Code still active: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fconhecendooceara.com.br%2Ffuck.php
Another insecurity: HTTP only cookies: Warning
Requested URL:
http://conhecendooceara.com.br/ | Response URL:
http://conhecendooceara.com.br/ | Page title: Conhecendo o Ceará | HTTP status code: 200 (OK) | Response size: 56,661 bytes (gzip'd) | Duration: 4,046 ms
Overview
Cookies not flagged as "HttpOnly" may be read by client side script and are at risk of being interpreted by a cross site scripting (XSS) attack. Whilst there are times where a cookie set by the server may be legitimately read by client script, most times the "HttpOnly" flag is missing it is due to oversight rather than by design.
Result
It looks like 2 cookies are being set without the "HttpOnly" flag being set (name : value):
PHPSESSID : t982cqg8sbk56jue2k0djvfad6
qtrans_cookie_test : 1
Unless the cookie legitimately needs to be read by JavaScript on the client, the "HttpOnly" flag should always be set to ensure it cannot be read by the client and used in an XSS attack.
polonus