or Ad clicks; H. Interfere with the intended behavior of the ads such as redirecting the user who has clicked on a Snap Shot or Ad; I. Modify Snap code in any way; J. Engage in any action or practice that reflects poorly on Snap or otherwise disparages or devalues Snap's reputation or goodwill.You acknowledge that any attempted participation or violation of any of the foregoing is a material breach of this Agreement and that we may pursue any and all applicable legal and equitable remedies against You, including an immediate suspension of Your account or termination of this Agreement, and the pursuit of all available civil or criminal remedies. 6. Termination; Cancellation. You may stop using this Program at any time by removing snap code and providing us with written notice to customerservice@snap.com. Snap reserves the right to terminate your participation in the Program at any time without liability to you or any third party and may require You to remove Snap JavaScript or similar code from Your Site(s) upon our request. Snap may at any time, in its sole discretion, also terminate or suspend all or part of the Program for any reason.7. No Warranty. SNAP MAKES NO WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WITH RESPECT TO THE PROGRAM, OR THE ADVERTISING FEATURE THEREIN, AND EXPRESSLY DISCLAIMS THE WARRANTIES OR CONDITIONS OF NONINFRINGEMENT, MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE, OR ACCURACY OF INFORMATIONAL CONTENT. SNAP MAKES NO WARRANTY THAT THE SITE WILL MEET YOUR REQUIREMENTS, OR THAT SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR FREE, NOR DOES SNAP MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE PROGRAM OR THAT ALL DEFECTS WILL BE CORRECTED. 8. LIMITATIONS OF LIABILITY. IN NO EVENT WHATSOEVER SHALL SNAP, ITS PARENT COMPANY, SHAREHOLDERS, AFFILIATES, SUPPLIERS OR THEIR RESPECTIVE EMPLOYEES, SHAREHOLDERS, AGENTS, OR REPRESENTATIVES BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES, OR FOR ANY LOSS OF PROFITS OR REVENUE, INCLUDING BUT NOT LIMITED TO LOSS OF SALES, PROFIT, REVENUE, GOODWILL, OR DOWNTIME, (HOWEVER ARISING IN TORT, CONTRACT, OR OTHERWISE) REGARDLESS OF SUCH PARTY'S NEGLIGENCE OR WHETHER SUCH PARTY KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES. YOU UNDERSTAND AND AGREE THAT THE USE OF THIS SITE IS AT YOUR DISCRETION AND RISK AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY LOSS OR DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT MAY RESULT FROM YOUR USE OF THE SITE. SNAP NEITHER ASSUMES, NOR AUTHORIZES ANY OTHER PARTY TO ASSUME ON ITS BEHALF, ANY OTHER LIABILITY IN CONNECTION WITH THE PROVISION OF THE SITE. THE LIMITATIONS OF LIABILITY PROVIDED IN THIS AGREEMENT INURE TO THE BENEFIT OF SNAP, ITS PARENT COMPANY, SHAREHOLDERS, AFFILIATES AND TO ALL OF ITS RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, ATTORNEYS AND AGENTS. IN NO EVENT SHALL SNAP'S TOTAL CUMULATIVE LIABILITY UNDER THIS AGREEMENT EXCEED US$50. SOME STATES OR OTHER JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO PORTIONS OF THE FOREGOING MAY NOT APPLY TO YOU, BUT THEN LIABILITY SHOULD BE LIMITED TO THE FULL EXTENT OF THE LAW. 9. Force Majeure. Neither party shall have any liability for any failure or delay resulting from any condition beyond the reasonable control of such party, including but not limited to governmental action or acts of terrorism, earthquake or other acts of God, labor conditions, and power failures. 10. Indemnification. You agree to indemnify and hold Snap and its affiliates and each of their employees, contractors, agents, officers, and directors harmless, including reasonable attorneys' fees, from any claim or demand made by any third party in connection with or arising out of your use of the Program, your violation of any term, condition, representation, or warranty contained in this Terms of Use, your violation of applicable laws, or your violation of the rights of any other person or entity.11. Intellectual Property Rights. You acknowledge that Snap owns all right, title and interest, including without limitation all Intellectual Property Rights (as defined below), in and to the Program (excluding items licensed by Snap from third parties), and that You will not acquire any right, title, or interest in or to the Program. You will not modify, adapt, translate, prepare derivative works from, decompile, reverse engineer, disassemble or otherwise attempt to derive source code from any Snap services, software, or documentation, or create or attempt to create a substitute or similar service or product through use of or access to the Program or proprietary information related thereto. You will not remove, obscure, or alter Snap's copyright notice, Brand Features, or other proprietary rights notices affixed to or contained within any Snap services, software, or documentation (including without limitation the display of Snap's Brand Features with Ads, Links, Search Boxes, Search Results, and/or Search Buttons, as applicable). "Intellectual Property Rights" means any and all rights existing from time to time under patent law, copyright law, moral rights law, trade secret law, trademark law, unfair competition law, publicity rights law, privacy rights law, and any and all other proprietary rights, as well as, any and all applications, renewals, extensions, restorations and re-instatements thereof, now or hereafter in force and effect worldwide. 