CNN.com - Breaking News, U.S., World, Weather, Entertainment & Video News

+*-,+*-,+*-,+*-,+*-,+*-,++*-,/+*-,=+*-,+*-,+*-,+*-,www.cnn.com+*-,+*-,/+*-,+*-,+*-,+*-,+*-,+*-,+*-,+*-,http://www.cnn.com/+*-,200+*-,OK+*-,255.255.255.255+*-,4294967295+*-,%FF%FF%FF%FF+*-,0377.0377.0377.0377+*-,42+*-,#+*-,web app security+*-,*+*-,+*-,+*-,+*-,+*-,+*-,+*-,+*-,+*-,+*-,+*-,+*-,+*-,Enumeration+*-,Examine Source Code+*-,Hostnames+*-,+*-,Inject this string, and in most cases where a script is vulnerable with no special XSS vector requirements the word "XSS" will pop up.+*-,+*-,%3cscript%3ealert('xss')%3c/script%3e+*-,Host: www.cnn.com User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0 Accept-Encoding: gzip Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Connection: keep-alive +*-,+*-,Date: Thu, 16 Nov 2006 17:55:32 GMT Server: Apache Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=60, private Expires: Thu, 16 Nov 2006 17:56:25 GMT Content-Length: 19667 Content-Type: text/html Keep-Alive: timeout=5, max=1024 Connection: Keep-Alive +*-,CNN.com - Breaking News, U.S., World, Weather, Entertainment & Video News

UPDATED: 12:54 p.m. EST, November 16, 2006

Make CNN Your Home Page

Pelosi wins then loses

From left: Pelosi, Murtha and Hoyer

Pelosi wins then loses

California Rep. Nancy Pelosi will be the first woman speaker of the House, after winning a unanimous vote among her Democrat colleagues. But Pelosi saw John Murtha -- her pick for majority leader -- lose out to Steny Hoyer in the race to become the powerful deputy.

• The Ticker: Hoyer beats out Murtha for No. 2

• Audio Slide Show: What's next for Democrats


		Is severe weather happening near you?
		Best of I-Report? You decide.

Most read stories. Updated every 20 minutes. View Details

1. No order in this court (:44)

From affiliate WYTV: A family beats up an accused murderer in an Ohio courtroom (November 16)

2. Smith wins 'Dancing with the Stars' ... (2:41)

Emmitt Smith and his partner Cheryl Burke are the winners of ABC's 'Dancing with the Stars.' (November 16)

3. Sexiest politician (2:28)

CNN's Jeanne Moos hit the street to get nominations for the sexiest politician alive. (November 15)

4. Hamas trains new army (3:08)

CNN's Ben Wedeman visits a training camp for a new Hamas fighting force. (November 15)

More most watched video. Updated every 2 hours.

More CNN.com video | Browse player

Neanderthal DNA unlocked (3:35)

Scientists in Germany say they've cracked the Neanderthal genetic code. ITN's Tom Clarke reports. (Novembe ...

Couple can't smoke in home (1:14)

A Colorado couple is no longer allowed to smoke in their own house. KDVR's Heidi Hemmat reports. (November 16)

Michael Jackson back on stage (1:24)

Michael Jackson took the stage at the World Music Awards in London. CNN's Mallika Kapur reports. (November 16)

Waived consent controversy (3:53)

CNN's Dr. Sanjay Gupta reports on a rarely-used clinical testing rule for emergencies. (November 16)

Now In The News (Updated: 12:19 p.m. ET)

Your quick news update

360° Blog: U.S. man sues Rumsfeld for Iraq jail time
Gallery: Tin artists show off what they can do
Lou Dobbs: I'm a populist, deal with it

Get Podcasts | Listen to CNN Radio for updates from around the world

House Dems Select Leadership

House Democrats speak to reporters after selecting their new leadership team.

Senate Debate

Senators meet for a lame-duck session before Democrats take power in January.

UN General Assembly

Members of the United Nations meet in New York for the General Assembly.

Indiana Chemical Leak

Interstate 65 near Lowell, IN, is closed while authorities neutralize a chemical leak.

