MemeStreams | On the Yin and the Yang

acidus@reload dist]$ java -jar XSSScanner.jar http://zero.webappsecurity.com
--
Crawling...
---
Done (200 OK: 20 404 Not Found: 5)
Checking "http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess
&templateName=prod_sel.forte&source=Freebank
&AD_REFERRING_URL=http://www.Freebank.com"

Using tracer:XSSTracer7699183
checking param "serviceName"
checking param "templateName"
checking param "source"
checking param "AD_REFERRING_URL"
Checking "http://zero.webappsecurity.com/plink.asp?a=b&c=12"
Using tracer:XSSTracer17510567
checking param "a"

*** FOUND TRACER using param "a" in "http://zero.webappsecurity.com/plink.asp?a=XSSTracer17510567&c=12"

checking param "c"

*** FOUND TRACER using param "c" in "http://zero.webappsecurity.com/plink.asp?a=b&c=XSSTracer17510567"

Checking "http://zero.webappsecurity.com/banklogin.asp?err=Invalid+Login:"
Using tracer:XSSTracer27744459
checking param "err"

*** FOUND TRACER using param "err" in "http://zero.webappsecurity.com/banklogin.asp?err=XSSTracer27744459"

---
3 XSS Holes found.
3 unflitered params found
1 vuln form found
--

[acidus@reload dist]$