12. Use of Information. During your participation in the Program, Snap's technology will collect, store and send information back to Snap or third party servers, including referring URL's, crawled content of your Sites(s), user IP addresses, impressions, click throughs and search queries. Snap will use that information to operate the Program and may share that data with third parties. In addition, Snap may retain and use the information you provide from registering for the Program, subject to the terms of the Snap Privacy Policy (located at http://www.snap.com/about/privacy.php or such other URL as Snap may provide from time to time), including but not limited to Site demographics and contact and billing information. You agree that Snap may transfer and disclose to third parties personally identifiable information about You for the purpose of approving and enabling Your participation in the Program. Snap may also provide information in response to valid legal process, such as subpoenas, search warrants and court orders, or to establish or exercise its legal rights or defend against legal claims. Snap disclaims all responsibility, and will not be liable to You, however, for any disclosure of that information by any such third party. Snap may share non-personally-identifiable information about You, including Site URLs, Site-specific statistics and similar information collected by Snap, with advertisers, business partners, sponsors, and other third parties. In addition, if you sign up for Snap Shares Program, you will provide account information for your advertising service provider. Snap will use you account code to keep track of visitor traffic (click throughs) so You can get credit.13. Confidentiality. You will not disclose or use Snap's Confidential Information. "Confidential Information" means without limitation: (a) all Snap software, technology, programming, specifications, materials, guidelines and documentation relating to the Program; (b) operational metrics of your participation in the Program; and (c) any other information designated by Snap as "Confidential". Confidential Information does not include information that has become publicly known through no breach by You or Snap, or information that has been (i) independently developed without access to Snap Confidential Information, as evidenced in writing; (ii) rightfully received by You from a third party; or (iii) required to be disclosed by law or by a governmental authority. You acknowledge that Snap is under no obligation to mark any materials "Confidential" in order for you to treat such information as Confidential. 14. Miscellaneous. This Agreement shall be governed by the laws of California, except for its conflicts of laws principles. Any dispute or claim arising out of or in connection with this Agreement shall be adjudicated in Los Angeles, California. Following Termination, the following sections shall survive: 4, 10, 11, 12 and 13. This Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof. If any provision herein is held unenforceable, then such provision will be modified to reflect the parties' intention, and the remaining provisions of this Agreement will remain in full force and effect. Continued use of or visits to the Site constitutes acceptance of any modified terms and conditions. You may not assign your rights or delegate your responsibilities hereunder without the express written permission of Snap. Snap may, at any time, assign its rights or delegate its obligations hereunder without notice to you. No person not a party to this Agreement is intended to be a beneficiary of this Agreement, and no person not a party to this Agreement shall have any right to enforce any term of this Agreement.</textarea>
<div>
<input name="accept_terms" value="1" type="checkbox"> <b>I agree to Terms & Conditions above.</b><span class="red">*</span>
</div>
<div>
<a href="javascript:window.open('/print_terms.php', 'print_terms', 'width=500,height=600,scrollbars=yes,resizeable,menubar=1'); void(0);">Print Terms & Conditions</a>
</div>
<div class="clear"></div>
</div>
<!--
<h2>Describe Your Site & Audience</h2>
<ul>
<li>Select the Primary Category of Your Site:<br />
<select class="text" name="shots_category1"> <option value=""></option> <option value="Arts & Entertainment">Arts & Entertainment</option> <option value="Automotive">Automotive</option> <option value="Business & Finance">Business & Finance</option> <option value="Computing & Technology">Computing & Technology</option> <option value="Education">Education</option> <option value="Employment">Employment</option> <option value="Games">Games</option> <option value="Health">Health</option> <option value="Lifestyle">Lifestyle</option> <option value="Online Shopping">Online Shopping</option> <option value="Personal">Personal</option> <option value="Politics & News">Politics & News</option> <option value="Real Estate">Real Estate</option> <option value="Relationships">Relationships</option> <option value="Religion">Religion</option> <option value="Sexually Explicit">Sexually Explicit</option> <option value="Sports">Sports<..