Live Video

Move beyond free video

12,283.72
+ 32.01

2,444.12
+ 1.37

1,400.37
+ 3.80

Updated: 12:35 p.m. ET, Nov 16

sponsored by:


	RATING THE TUNES Time.com: The all-TIME 100 albums See if you agree with TIME's list of the greatest and most influential records ever			BREAKING ONION NEWS Satire: Laid-off autoworker optimistic Former Ford employee decides to start his own car company, reports The Onion

Section Page Video Local News Northeast West South Midwest Southwest Central • Tornado kills 5 in North Carolina • 2 killed, 3 hurt in Detroit shooting spree • Fiery chain-reaction crash kills one, closes interstate		Section Page Video CNN.com International Edition • 9/11 hijackers' friend guilty of aiding murder • Kabila named winner of Congo vote • Pakistan spares death row Briton
Section Page Video Business 2.0 Fortune • U.S.: Web 1 percent porn • TiVo stretching into the Internet		Section Page Video EntertainmentWeekly.com • The funniest magazine of its time • 'Borat' actor defends his creation
Section Page Video Cartoons TIME • Ex-Wisconsin governor to explore White House bid • Bush warns North Korea not to export nukes		Section Page Video • Deadly arson suspect says he just watched wildfire • Trash collector guilty of murdering fashion writer
Section Page Video Health Library Healthology • A prescription for happiness • Tips for Thursday's Great American Smokeout		Section Page Video • Neanderthal bone gives DNA clues • Small tsunami hits northern Japan
Section Page Weather Forecast • Public to choose new seven wonders of the world • Mount Vernon provides new look at first president		Section Page with CNN Student News • Report: Urban students do worse on science test • 21st century schools: Beyond the three R's
SI.com Home Page Video • Ten NFL guys who need to get lost ... now • Ranking the 10 best Michigan-Ohio St. duels		CNNMoney.com Home Page Video • Gas drop puts inflation on the ropes • Wrecking-ball bait: 5 teardowns

Subscribe • Under Fire on Iraq • What Trent Lott Brings to the Party		Free Screensaver • The Beat: Is Jessica Simpson interested in Tony Romo? • Celebrities scrambling for tickets to Ohio St.-Michigan game
Subscribe • TV Watch: ''Dancing With the Stars'' finale • Luke & Laura, and other huge watercooler moments		Subscribe • Designing the cubicle of tomorrow • 5 gifts at the best prices at 5 big retailers you can't avoid

Nicole Simpson's family reacts to O.J. Simpson's bone-chilling new book and upcoming interview. Should he profit from her death?

PEP TALK

Fighting funk and fatigue

How to put the bounce back in your step when your energy is zapped

FRIENDS, FAMILY AND FOOD

Time to give thanks

Who and what are you grateful for this Thanksgiving? And what's on your menu?

OH DEER!

In search of doe

A deer breaks into a bank and leaves behind all the signs of a crime

International Edition

CNN International

Advertise with Us

© 2006 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us.

SERVICES » Emails RSS

CNNtoGo CNN Pipeline CNN Shop

External sites open in new window; not endorsed by CNN.com

Pay service with live and archived video. Learn more

© 2006 BigCharts.com Inc. All rights reserved. Please see our Terms of Use.
MarketWatch, the MarketWatch logo, and BigCharts are registered trademarks of MarketWatch, Inc.
Intraday data is at least 15-minutes delayed. All Times are ET.
Intraday data provided by ComStock, an Interactive Data Company and subject to the Terms of Use. Historical, current end-of-day data, and splits data provided by FT Interactive Data.

+*-,notes go here+*-,##########################################+*-,Cross Site Scripting (XSS) attacks an application's users instead of the application itself. It is caused by the failure of an application to validate output before returning it to the client's web browser. Allows attacker-controlled HTML to be inserted into the vulnerable page. Attackers may use this technique to steal valuable information (usernames, passwords, billing info, cookie data etc.) from unsuspecting site users.+*-,Insert scripting elements into all application input parameters: Did the application allow the scripts? If yes, were the scripts embedded in the app response and executed? If no, what was the response?+*-,Your results here+*-,www.yahoo.com+*-,